From aa7fbff18a663bf2b394ccdb0f6963466e492851 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Jan 22 2021 10:09:01 +0000
Subject: import nfs-utils-2.3.3-41.el8


---

diff --git a/SOURCES/nfs-utils-2.3.3-mountd-pseudofs.patch b/SOURCES/nfs-utils-2.3.3-mountd-pseudofs.patch
new file mode 100644
index 0000000..04eb082
--- /dev/null
+++ b/SOURCES/nfs-utils-2.3.3-mountd-pseudofs.patch
@@ -0,0 +1,61 @@
+diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
+index d735dbfe..8ec33fb0 100644
+--- a/utils/mountd/v4root.c
++++ b/utils/mountd/v4root.c
+@@ -36,9 +36,9 @@ static nfs_export pseudo_root = {
+ 	.m_export = {
+ 		.e_hostname = "*",
+ 		.e_path = "/",
+-		.e_flags = NFSEXP_READONLY | NFSEXP_ROOTSQUASH
++		.e_flags = NFSEXP_READONLY
+ 				| NFSEXP_NOSUBTREECHECK | NFSEXP_FSID
+-				| NFSEXP_V4ROOT,
++				| NFSEXP_V4ROOT | NFSEXP_INSECURE_PORT,
+ 		.e_anonuid = 65534,
+ 		.e_anongid = 65534,
+ 		.e_squids = NULL,
+@@ -57,15 +57,11 @@ static nfs_export pseudo_root = {
+ };
+ 
+ static void
+-set_pseudofs_security(struct exportent *pseudo, int flags)
++set_pseudofs_security(struct exportent *pseudo)
+ {
+ 	struct flav_info *flav;
+ 	int i;
+ 
+-	if (flags & NFSEXP_INSECURE_PORT)
+-		pseudo->e_flags |= NFSEXP_INSECURE_PORT;
+-	if ((flags & NFSEXP_ROOTSQUASH) == 0)
+-		pseudo->e_flags &= ~NFSEXP_ROOTSQUASH;
+ 	for (flav = flav_map; flav < flav_map + flav_map_size; flav++) {
+ 		struct sec_entry *new;
+ 
+@@ -75,8 +71,7 @@ set_pseudofs_security(struct exportent *pseudo, int flags)
+ 		i = secinfo_addflavor(flav, pseudo);
+ 		new = &pseudo->e_secinfo[i];
+ 
+-		if (flags & NFSEXP_INSECURE_PORT)
+-			new->flags |= NFSEXP_INSECURE_PORT;
++		new->flags |= NFSEXP_INSECURE_PORT;
+ 	}
+ }
+ 
+@@ -95,7 +90,7 @@ v4root_create(char *path, nfs_export *export)
+ 	strncpy(eep.e_path, path, sizeof(eep.e_path)-1);
+ 	if (strcmp(path, "/") != 0)
+ 		eep.e_flags &= ~NFSEXP_FSID;
+-	set_pseudofs_security(&eep, curexp->e_flags);
++	set_pseudofs_security(&eep);
+ 	exp = export_create(&eep, 0);
+ 	if (exp == NULL)
+ 		return NULL;
+@@ -143,7 +138,7 @@ pseudofs_update(char *hostname, char *path, nfs_export *source)
+ 		return 0;
+ 	}
+ 	/* Update an existing V4ROOT export: */
+-	set_pseudofs_security(&exp->m_export, source->m_export.e_flags);
++	set_pseudofs_security(&exp->m_export);
+ 	return 0;
+ }
+ 
diff --git a/SPECS/nfs-utils.spec b/SPECS/nfs-utils.spec
index 43d03f6..2d9af3b 100644
--- a/SPECS/nfs-utils.spec
+++ b/SPECS/nfs-utils.spec
@@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser
 Name: nfs-utils
 URL: http://linux-nfs.org/
 Version: 2.3.3
-Release: 40%{?dist}
+Release: 41%{?dist}
 Epoch: 1
 
 # group all 32bit related archs
@@ -71,6 +71,7 @@ Patch033: nfs-utils-2.3.3-nfsdclddb-manpage-rename.patch
 Patch034: nfs-utils-2.3.3-systemd-exportfs-nofail.patch
 Patch035: nfs-utils-2.3.3-exports-manpage-outdated.patch
 Patch036: nfs-utils-2.3.3-gssd-multithread-updates.patch
+Patch037: nfs-utils-2.3.3-mountd-pseudofs.patch
 
 Patch100: nfs-utils-1.2.1-statdpath-man.patch
 Patch101: nfs-utils-1.2.1-exp-subtree-warn-off.patch
@@ -354,6 +355,9 @@ fi
 %{_libdir}/libnfsidmap.so
 
 %changelog
+* Wed Jan 20 2021 Steve Dickson <steved@redhat.com> 2.3.3-41
+- mountd: never root squash on the pseudofs (bz 1804912)
+
 * Mon Dec 14 2020 Steve Dickson <steved@redhat.com> 2.3.3-40
 - gssd: upstream multithreaded updates (bz 1906792)