Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Building kernel from different CPU
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
LIsLinuxIsSogood
Veteran
Veteran


Joined: 13 Feb 2016
Posts: 1179

PostPosted: Sat Nov 21, 2020 10:11 pm    Post subject: Building kernel from different CPU Reply with quote

Is it safe to build kernel sources on a different machine using nfs export of /usr/src/linux and running make on the nfs client machine?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21489

PostPosted: Sat Nov 21, 2020 11:49 pm    Post subject: Reply with quote

Yes, but it may not be as straightforward as you think. If you are trying to write the object files to the source directory (which you should not, but it seems like almost everybody does), then you will likely run into root squashing. When the root user on the client is squashed on the server, the NFS server treats the requests as by nfsnobody, who almost certainly lacks permission to write to your kernel source directory.

The simplest solution would be to use $KBUILD_OUTPUT and friends to redirect the object files to local storage where you have write permission, and leave the source on the server to be read over NFS.
Back to top
View user's profile Send private message
LIsLinuxIsSogood
Veteran
Veteran


Joined: 13 Feb 2016
Posts: 1179

PostPosted: Sun Nov 22, 2020 12:01 am    Post subject: Reply with quote

Why does root squashing on the server matter? After I build the kernel anyway only one file is going to be installed and the modules, could those just need to be chown afterwards on the server to root account? Would this also maybe be a an application for setting the NFS server to override this behavior so i do not root squash, and is that a bad idea?
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920

PostPosted: Sun Nov 22, 2020 12:38 am    Post subject: Reply with quote

Use $KBUILD_OUTPUT *and* don't build as root at all. root's only required for the `make modules_install install` command.
Back to top
View user's profile Send private message
LIsLinuxIsSogood
Veteran
Veteran


Joined: 13 Feb 2016
Posts: 1179

PostPosted: Sun Nov 22, 2020 1:42 am    Post subject: Reply with quote

I assume that by using the $KBUILD_OUTPUT variable that is accompanied by the more obvious suggestion to have a more secure settings for my NFS server, which currently looks like this:

# /etc/exports: NFS file systems being exported. See exports(5).
#User stuff - flip on/off the appropriate security level generally all of these should be disabled though
/exports *(fsid=0,sync,crossmnt,no_subtree_check,insecure)
/exports/gentooPortage *(insecure,ro,sync,no_subtree_check,no_root_squash)
/exports/gentooBinaryPackages *(insecure,rw,sync,no_subtree_check,no_root_squash)
/exports/gentooDistributionFiles *(insecure,rw,sync,no_subtree_check,no_root_squash)
/exports/gentooKernelSources *(insecure,rw,sync,no_subtree_check,no_root_squash)

How should I change these to improve things...I assume no no_root_squash to begin?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21489

PostPosted: Sun Nov 22, 2020 1:45 am    Post subject: Reply with quote

LIsLinuxIsSogood wrote:
Why does root squashing on the server matter? After I build the kernel anyway only one file is going to be installed and the modules, could those just need to be chown afterwards on the server to root account? Would this also maybe be a an application for setting the NFS server to override this behavior so i do not root squash, and is that a bad idea?
My prior post assumed, based on your question:
  • Kernel sources are on the NFS server.
  • Kernel build is done on the NFS client.
  • You might (or might not - I did discuss this point before) follow the common anti-pattern of building the object files in the same directory as the source files.
  • If you did build with source-directory = object-directory, then you would be writing the object files to the directory exported by the NFS server.
  • If the permissions on that directory are as standard, only root can write to it. Root squashing would mean the NFS client would effectively be requesting writes as nfsnobody, in which case your requests would be denied.
I generally discourage disabling root squashing. Disabling it can be appropriate in certain limited contexts, but I would argue against disabling it unless you can articulate why there are no better options.

Re-reading your question, one point that is unclear to me is whether you are doing this to build a kernel for the NFS client without installing sources there, or doing it to build a kernel for the NFS server without using the CPU/memory resources of the NFS server. Which are you trying to do?
Back to top
View user's profile Send private message
LIsLinuxIsSogood
Veteran
Veteran


Joined: 13 Feb 2016
Posts: 1179

PostPosted: Sun Nov 22, 2020 1:58 am    Post subject: Reply with quote

The latter (saving time and resources on the server from building it there).
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum