Issued:
2021-04-29
Updated:
2021-04-29

RHBA-2021:1463 - nfs-ganesha bug fix and enhancement update

Synopsis

nfs-ganesha bug fix and enhancement update

Type/Severity

Bug Fix Advisory None

Topic

Updated nfs-ganesha packages that fix several bugs and adds various enhancements are now available for Red Hat Gluster Storage 3.5 on Red Hat Enterprise Linux 8.

Description

Red Hat Gluster Storage is software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges.

This advisory fixes the following bugs:

  • Previously, applications based on gfapi such as, gluster-block or samba malfunctioned or crashed in some cases due to a memory corruption bug. With this update, this issue is resolved. (BZ#1725716)

  • With this update,ganesha.nfsd can be run as a non-root user. Running as a non- root user, ensures less vulnerability to privilege escalation attacks. Additionally, container frameworks prefer to run daemons as non-root. (BZ#1439117)

  • Previously, the local RPCBIND service got stuck as the connected sockets were not closed properly and hence caused failures. With this update, the sockets are closing properly when not needed and the system works as expected. (BZ#1898998)

  • The nfs-ganesha package has been upgraded to upstream version 3.4, which provides a number of bug fixes and enhancements over the previous version, for better performance and greater stability. (BZ#1769357)

  • Previously, NFSV3 UDP client mounts failed due to incorrect source address in the mount reply as controlmsg and pktinfo were truncated in rcvmsg(2). With this update, the handling of controlmsg is revised and the correct source address is now returned in the mount reply. (BZ#1843921)

  • Previously, ganesha crashed due to certain NFSv3 locking operations. With this update, locking works correctly as the Refcount bug is fixed. (BZ#1901599)

  • Previously, running ganesha.nfsd as a non root user resulted in attempts to create files(extracted from the tar file) or delete files that resulted in permission denied errors. NFS wire credentials were not being set in the lookup op ((FSAL_GLUSTER's lookup()); i.e. the wrong credentials like uid and gid were used to access files. With this update, ganesha.nfsd can be run as a non root user, and NFS clients can create and delete files. (BZ#1926133)

  • Previously, ganesha.nfsd process got terminated because a new SELinux in RHEL8 triggered an AVC denial for the /var/lib/nfs symlink. The /var/lib/nfs directory was replaced by ganesha HA setup with a symlink to a directory on the gluster-shared-storage volume. With this update, an additional SELinux policy has been added to enable reading the symlink. As a result, ganesha.nfsd is now allowed to run. (BZ#1938050)

Users of nfs-ganesha with Red Hat Gluster Storage are advised to upgrade to these updated packages.

Solution

Before applying this update, make sure all previously released erratas that are relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

ProductVersionArch
Red Hat Gluster Storage Server for On-premise3x86_64

Updated Packages

  • libntirpc-3.4-2.el8rhgs.x86_64.rpm
  • libntirpc-3.4-2.el8rhgs.src.rpm
  • libntirpc-devel-3.4-2.el8rhgs.x86_64.rpm
  • nfs-ganesha-3.4-3.el8rhgs.src.rpm
  • nfs-ganesha-gluster-3.4-3.el8rhgs.x86_64.rpm
  • libntirpc-debugsource-3.4-2.el8rhgs.x86_64.rpm
  • nfs-ganesha-selinux-3.4-3.el8rhgs.noarch.rpm
  • libntirpc-debuginfo-3.4-2.el8rhgs.x86_64.rpm
  • nfs-ganesha-gluster-debuginfo-3.4-3.el8rhgs.x86_64.rpm
  • nfs-ganesha-3.4-3.el8rhgs.x86_64.rpm
  • nfs-ganesha-debuginfo-3.4-3.el8rhgs.x86_64.rpm
  • nfs-ganesha-debugsource-3.4-3.el8rhgs.x86_64.rpm

Fixes

CVEs

(none)

References

(none)

Additional information