View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0003840||CentOS-5||kernel||public||2009-09-16 14:39||2009-10-31 19:11|
|Target Version||Fixed in Version|
|Summary||0003840: No login from nfs4 client with kernel 2.6.18-164.el5|
since kernel 2.6.18-164.el5 no user could login with gdm any more from nfs client into his (kde) home directory on nfs server. The kde error message is:
"The following installation problem was detected while trying to start
Writing to $HOME directory (/home/<USER>) failed with the
error 'Permission denied'
KDE is unable to start."
Login on console (no xserver running) works without problems. startx from console also doesn't work for kde.
/home is exported with nfs4 (gss/krb5), the password is delivered by
nis. Everything works fine if I reboot the nfs server into the previous
kernel 2.6.18-128.7.1.el5. Then it is completely irrelevant which
kernel version the client has. So /home export by nfs4 works for client
with kernel versions 2.6.18-164.el5 and 2.6.18-128.7.1.el5.
|Additional Information||If the nfs server runs under kernel 2.6.18-164.el5, the error messages|
for the user login process are (names for user, client and domain are
Sep 16 15:54:13 <NFS_CLIENT> gdm:
run_session_child: »~/.xsession-errors« konnte nicht geöffnet werden
Sep 16 15:55:02 <NFS_CLIENT> ntpd: synchronized to 192.168.0.1,
Sep 16 15:57:14 <NFS_CLIENT> gdm:
run_session_child: »~/.xsession-errors« konnte nicht geöffnet werden
Sep 16 15:57:14 <NFS_CLIENT> gdm: pam_unix(gdm:session): session
opened for user <USER> by (uid=0)
Sep 16 15:57:14 <NFS_CLIENT> sudo: pam_unix(sudo:auth): authentication
failure; logname= uid=0 euid=0 tty= ruser= rhost= user=<USER>
Sep 16 15:57:14 <NFS_CLIENT> sudo: pam_krb5: authentication fails
for '<USER>' (<USER>@<DOMAIN>): Authentication failure (Decrypt
integrity check failed)
Strange files under /home/$USER:
---xrw--wT 1 <USER> <USER> 0 Jan 17 2038 SskWxq
---------- 1 <USER> <USER> 0 Jan 17 2038 .xsession-errors
The following user processes are running on login error:
|Tags||No tags attached.|
One thing to remember is that we are releasing this kernel early, but it is built against the 5.4 tree and not the 5.3 tree, so there may some irregularities until we get the full 5.4 tree released.
We did QA test this kernel against the 5.3 tree, but we did not test that aspect of it.
This may clear up after the entire 5.4 tree is released, please let us know if this works after the 5.4 release.
Since this kernel was also a security release, we wanted to get it out while the rest of the 5.4 tree is in testing.
This is a major bug on the kernel code for nfs in the 5.4 release kernel from Red Hat. Please take a look at:
Hopefully this can be patched for the CentOS 2.6.18-164.el5 prior to release.
If you try to use vi or some other program that uses the O_EXCL flag in open(2), you will see the problem.
The problem only affects the kernel on the Server. So if you have the server kernel patched, the clients can still have the unpatched kernel and things will work correctly.
the upstream bug current status is most troubling, and the centos team do not have a RHN account to do the suggested:
------- Comment #21 From Jeff Layton (email@example.com) 2009-09-17 08:04:14 EDT (-) [reply] -------
(In reply to comment #19)
> This does not make any sense, RHEL5.5 is months away, and this is a major flaw
> that will prevent anybody from using the kernel in 5.4 as an nfs server. Are
> you not planning to release an updated kernel for 5.4 with the nfs fixes before
I'm not opposed to seeing this fix ship sooner, but in order for that to happen
someone will need to open a support case and request a more immediate fix. If
you do so, please be sure to reference this BZ so that the support folks know
that this is a known problem and that there is a patch that seems to fix it.
It seems like a no brainer that they would do this in house, but it is their support operation and bugzilla to run as they wish. If you know someone with a RHN account with support entitlements, ...
As to a local patch in the [base] or [updates] streams -- I cannot see that CentOS would do that as it is too central -- perhaps CentOS Plus if Red Hat does not issue a repaired kernel ...
-- Russ herrold
>As to a local patch in the [base] or [updates] streams -- I cannot see
>that CentOS would do that as it is too central -- perhaps CentOS Plus
>if Red Hat does not issue a repaired kernel ...
I am building centosplus kernels with the patch as I type this. Also, CentOS used to provide distro kernels with patches from people.centos.org. Maybe this can be done for this bug?
are you reading my mind again?
If you (==CentOS) decide to offer the patched kernel somewhere, the cplus counterpart SRPM is ready in the usual place. So far, I have done a test-install on a 64-bit box.
|I have asked some people from my campus who have support contracts to open tickets and other people who have reached the bugzilla entry have also opened the support tickets for the same issue, hopefully this will make something happen for the official red hat kernel release for 5.4|
Not sure if CentOS is going to provide the kernel with the fix. In the meantime, anyone wishing to give the patched centosplus kernel a try can download it from:
The name is kernel-2.6.18-164.bz522163.el5.ayplus.
I am no longer able to access the upstream bugzilla at:
Does anyone know why they have made it private?
The bugzilla has been replaced by:
A kernel update for 5.4 is out. I have updated the centosplus kernel with the nfsv4 patch accordingly. It's in the same place as before but the name is now:
Would you be interested in the RH provided Hotfix kernel srpm? If so where would I be able to upload it? It is about 72MB in size...
Our guys with support contracts have received all the files as a hotfix kernel and the release to everyone will follow in the first week of november.
|Is it distributable (can be made public) ?|
|Hmmm that is a very good question, I think that it being a src.rpm it would fall between the lines of the GPL, wouldn't it? Isn't that how you guys compile all the CentOS stuff?|
rpm -qip kernel-2.6.18-164.3.1.el5.src.rpm
Name : kernel Relocations: (not relocatable)
Version : 2.6.18 Vendor: Red Hat, Inc.
Release : 164.3.1.el5 Build Date: Thu 01 Oct 2009 04:15:42 AM EDT
Install Date: (not installed) Build Host: ppc-004.build.bos.redhat.com
Group : System Environment/Kernel Source RPM: (none)
Size : 0 License: GPLv2
Signature : (none)
Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL : http://www.kernel.org/
Summary : The Linux kernel (the core of the Linux operating system)
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
|Well, the patch itself is publicly available and it's fairly trivial for anyone to apply it to the current kernel. In that sense, whether that hotfix is distributable may not be relevant because CentOS devs can build the patched kernel if they so wish. It's rather a question of whether or not they have the time and resources at this moment.|
|The patch referenced in this bug tracker is now in the centosplus kernel 2.6.18-164.2.1.el5.centos.plus.|
|2009-09-16 14:39||daily-planet||New Issue|
|2009-09-16 15:42||JohnnyHughes||Note Added: 0009916|
|2009-09-17 11:57||dijuremo||Note Added: 0009926|
|2009-09-17 17:00||herrold||Note Added: 0009930|
|2009-09-17 17:12||toracat||Note Added: 0009931|
|2009-09-17 18:33||herrold||Note Added: 0009932|
|2009-09-17 19:44||toracat||Note Added: 0009933|
|2009-09-17 20:06||dijuremo||Note Added: 0009934|
|2009-09-19 01:53||toracat||Note Added: 0009952|
|2009-09-19 01:56||toracat||Note Edited: 0009952|
|2009-09-22 16:54||toracat||Note Added: 0009968|
|2009-09-22 17:02||dijuremo||Note Added: 0009969|
|2009-09-30 19:23||toracat||Note Added: 0009995|
|2009-10-02 17:01||dijuremo||Note Added: 0010019|
|2009-10-02 17:04||toracat||Note Added: 0010020|
|2009-10-02 17:11||dijuremo||Note Added: 0010021|
|2009-10-02 17:16||dijuremo||Note Added: 0010022|
|2009-10-02 17:57||toracat||Note Added: 0010023|
|2009-10-31 19:11||toracat||Note Added: 0010226|