View previous topic :: View next topic |
Author |
Message |
LIsLinuxIsSogood Veteran
Joined: 13 Feb 2016 Posts: 1179
|
Posted: Sat Nov 21, 2020 10:11 pm Post subject: Building kernel from different CPU |
|
|
Is it safe to build kernel sources on a different machine using nfs export of /usr/src/linux and running make on the nfs client machine? |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21489
|
Posted: Sat Nov 21, 2020 11:49 pm Post subject: |
|
|
Yes, but it may not be as straightforward as you think. If you are trying to write the object files to the source directory (which you should not, but it seems like almost everybody does), then you will likely run into root squashing. When the root user on the client is squashed on the server, the NFS server treats the requests as by nfsnobody, who almost certainly lacks permission to write to your kernel source directory.
The simplest solution would be to use $KBUILD_OUTPUT and friends to redirect the object files to local storage where you have write permission, and leave the source on the server to be read over NFS. |
|
Back to top |
|
|
LIsLinuxIsSogood Veteran
Joined: 13 Feb 2016 Posts: 1179
|
Posted: Sun Nov 22, 2020 12:01 am Post subject: |
|
|
Why does root squashing on the server matter? After I build the kernel anyway only one file is going to be installed and the modules, could those just need to be chown afterwards on the server to root account? Would this also maybe be a an application for setting the NFS server to override this behavior so i do not root squash, and is that a bad idea? |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Sun Nov 22, 2020 12:38 am Post subject: |
|
|
Use $KBUILD_OUTPUT *and* don't build as root at all. root's only required for the `make modules_install install` command. |
|
Back to top |
|
|
LIsLinuxIsSogood Veteran
Joined: 13 Feb 2016 Posts: 1179
|
Posted: Sun Nov 22, 2020 1:42 am Post subject: |
|
|
I assume that by using the $KBUILD_OUTPUT variable that is accompanied by the more obvious suggestion to have a more secure settings for my NFS server, which currently looks like this:
# /etc/exports: NFS file systems being exported. See exports(5).
#User stuff - flip on/off the appropriate security level generally all of these should be disabled though
/exports *(fsid=0,sync,crossmnt,no_subtree_check,insecure)
/exports/gentooPortage *(insecure,ro,sync,no_subtree_check,no_root_squash)
/exports/gentooBinaryPackages *(insecure,rw,sync,no_subtree_check,no_root_squash)
/exports/gentooDistributionFiles *(insecure,rw,sync,no_subtree_check,no_root_squash)
/exports/gentooKernelSources *(insecure,rw,sync,no_subtree_check,no_root_squash)
How should I change these to improve things...I assume no no_root_squash to begin? |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21489
|
Posted: Sun Nov 22, 2020 1:45 am Post subject: |
|
|
LIsLinuxIsSogood wrote: | Why does root squashing on the server matter? After I build the kernel anyway only one file is going to be installed and the modules, could those just need to be chown afterwards on the server to root account? Would this also maybe be a an application for setting the NFS server to override this behavior so i do not root squash, and is that a bad idea? | My prior post assumed, based on your question:- Kernel sources are on the NFS server.
- Kernel build is done on the NFS client.
- You might (or might not - I did discuss this point before) follow the common anti-pattern of building the object files in the same directory as the source files.
- If you did build with source-directory = object-directory, then you would be writing the object files to the directory exported by the NFS server.
- If the permissions on that directory are as standard, only root can write to it. Root squashing would mean the NFS client would effectively be requesting writes as nfsnobody, in which case your requests would be denied.
I generally discourage disabling root squashing. Disabling it can be appropriate in certain limited contexts, but I would argue against disabling it unless you can articulate why there are no better options.
Re-reading your question, one point that is unclear to me is whether you are doing this to build a kernel for the NFS client without installing sources there, or doing it to build a kernel for the NFS server without using the CPU/memory resources of the NFS server. Which are you trying to do? |
|
Back to top |
|
|
LIsLinuxIsSogood Veteran
Joined: 13 Feb 2016 Posts: 1179
|
Posted: Sun Nov 22, 2020 1:58 am Post subject: |
|
|
The latter (saving time and resources on the server from building it there). |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|