212145 – Host kerberos credential are used in container

Bug 212145 - Host kerberos credential are used in container

Summary: Host kerberos credential are used in container

Status:	NEW

Alias:	None

Product:	File System
Classification:	Unclassified
Component:	CIFS (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	fs_cifs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-03-09 02:50 UTC by Xiaoli Feng
Modified:	2021-03-09 03:02 UTC (History)
CC List:	0 users

See Also:
Kernel Version:	5.12.0-rc1+
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
tcpdump data (11.82 KB, application/vnd.tcpdump.pcap) 2021-03-09 03:02 UTC, Xiaoli Feng	Details
Add an attachment (proposed patch, testcase, etc.)

Description Xiaoli Feng 2021-03-09 02:50:17 UTC

Use podman to create two pod. One work as samba server. One work as client. Setup samba and kerberos in server. Then mount cifs in client. It's failed. But if execute kinit in host. Then mount successfully.


In container client:
[root@849a34460dc9 /]# uname -r
5.12.0-rc1+
[root@849a34460dc9 /]# kinit root
Password for root@RHQE.COM: 
[root@849a34460dc9 /]#
[root@849a34460dc9 /]# mount //b3472c982938/share1 -overs=3.11,sec=krb5 /mnt/cifsmp
mount error(126): Required key not available
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)

Then login into host and execute kinit

Host:
[root@kvm-04-guest06 ~]# kinit root
Password for root@RHQE.COM:
[root@kvm-04-guest06 ~]#

Back to container client:

[root@849a34460dc9 /]# mount //b3472c982938/share1 -overs=3.11,sec=krb5 /mnt/cifsmp
[root@849a34460dc9 /]#

Comment 1 Xiaoli Feng 2021-03-09 03:02:53 UTC

Created attachment 295759 [details]
tcpdump data

Note You need to log in before you can comment on or make changes to this bug.