LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   NFS rootfs: mount: only root can mount proc on /proc (https://www.linuxquestions.org/questions/linux-software-2/nfs-rootfs-mount-only-root-can-mount-proc-on-proc-4175595326/)

John Rama 12-13-2016 04:36 AM

NFS rootfs: mount: only root can mount proc on /proc
 
Hello

I have an ARM based target board which usually use SD card for rootfs.
I wouuld like to setup NFS rootfs for this board.

I tested NFS function before trying to use NFS rootfs, and everything works fine.
I can be read/write to the mounted dir as root.

# mount -t nfs -v -o nfsvers=3 192.168.3.2:/exports/data/rootfs /exports/data

However, when trying to use them as rootfs, I can mount it but it seems I have no access as root.

> mount: only root can mount proc on /proc
> mount: only root can use "--types" option (effective UID is 1000)

Why this happens ? I googled but can not get any useful info. Any comments and insights are highly appreciated.

Kind Regards,
John Rama

-------------------------------------------------------------

o kernel version
PC(NFS server): kernel 4.4.0
Target(NFS slave): kernel 3.14.0

o NFS server export setting
# /etc/export
/exports/data/rootfs 192.168.3.9/24(rw,no_subtree_check,no_root_squash)

o kernel command line
console=ttymxc3,115200 root=/dev/nfs rw rootwait ip=192.168.3.9 nfsroot=192.168.3.2:/exports/data/rootfs,v3,tcp

o Log

IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
IP-Config: Guessing netmask 255.255.255.0
IP-Config: Complete:
device=eth0, hwaddr=00:04:9f:03:66:7a, ipaddr=192.168.3.9, mask=255.255.255.0, gw=255.255.255.255
host=192.168.3.9, domain=, nis-domain=(none)
bootserver=255.255.255.255, rootserver=192.168.3.2, rootpath=
...
VFS: Mounted root (nfs filesystem) on device 0:12.
devtmpfs: mounted
Freeing unused kernel memory: 332K (80d37000 - 80d8a000)
INIT: version 2.88 booting
mount: only root can mount proc on /proc
mount: only root can use "--types" option (effective UID is 1000)
grep: /proc/filesystems: No such file or directory
mount: only root can use "--no-mtab" option (effective UID is 1000)
bootlogd: cannot allocate pseudo tty: No such file or directory
random: dd urandom read with 94 bits of entropy available
/etc/rcS.d/S37populate-volatile.sh: line 195: /proc/cmdline: No such file or directory
grep: /proc/filesystems: No such file or directory
ALSA: Restoring mixer settings...
/usr/sbin/alsactl: state_lock:114: file /var/lib/alsa/asound.state lock error: No such file or directory
/usr/sbin/alsactl: load_state:1677: Cannot open /var/lib/alsa/asound.state for reading: No such file or directory
/usr/sbin/alsactl: sysfs_init:48: sysfs path '/sys' is invalid
....
no login console shown

-------------------------------------------------------------

MensaWater 12-13-2016 07:29 AM

"effective UID is 1000" - It thinks you are NOT root which is UID 0.

Did you login as something else then su to root?

If you type "who am i" what does it show? If you then type "whoami" does it show something different?

Even when you use sudo some applications seem to be able to determine your "real" UID even though sudo is supposed to prevent that (I've seen this with sendmail on RHEL6).

Also you might want to try a target mount point that is not in /exports e.g.
mount -t nfs -v -o nfsvers=3 192.168.3.2:/exports/data/rootfs /imports/data

John Rama 12-14-2016 01:48 AM

Nero,

Thank you so much for your reply.

I found the root cause.

On NFS server side, I'm using the Yocto to generate the target rootfs.
The UID and GID for my PC account is 1000, thus the UID and GID for all of the files of target rootfs generated by Yocto is 1000,
including bin/mount binary. Also, bin/mount has SUID bit set.

So, what happen is that target boots, NFS mount is done successfully, and mounted rootfs contains bin/mount whose UID and GID are 1000 and SUID set.
Thus, bin/mount is executed as non-root user because of SUID, and resulted in the mount error.
Confirmed either changing SUID of bin/mount to disable or changing UID and GID of roofs to root resolved this issue.

But, I'm curious how the people using Yocto avoid this issue...
I would not like to manually change the UID and GID, or SUID every time whenever build the rootfs.
I also would not like to use root account to generate target rootfs.

Any insights are welcome, everyone.

Kind Regards,
John Rama

MadeInGermany 12-14-2016 02:11 AM

There are certainly more problems if the file ownership is wrong.
Looks like you must su(do) to run the Yocto build.

MensaWater 12-14-2016 08:17 AM

Quote:

Originally Posted by MadeInGermany (Post 5641961)
There are certainly more problems if the file ownership is wrong.
Looks like you must su(do) to run the Yocto build.

Indeed. I've not heard of Yocto before but on looking at their documentation I found:
Quote:

3.2. The Build Host Packages

Required build host packages vary depending on your build machine and what you want to do with the Yocto Project. For example, if you want to build an image that can run on QEMU in graphical mode (a minimal, basic build requirement), then the build host package requirements are different than if you want to build an image on a headless system or build out the Yocto Project documentation set.

Collectively, the number of required packages is large if you want to be able to cover all cases.
Quote:

Note
In general, you need to have root access and then install the required packages. Thus, the commands in the following section may or may not work depending on whether or not your Linux distribution has sudo installed.



All times are GMT -5. The time now is 07:27 AM.