[linux-cifs-client] CIFS and Namespaces (pam_namespace.so)

Wilhelm Meier wilhelm.meier at fh-kl.de
Tue Dec 18 13:00:10 GMT 2007


Am Montag, 17. Dezember 2007 schrieb Jeff Layton:
> On Mon, 17 Dec 2007 20:42:27 +0100
>
> Wilhelm Meier <wilhelm.meier at fh-kl.de> wrote:
> > Am Montag, 17. Dezember 2007 schrieben Sie:
> > > On Mon, 17 Dec 2007 15:52:00 +0100
> > >
> > > Wilhelm Meier <wilhelm.meier at fh-kl.de> wrote:
> > > > Hi,
> > > >
> > > > I'm trying to use cifs-mounts and namespaces together. I set
> > > > up an client machine which mounts user-homes and public
> > > > directories, e.d.
> > > >
> > > > /home/tester (is mounted from //server/homes/tester,
> > > > uid=tester)
> > > >
> > > > /var/lib/cifs/public_inst/tester (is mounted from
> > > > //server/public, uid=tester)
> > > >
> > > > and with pam_namespace.so
> > > >
> > > > /home/public is bind-mounted from
> > > > /var/lib/cifs/public_inst/tester in the new namespace.
> > > >
> > > > If I try this with an additional uses (replace tester with
> > > > tester2 in the aboce example) simultaneously on the same
> > > > machine, I got
> > > >
> > > > CIFS VFS: cifs_mount failed w/return code = -13
> > > >
> > > > Any hints?
> > >
> > > Are you using signatures?
> >
> > No.
>
> Then disabling them probably won't help, but it might be worth a
> shot...
>
> > > I've been working some with kerberos
> > > mounts today and have found that CIFS tries to share TCP
> > > sessions between users, but that doesn't seem to be working
> > > well with signatures enabled (you need different signing keys,
> > > etc).
> >
> > This might be a problem due to the different namespaces ...
>
> Possibly, but I tend to think that the namespace thing is pretty
> orthogonal to the inner workings of CIFS.
>
> > > You may
> > > want to try disabling signatures and see if that works around
> > > the problem.
> >
> > How do I do that?
>
> Presuming that you're using the default value for SecurityFlags:
>
> echo 0x6 > /proc/fs/cifs/SecurityFlags
>
> ...should disable them and leave the other settings intact.

ok, thank you.

But the probelm remains: the first mount for the first user on the 
machine is ok (before the first namespace-operation takes place). All 
cifs-mounts afterwards fail.

>
> SecurityFlags is a bitmask, and the meaning of it is in the README
> file in the fs/cifs dir in the kernel source tree.

ok, found it.

>
> Note that many servers require signatures so you may need to
> disable that requirement server-side as well.

Its samba without any special flags in smb.conf, so signing is off I 
think.

Can you give me any further hints where to start to investigate the 
problem further?

-- 
Wilhelm


More information about the linux-cifs-client mailing list