1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
From ca5b0e7e4d41d93483427390d6d5e031b0b7c6af Mon Sep 17 00:00:00 2001
From: Joachim Falk <joachim.falk@gmx.de>
Date: Mon, 5 Dec 2022 15:52:53 -0500
Subject: [PATCH] auth-rpcgss-module.service: Don't fail inside linux
container.
Only try to load the auth_rpcgss kernel module if we are not executing
inside a Linux container. Otherwise, the auth-rpcgss-module service will
fail inside a Linux container as the loading of kernel modules is
forbidden for the container. Thus, the "/sbin/modprobe -q auth_rpcgss"
call will fail even if the auth_rpcgss kernel module is already loaded.
This situation occurs when the container host has already loaded the
auth_rpcgss kernel module to enable kerberized NFS service for its
containers. This behavior has been tested with kmod up to version
30+20220630-3 (current in bookworm as of 2022-09-20).
Bug-Debian: http://bugs.debian.org/985000
Discussion-Debian: https://salsa.debian.org/kernel-team/nfs-utils/-/merge_requests/7
Signed-off-by: Joachim Falk <joachim.falk@gmx.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
systemd/auth-rpcgss-module.service | 1 +
1 file changed, 1 insertion(+)
diff --git a/systemd/auth-rpcgss-module.service b/systemd/auth-rpcgss-module.service
index 4548283377d0..25c9de8088fc 100644
--- a/systemd/auth-rpcgss-module.service
+++ b/systemd/auth-rpcgss-module.service
@@ -10,6 +10,7 @@ DefaultDependencies=no
Before=gssproxy.service rpc-svcgssd.service rpc-gssd.service
Wants=gssproxy.service rpc-svcgssd.service rpc-gssd.service
ConditionPathExists=/etc/krb5.keytab
+ConditionVirtualization=!container
[Service]
Type=oneshot
--
2.38.1
|
