[Bug 1451775] [NEW] Unable to configure sm-notify

Ancoron Luciferis ancoron.luciferis at googlemail.com
Tue May 5 10:28:41 UTC 2015 

Public bug reported:

I want to configure sm-notify to use a pre-configured port (at least)
for communication, so that I can open up my iptables rules specifically.

In the current situation, the upstart job for statd just calls "exec sm-
notify" without providing any environment variables for configuration.

Looking into the source of sm-notify there are no environment variables
being picked up for configuration, so all has to be done using command
invocation options/arguments. This, however, is currently impossible.

As such, whenever I restart Ubuntu clients, the iptables rules block out
sm-notify communication because it uses a randomly chosen privileged
port. This is even more important for the NFS-server side, where I also
only allow certain well-known incoming ports to communicate. So even if
the client-side outgoing iptables rules would allow any, the server
incoming configuration would block it because the source port is not
"well-known" and is most likely different for each client for each
system restart.

** Affects: nfs-utils (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1451775

Title:
  Unable to configure sm-notify

Status in nfs-utils package in Ubuntu:
  New

Bug description:
  I want to configure sm-notify to use a pre-configured port (at least)
  for communication, so that I can open up my iptables rules
  specifically.

  In the current situation, the upstart job for statd just calls "exec
  sm-notify" without providing any environment variables for
  configuration.

  Looking into the source of sm-notify there are no environment
  variables being picked up for configuration, so all has to be done
  using command invocation options/arguments. This, however, is
  currently impossible.

  As such, whenever I restart Ubuntu clients, the iptables rules block
  out sm-notify communication because it uses a randomly chosen
  privileged port. This is even more important for the NFS-server side,
  where I also only allow certain well-known incoming ports to
  communicate. So even if the client-side outgoing iptables rules would
  allow any, the server incoming configuration would block it because
  the source port is not "well-known" and is most likely different for
  each client for each system restart.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1451775/+subscriptions

More information about the foundations-bugs mailing list