http://bugzilla.opensuse.org/show_bug.cgi?id=904717 Joschi Brauchle changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Normal |Major --- Comment #1 from Joschi Brauchle --- Seems like this patch addresses the issue https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7... by increasing the values permanently. This http://article.gmane.org/gmane.linux.nfs/67156 seems to address a second issue where keys expire and take up space in the keyring. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=904717 --- Comment #3 from Joschi Brauchle --- Thanks, yes it is not an urgent problem due to existing workaround. (In reply to Joschi Brauchle from comment #0)

On a side note: Trying to clear the cache of NFSIDMAP like so --------------- # nfsidmap -c nfsidmap: fopen(/proc/keys) failed: No such file or directory --------------- also fails. This seems to be another bug, as reported here: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1344405

Is there a fix for this? It looks like exposing /proc/keys might be a security risk, as stated here http://cateee.net/lkddb/web-lkddb/KEYS_DEBUG_PROC_KEYS.html -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=904717 Joschi Brauchle changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Default maximum mumber of |Default maximum mumber of |keys (200) too small - |keys (200) too small - |affecting NFS and CIFS |affecting kerberized NFS | |and CIFS -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=904717 Neil Brown changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |joschibrauchle@gmx.de Flags| |needinfo?(joschibrauchle@gm | |x.de) --- Comment #5 from Neil Brown --- I have added a small collection of patches to our 13.2 kernel which should address most of these issues. It doesn't address the "nfsidmap -c" problem, but I think the rest should be fixed. I would appreciate it if you could test the kernel when a build becomes available and confirm. The rpms should appear in http://download.opensuse.org/repositories/Kernel:/openSUSE-13.2/standard/x86... I don't know how long it takes. Instructions for installing a test kernel (should you need them) are here: https://en.opensuse.org/openSUSE:Kernel_of_the_day Note that you will need to use "openSUSE-13.2" rather than "HEAD". I think our SLE12 product has the same issue so I will keep this bug open until you have confirmed, and I have fixed SLE12. If you want to pursue the issue with "nfsidmap -c" I suggest you post a question to the community list: linux-nfs@vger.kernel.org. I will contribute if I can but I'm not really in a position to try to fix this independently at present. Thanks. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=904717 --- Comment #7 from Neil Brown --- Sounds like a good plan. The new kernel is now available, since 25-Nov-2014 10:35 in some time zone... e.g. kernel-default-3.16.7-11.1.gb26a99a.x86_64.rpm -- You are receiving this mail because: You are on the CC list for the bug.