NEX-15279 support NFS server in zone

NEX-15520 online NFS shares cause zoneadm halt to hang in nfs_export_zone_fini
Portions contributed by: Dan Kruchinin dan.kruchinin@nexenta.com
Portions contributed by: Stepan Zastupov stepan.zastupov@gmail.com
Reviewed by: Joyce McIntosh <joyce.mcintosh@nexenta.com>
Reviewed by: Rob Gittins <rob.gittins@nexenta.com>
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>

usr/src/cmd/dfs.cmds/sharemgr/commands.c

@@ -22,7 +22,11 @@
 /*
  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ */
+
+/*
  * Copyright 2012 Milan Jurik. All rights reserved.
+ * Copyright 2018 Nexenta Systems, Inc.
  */
 
 #include <sys/types.h>
@@ -2166,14 +2170,15 @@ static void
 show_group(sa_group_t group, int verbose, int properties, char *proto,
     char *subgroup)
 {
-	sa_share_t share;
 	char *groupname;
 	char *zfs = NULL;
 	int iszfs = 0;
 	char *sharepath;
 
 	groupname = sa_get_group_attr(group, "name");
 	if (groupname != NULL) {
+		sa_share_t share;
+
 		if (proto != NULL && !has_protocol(group, proto)) {
 			sa_free_attr_string(groupname);
 			return;
@@ -2190,7 +2195,7 @@ show_group(sa_group_t group, int verbose, int properties, char *proto,
 			iszfs = 1;
 			sa_free_attr_string(zfs);
 		}
-		share = sa_get_share(group, NULL);
+
 		if (subgroup == NULL)
 			(void) printf("%s", groupname);
 		else

usr/src/cmd/fs.d/nfs/svc/nfs-server

@@ -23,7 +23,7 @@
 #
 # Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
 # Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
-# Copyright 2016 Nexenta Systems, Inc.  All rights reserved.
+# Copyright 2018 Nexenta Systems, Inc.
 #
 
 # Start/stop processes required for server NFS
@@ -66,14 +66,6 @@ configure_ipfilter()
 
 case "$1" in
 'start')
-	# The NFS server is not supported in a local zone
-	if smf_is_nonglobalzone; then
-		/usr/sbin/svcadm disable -t svc:/network/nfs/server
-		echo "The NFS server is not supported in a local zone"
-		sleep 5 &
-		exit $SMF_EXIT_OK
-	fi
-
 	# Share all file systems enabled for sharing. sharemgr understands
 	# regular shares and ZFS shares and will handle both. Technically,
 	# the shares would have been started long before getting here since

usr/src/lib/brand/ipkg/zone/platform.xml

@@ -20,8 +20,8 @@
 
  CDDL HEADER END
 
- Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
  Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
+ Copyright 2018 Nexenta Systems, Inc.
 
  DO NOT EDIT THIS FILE.
 -->
@@ -41,6 +41,7 @@
 	<mount special="mnttab" directory="/etc/mnttab" type="mntfs" />
 	<mount special="objfs" directory="/system/object" type="objfs" />
 	<mount special="swap" directory="/etc/svc/volatile" type="tmpfs" />
+	<mount special="sharefs" directory="/etc/dfs/sharetab" type="sharefs" />
 
 	<!-- Devices to create under /dev -->
 	<device match="arp" />

usr/src/lib/libshare/common/libshare_zfs.c

@@ -22,17 +22,19 @@
 /*
  * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
  */
+
 /*
- * Copyright 2012 Nexenta Systems, Inc.  All rights reserved.
  * Copyright (c) 2012, 2016 by Delphix. All rights reserved.
  * Copyright 2017 RackTop Systems.
+ * Copyright 2018 Nexenta Systems, Inc.
  */
 
 #include <stdio.h>
 #include <libzfs.h>
 #include <string.h>
 #include <strings.h>
 #include <errno.h>
+#include <zone.h>
 #include <libshare.h>
 #include "libshare_impl.h"
 #include <libintl.h>
@@ -238,6 +240,7 @@ get_legacy_mountpoint(const char *path, char *dataset, size_t dlen,
 {
 	FILE *fp;
 	struct mnttab entry;
+	int rc = 1;
 
 	if ((fp = fopen(MNTTAB, "r")) == NULL) {
 		return (1);
@@ -256,11 +259,12 @@ get_legacy_mountpoint(const char *path, char *dataset, size_t dlen,
 			if (dlen > 0)
 				(void) strlcpy(dataset, entry.mnt_special,
 				    dlen);
+			rc = 0;
 			break;
 		}
 	}
 	(void) fclose(fp);
-	return (1);
+	return (rc);
 }
 
 
@@ -817,6 +821,13 @@ sa_get_zfs_share_common(sa_handle_t handle, zfs_handle_t *fs_handle, char *path,
 	if (!zfs_is_mounted(fs_handle, NULL))
 		return (SA_SYSTEM_ERR);
 
+	/*
+	 * Ignore "zoned" datasets in global zone.
+	 */
+	if (getzoneid() == GLOBAL_ZONEID &&
+	    zfs_prop_get_int(fs_handle, ZFS_PROP_ZONED))
+		return (SA_SYSTEM_ERR);
+
 	nfs = nfs_inherited = B_FALSE;
 
 	if (zfs_prop_get(fs_handle, ZFS_PROP_SHARENFS, nfsshareopts,

usr/src/lib/libshare/nfs/libshare_nfs.c

@@ -21,19 +21,22 @@
 
 /*
  * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2018 Nexenta Systems, Inc.
+ */
+
+/*
  * Copyright (c) 2014, 2016 by Delphix. All rights reserved.
+ * Copyright 2018 Nexenta Systems, Inc.
  */
 
 /*
  * NFS specific functions
  */
+
 #include <stdio.h>
 #include <string.h>
 #include <ctype.h>
 #include <stdlib.h>
 #include <unistd.h>
-#include <zone.h>
 #include <errno.h>
 #include <locale.h>
 #include <signal.h>
@@ -1906,12 +1909,7 @@ nfs_enable_share(sa_share_t share)
 				sa_free_attr_string(sectype);
 		}
 	}
-	/*
-	 * when we get here, we can do the exportfs system call and
-	 * initiate things. We probably want to enable the
-	 * svc:/network/nfs/server service first if it isn't running.
-	 */
-	/* check svc:/network/nfs/server status and start if needed */
+
 	/* now add the share to the internal tables */
 	printarg(path, &export);
 	/*
@@ -1921,73 +1919,25 @@ nfs_enable_share(sa_share_t share)
 	if (iszfs) {
 		struct exportfs_args ea;
 		share_t sh;
-		char *str;
-		priv_set_t *priv_effective;
-		int privileged;
-
-		/*
-		 * If we aren't a privileged user
-		 * and NFS server service isn't running
-		 * then print out an error message
-		 * and return EPERM
-		 */
-
-		priv_effective = priv_allocset();
-		(void) getppriv(PRIV_EFFECTIVE, priv_effective);
-
-		privileged = (priv_isfullset(priv_effective) == B_TRUE);
-		priv_freeset(priv_effective);
-
-		if (!privileged &&
-		    (str = smf_get_state(NFS_SERVER_SVC)) != NULL) {
-			err = 0;
-			if (strcmp(str, SCF_STATE_STRING_ONLINE) != 0) {
-				(void) printf(dgettext(TEXT_DOMAIN,
-				    "NFS: Cannot share remote "
-				    "filesystem: %s\n"), path);
-				(void) printf(dgettext(TEXT_DOMAIN,
-				    "NFS: Service needs to be enabled "
-				    "by a privileged user\n"));
-				err = SA_SYSTEM_ERR;
-				errno = EPERM;
-			}
-			free(str);
-		}
 
-		if (err == 0) {
-			ea.dname = path;
-			ea.uex = &export;
+		ea.dname = path;
+		ea.uex = &export;
 
-			(void) sa_sharetab_fill_zfs(share, &sh, "nfs");
-			err = sa_share_zfs(share, NULL, path, &sh,
-			    &ea, ZFS_SHARE_NFS);
-			if (err != SA_OK) {
-				errno = err;
-				err = -1;
-			}
-			sa_emptyshare(&sh);
+		(void) sa_sharetab_fill_zfs(share, &sh, "nfs");
+		err = sa_share_zfs(share, NULL, path, &sh, &ea, ZFS_SHARE_NFS);
+		if (err != SA_OK) {
+			errno = err;
+			err = -1;
 		}
+		sa_emptyshare(&sh);
 	} else {
 		err = exportfs(path, &export);
 	}
 
 	if (err < 0) {
 		err = SA_SYSTEM_ERR;
 		switch (errno) {
-		case EREMOTE:
-			(void) printf(dgettext(TEXT_DOMAIN,
-			    "NFS: Cannot share filesystems "
-			    "in non-global zones: %s\n"), path);
-			err = SA_NOT_SUPPORTED;
-			break;
 		case EPERM:
-			if (getzoneid() != GLOBAL_ZONEID) {
-				(void) printf(dgettext(TEXT_DOMAIN,
-				    "NFS: Cannot share file systems "
-				    "in non-global zones: %s\n"), path);
-				err = SA_NOT_SUPPORTED;
-				break;
-			}
 			err = SA_NO_PERMISSION;
 			break;
 		case EEXIST:
@@ -2099,9 +2049,6 @@ nfs_disable_share(sa_share_t share, char *path)
 		case EPERM:
 		case EACCES:
 			ret = SA_NO_PERMISSION;
-			if (getzoneid() != GLOBAL_ZONEID) {
-				ret = SA_NOT_SUPPORTED;
-			}
 			break;
 		case EINVAL:
 		case ENOENT:

usr/src/lib/libzfs/common/libzfs_dataset.c

@@ -21,14 +21,17 @@
 
 /*
  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ */
+
+/*
  * Copyright (c) 2013, Joyent, Inc. All rights reserved.
  * Copyright (c) 2011, 2016 by Delphix. All rights reserved.
  * Copyright (c) 2012 DEY Storage Systems, Inc.  All rights reserved.
  * Copyright (c) 2011-2012 Pawel Jakub Dawidek. All rights reserved.
  * Copyright (c) 2013 Martin Matuska. All rights reserved.
  * Copyright (c) 2013 Steven Hartland. All rights reserved.
  * Copyright (c) 2014 Integros [integros.com]
- * Copyright 2016 Nexenta Systems, Inc.
+ * Copyright 2018 Nexenta Systems, Inc.
  * Copyright 2016 Igor Kozhukhov <ikozhukhov@gmail.com>
  * Copyright 2017 RackTop Systems.
  */
@@ -1265,7 +1268,7 @@ zfs_valid_proplist(libzfs_handle_t *hdl, zfs_type_t type, nvlist_t *nvl,
 			 *		global zone	    non-global zone
 			 * --------------------------------------------------
 			 * zoned=on	mountpoint (no)	    mountpoint (yes)
-			 *		sharenfs (no)	    sharenfs (no)
+			 *		sharenfs (no)	    sharenfs (yes)
 			 *		sharesmb (no)	    sharesmb (no)
 			 *
 			 * zoned=off	mountpoint (yes)	N/A
@@ -1281,8 +1284,7 @@ zfs_valid_proplist(libzfs_handle_t *hdl, zfs_type_t type, nvlist_t *nvl,
 					(void) zfs_error(hdl, EZFS_ZONED,
 					    errbuf);
 					goto error;
-				} else if (prop == ZFS_PROP_SHARENFS ||
-				    prop == ZFS_PROP_SHARESMB) {
+				} else if (prop == ZFS_PROP_SHARESMB) {
 					zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
 					    "'%s' cannot be set in "
 					    "a non-global zone"), propname);

usr/src/lib/libzfs/common/libzfs_mount.c

@@ -20,8 +20,11 @@
  */
 
 /*
- * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
  * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ */
+
+/*
+ * Copyright 2018 Nexenta Systems, Inc.
  * Copyright (c) 2014, 2016 by Delphix. All rights reserved.
  * Copyright 2016 Igor Kozhukhov <ikozhukhov@gmail.com>
  * Copyright 2017 Joyent, Inc.
@@ -843,15 +846,6 @@ zfs_share_proto(zfs_handle_t *zhp, zfs_share_proto_t *proto)
 			return (-1);
 		}
 
-		/*
-		 * If the 'zoned' property is set, then zfs_is_mountable()
-		 * will have already bailed out if we are in the global zone.
-		 * But local zones cannot be NFS servers, so we ignore it for
-		 * local zones as well.
-		 */
-		if (zfs_prop_get_int(zhp, ZFS_PROP_ZONED))
-			continue;
-
 		share = zfs_sa_find_share(hdl->libzfs_sharehdl, mountpoint);
 		if (share == NULL) {
 			/*