Date: Wed, 8 Jun 2016 02:03:53 +0000 (UTC) From: Mariusz Zaborski <oshogbo@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r301572 - in head/lib/libcasper: libcasper services/cap_dns services/cap_grp services/cap_pwd services/cap_random services/cap_sysctl Message-ID: <201606080203.u5823rbD075793@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: oshogbo Date: Wed Jun 8 02:03:53 2016 New Revision: 301572 URL: https://svnweb.freebsd.org/changeset/base/301572 Log: Add flags to the Casper services. CASPER_SERVICE_STDIO - Casper will not close the first three descriptors (stdin, stdout and stderr) this can be helpful for debugging. CASPER_SERVICE_FD - Capser will not close all other descriptors, this can be useful for a filesystem service. Modified: head/lib/libcasper/libcasper/libcasper_impl.h head/lib/libcasper/libcasper/libcasper_service.c head/lib/libcasper/libcasper/libcasper_service.h head/lib/libcasper/libcasper/service.c head/lib/libcasper/libcasper/zygote.c head/lib/libcasper/services/cap_dns/cap_dns.c head/lib/libcasper/services/cap_grp/cap_grp.c head/lib/libcasper/services/cap_pwd/cap_pwd.c head/lib/libcasper/services/cap_random/cap_random.c head/lib/libcasper/services/cap_sysctl/cap_sysctl.c Modified: head/lib/libcasper/libcasper/libcasper_impl.h ============================================================================== --- head/lib/libcasper/libcasper/libcasper_impl.h Wed Jun 8 01:17:22 2016 (r301571) +++ head/lib/libcasper/libcasper/libcasper_impl.h Wed Jun 8 02:03:53 2016 (r301572) @@ -46,11 +46,11 @@ bool fd_is_valid(int fd); /* Private service functions. */ struct service *service_alloc(const char *name, service_limit_func_t *limitfunc, - service_command_func_t *commandfunc); + service_command_func_t *commandfunc, uint64_t flags); void service_free(struct service *service); void service_message(struct service *service, struct service_connection *sconn); -void service_start(struct service *service, int sock); +void service_start(struct service *service, int sock, int procfd); const char *service_name(struct service *service); /* Private service connection functions. */ Modified: head/lib/libcasper/libcasper/libcasper_service.c ============================================================================== --- head/lib/libcasper/libcasper/libcasper_service.c Wed Jun 8 01:17:22 2016 (r301571) +++ head/lib/libcasper/libcasper/libcasper_service.c Wed Jun 8 02:03:53 2016 (r301572) @@ -73,7 +73,7 @@ service_find(const char *name) struct casper_service * service_register(const char *name, service_limit_func_t *limitfunc, - service_command_func_t *commandfunc) + service_command_func_t *commandfunc, uint64_t flags) { struct casper_service *casserv; @@ -88,7 +88,8 @@ service_register(const char *name, servi if (casserv == NULL) return (NULL); - casserv->cs_service = service_alloc(name, limitfunc, commandfunc); + casserv->cs_service = service_alloc(name, limitfunc, commandfunc, + flags); if (casserv->cs_service == NULL) { free(casserv); return (NULL); @@ -141,11 +142,10 @@ service_execute(int chanfd) exit(1); service = (struct service *)(uintptr_t)nvlist_take_number(nvl, "service"); - //XXX: We should remove this? procfd = nvlist_take_descriptor(nvl, "procfd"); nvlist_destroy(nvl); - service_start(service, chanfd); + service_start(service, chanfd, procfd); /* Not reached. */ exit(1); } @@ -199,7 +199,7 @@ service_register_core(int fd) struct service_connection *sconn; casserv = service_register(CORE_CASPER_NAME, casper_limit, - casper_command); + casper_command, 0); sconn = service_connection_add(casserv->cs_service, fd, NULL); if (sconn == NULL) { close(fd); Modified: head/lib/libcasper/libcasper/libcasper_service.h ============================================================================== --- head/lib/libcasper/libcasper/libcasper_service.h Wed Jun 8 01:17:22 2016 (r301571) +++ head/lib/libcasper/libcasper/libcasper_service.h Wed Jun 8 02:03:53 2016 (r301572) @@ -40,21 +40,25 @@ struct nvlist; typedef struct nvlist nvlist_t; #endif +#define CASPER_SERVICE_STDIO 0x00000001 +#define CASPER_SERVICE_FD 0x00000002 + typedef int service_limit_func_t(const nvlist_t *, const nvlist_t *); typedef int service_command_func_t(const char *cmd, const nvlist_t *, nvlist_t *, nvlist_t *); struct casper_service *service_register(const char *name, - service_limit_func_t *limitfunc, service_command_func_t *commandfunc); + service_limit_func_t *limitfunc, service_command_func_t *commandfunc, + uint64_t flags); #define __constructor __attribute__((constructor)) -#define CREATE_SERVICE(name, limit_func, command_func) \ +#define CREATE_SERVICE(name, limit_func, command_func, flags) \ static __constructor void \ init_casper_service(void) \ { \ \ - (void)service_register(name, limit_func, \ - command_func); \ + (void)service_register(name, limit_func, command_func, \ + flags); \ } #endif /* !_LIBCASPER_SERVICE_H_ */ Modified: head/lib/libcasper/libcasper/service.c ============================================================================== --- head/lib/libcasper/libcasper/service.c Wed Jun 8 01:17:22 2016 (r301571) +++ head/lib/libcasper/libcasper/service.c Wed Jun 8 02:03:53 2016 (r301572) @@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$"); #include <err.h> #include <errno.h> #include <fcntl.h> +#include <paths.h> #include <stdbool.h> #include <stdio.h> #include <stdlib.h> @@ -78,6 +79,7 @@ struct service_connection { struct service { int s_magic; char *s_name; + uint64_t s_flags; service_limit_func_t *s_limit; service_command_func_t *s_command; TAILQ_HEAD(, service_connection) s_connections; @@ -85,7 +87,7 @@ struct service { struct service * service_alloc(const char *name, service_limit_func_t *limitfunc, - service_command_func_t *commandfunc) + service_command_func_t *commandfunc, uint64_t flags) { struct service *service; @@ -99,6 +101,7 @@ service_alloc(const char *name, service_ } service->s_limit = limitfunc; service->s_command = commandfunc; + service->s_flags = flags; TAILQ_INIT(&service->s_connections); service->s_magic = SERVICE_MAGIC; @@ -338,8 +341,59 @@ service_name(struct service *service) return (service->s_name); } +static void +stdnull(void) +{ + int fd; + + fd = open(_PATH_DEVNULL, O_RDWR); + if (fd == -1) + errx(1, "Unable to open %s", _PATH_DEVNULL); + + if (setsid() == -1) + errx(1, "Unable to detach from session"); + + if (dup2(fd, STDIN_FILENO) == -1) + errx(1, "Unable to cover stdin"); + if (dup2(fd, STDOUT_FILENO) == -1) + errx(1, "Unable to cover stdout"); + if (dup2(fd, STDERR_FILENO) == -1) + errx(1, "Unable to cover stderr"); + + close(fd); +} + +static void +service_clean(int sock, int procfd, uint64_t flags) +{ + int fd, maxfd, minfd; + + assert(sock > STDERR_FILENO); + assert(procfd > STDERR_FILENO); + assert(sock != procfd); + + if ((flags & CASPER_SERVICE_STDIO) == 0) + stdnull(); + + if ((flags & CASPER_SERVICE_FD) == 0) { + if (procfd > sock) { + maxfd = procfd; + minfd = sock; + } else { + maxfd = sock; + minfd = procfd; + } + + for (fd = STDERR_FILENO + 1; fd < maxfd; fd++) { + if (fd != minfd) + close(fd); + } + closefrom(maxfd + 1); + } +} + void -service_start(struct service *service, int sock) +service_start(struct service *service, int sock, int procfd) { struct service_connection *sconn, *sconntmp; fd_set fds; @@ -348,6 +402,8 @@ service_start(struct service *service, i assert(service != NULL); assert(service->s_magic == SERVICE_MAGIC); setproctitle("%s", service->s_name); + service_clean(sock, procfd, service->s_flags); + if (service_connection_add(service, sock, NULL) == NULL) exit(1); Modified: head/lib/libcasper/libcasper/zygote.c ============================================================================== --- head/lib/libcasper/libcasper/zygote.c Wed Jun 8 01:17:22 2016 (r301571) +++ head/lib/libcasper/libcasper/zygote.c Wed Jun 8 02:03:53 2016 (r301572) @@ -40,7 +40,6 @@ __FBSDID("$FreeBSD$"); #include <assert.h> #include <err.h> #include <errno.h> -#include <paths.h> #include <stdbool.h> #include <stdlib.h> #include <strings.h> @@ -51,28 +50,6 @@ __FBSDID("$FreeBSD$"); /* Zygote info. */ static int zygote_sock = -1; -static void -stdnull(void) -{ - int fd; - - fd = open(_PATH_DEVNULL, O_RDWR); - if (fd == -1) - errx(1, "Unable to open %s", _PATH_DEVNULL); - - if (setsid() == -1) - errx(1, "Unable to detach from session"); - - if (dup2(fd, STDIN_FILENO) == -1) - errx(1, "Unable to cover stdin"); - if (dup2(fd, STDOUT_FILENO) == -1) - errx(1, "Unable to cover stdout"); - if (dup2(fd, STDERR_FILENO) == -1) - errx(1, "Unable to cover stderr"); - - close(fd); -} - int zygote_clone(zygote_func_t *func, int *chanfdp, int *procfdp) { @@ -113,7 +90,7 @@ zygote_clone(zygote_func_t *func, int *c static void zygote_main(int sock) { - int error, fd, procfd; + int error, procfd; int chanfd[2]; nvlist_t *nvlin, *nvlout; zygote_func_t *func; @@ -123,11 +100,6 @@ zygote_main(int sock) setproctitle("zygote"); - stdnull(); - for (fd = STDERR_FILENO + 1; fd < sock; fd++) - close(fd); - closefrom(sock + 1); - for (;;) { nvlin = nvlist_recv(sock, 0); if (nvlin == NULL) { Modified: head/lib/libcasper/services/cap_dns/cap_dns.c ============================================================================== --- head/lib/libcasper/services/cap_dns/cap_dns.c Wed Jun 8 01:17:22 2016 (r301571) +++ head/lib/libcasper/services/cap_dns/cap_dns.c Wed Jun 8 02:03:53 2016 (r301572) @@ -759,4 +759,4 @@ dns_command(const char *cmd, const nvlis return (error); } -CREATE_SERVICE("system.dns", dns_limit, dns_command); +CREATE_SERVICE("system.dns", dns_limit, dns_command, 0); Modified: head/lib/libcasper/services/cap_grp/cap_grp.c ============================================================================== --- head/lib/libcasper/services/cap_grp/cap_grp.c Wed Jun 8 01:17:22 2016 (r301571) +++ head/lib/libcasper/services/cap_grp/cap_grp.c Wed Jun 8 02:03:53 2016 (r301572) @@ -786,4 +786,4 @@ grp_command(const char *cmd, const nvlis return (error); } -CREATE_SERVICE("system.grp", grp_limit, grp_command); +CREATE_SERVICE("system.grp", grp_limit, grp_command, 0); Modified: head/lib/libcasper/services/cap_pwd/cap_pwd.c ============================================================================== --- head/lib/libcasper/services/cap_pwd/cap_pwd.c Wed Jun 8 01:17:22 2016 (r301571) +++ head/lib/libcasper/services/cap_pwd/cap_pwd.c Wed Jun 8 02:03:53 2016 (r301572) @@ -780,4 +780,4 @@ pwd_command(const char *cmd, const nvlis return (error); } -CREATE_SERVICE("system.pwd", pwd_limit, pwd_command); +CREATE_SERVICE("system.pwd", pwd_limit, pwd_command, 0); Modified: head/lib/libcasper/services/cap_random/cap_random.c ============================================================================== --- head/lib/libcasper/services/cap_random/cap_random.c Wed Jun 8 01:17:22 2016 (r301571) +++ head/lib/libcasper/services/cap_random/cap_random.c Wed Jun 8 02:03:53 2016 (r301572) @@ -114,4 +114,4 @@ random_command(const char *cmd, const nv return (0); } -CREATE_SERVICE("system.random", NULL, random_command); +CREATE_SERVICE("system.random", NULL, random_command, 0); Modified: head/lib/libcasper/services/cap_sysctl/cap_sysctl.c ============================================================================== --- head/lib/libcasper/services/cap_sysctl/cap_sysctl.c Wed Jun 8 01:17:22 2016 (r301571) +++ head/lib/libcasper/services/cap_sysctl/cap_sysctl.c Wed Jun 8 02:03:53 2016 (r301572) @@ -290,4 +290,4 @@ sysctl_command(const char *cmd, const nv return (0); } -CREATE_SERVICE("system.sysctl", sysctl_limit, sysctl_command); +CREATE_SERVICE("system.sysctl", sysctl_limit, sysctl_command, 0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606080203.u5823rbD075793>