diff options
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | doc/index.html | 2 | ||||
| -rw-r--r-- | doc/s6-rc-compile.html | 32 | ||||
| -rw-r--r-- | doc/s6-rc.html | 9 | ||||
| -rw-r--r-- | doc/upgrade.html | 5 | ||||
| -rw-r--r-- | package/info | 2 | ||||
| -rw-r--r-- | src/s6-rc/s6-rc-compile.c | 126 |
7 files changed, 58 insertions, 122 deletions
@@ -1,10 +1,12 @@ Changelog for s6-rc. -In 0.4.1.1 +In 0.5.0.0 ---------- - Adaptation to skalibs-2.8.0.0 and s6-2.8.0.0 - Bugfixes. + - s6-rc-compile doesn't support -u and -g anymore; the user who +can run s6-rc on a database is the user who owns the supervision tree. In 0.4.1.0 diff --git a/doc/index.html b/doc/index.html index 625121f..07f35f9 100644 --- a/doc/index.html +++ b/doc/index.html @@ -66,7 +66,7 @@ scripts are also run in a controlled environment. <ul> <li> The current released version of s6-rc is -<a href="s6-rc-0.4.1.1.tar.gz">0.4.1.1</a>. </li> +<a href="s6-rc-0.5.0.0.tar.gz">0.5.0.0</a>. </li> <li> Alternatively, you can checkout a copy of the <a href="//git.skarnet.org/cgi-bin/cgit.cgi/s6-rc/">s6-rc git repository</a>: diff --git a/doc/s6-rc-compile.html b/doc/s6-rc-compile.html index 57a6b95..d931b91 100644 --- a/doc/s6-rc-compile.html +++ b/doc/s6-rc-compile.html @@ -36,7 +36,7 @@ the current service database via <h2> Interface </h2> <pre> - s6-rc-compile [ -v <em>verbosity</em> ] [ -u <em>uids</em> ] [ -g <em>gids</em> ] [ -h <em>fdhuser</em> ] [ -b ] <em>compiled</em> <em>source...</em> + s6-rc-compile [ -v <em>verbosity</em> ] [ -h <em>fdhuser</em> ] [ -b ] <em>compiled</em> <em>source...</em> </pre> <ul> @@ -64,14 +64,6 @@ services declared in every <em>source</em> argument. </li> verbose. Default is 1: warning and error messages will be printed to stderr. 0 silences warnings. 2 adds a bit more information about what s6-rc-compile is doing. 3 or more is heavy debug output. </li> - <li> <tt>-u <em>uids</em></tt> : list users allowed to -use this database with <a href="s6-rc.html">s6-rc</a> to start and -stop services. <em>uids</em> must be a comma-separated list of -numerical UIDs. </li> - <li> <tt>-g <em>gids</em></tt> : list groups allowed to -use this database with <a href="s6-rc.html">s6-rc</a> to start and -stop services. <em>gids</em> must be a comma-separated list of -numerical GIDs. </li> <li> <tt>-h <em>fdhuser</em></tt> : arrange for the <a href="//skarnet.org/software/s6/s6-fdholder-daemon.html">s6-fdholder-daemon</a> program, which maintains the pipes for the longrun pipelines, to run @@ -84,24 +76,6 @@ should not change anything in practice, and you can ignore that option. </li> </ul> -<p> - If the <tt>-u</tt> or <tt>-g</tt> option is used, then <tt>0</tt> -must be explicitly listed in <em>uids</em> in order to allow root -to operate the database. If neither option is used, then root -(and only root) is implicitly allowed. -</p> - -<p> - It is important to <em>only</em> use the <tt>-u</tt> or <tt>-g</tt> -options when the user owning the supervision tree is not root. The -internal s6-rc mechanisms allow uids and gids specified by those -options to run any oneshot in the compiled service database as the -user owning the supervision tree; -if that user is root, this becomes an avenue for unwanted -privilege gain. Only specify users that have the right to operate -the supervision tree! -</p> - <h2> Source format </h2> <p> @@ -408,6 +382,10 @@ following an invocation of <a href="s6-rc-init.html">s6-rc-init</a> or and it must not be deleted. The only way to "free" such a compiled database for displacement or deletion is to replace it as the live one via another call to <a href="s6-rc-update.html">s6-rc-update</a>. </li> + <li> No matter what user compiles the database, only root and the +user owning the supervision tree at run-time will be able +to operate the compiled database with the <a href="s6-rc.html">s6-rc</a> +command. </li> </ul> diff --git a/doc/s6-rc.html b/doc/s6-rc.html index 8aa530c..85a223e 100644 --- a/doc/s6-rc.html +++ b/doc/s6-rc.html @@ -35,9 +35,12 @@ should be achieved by a single <tt>s6-rc change</tt> invocation. </p> <p> - Except in test installations with specifically made compiled -databases and live directories, s6-rc should only be run as root - -especially when asking for a state change. + s6-rc should only be run by the user owning the underlying +<a href="//skarnet.org/software/s6/">s6</a> supervision tree. It can +also be run by root even if the supervision tree is not owned +by root, but in this case the services will always be started and +stopped by the user owning the supervision tree - they will not have +root privileges. </p> <h2> Interface </h2> diff --git a/doc/upgrade.html b/doc/upgrade.html index d186ffc..5fc4cee 100644 --- a/doc/upgrade.html +++ b/doc/upgrade.html @@ -30,7 +30,7 @@ minor and bugfix version changes. <h1> What has changed in s6-rc </h1> -<h2> in 0.4.1.1 </h2> +<h2> in 0.5.0.0 </h2> <ul> <li> <a href="//skarnet.org/software/skalibs/">skalibs</a> @@ -39,6 +39,9 @@ dependency bumped to 2.8.0.0. </li> dependency bumped to 2.5.0.2. </li> <li> <a href="//skarnet.org/software/s6/">s6</a> dependency bumped to 2.8.0.0. </li> + <li> <a href="s6-rc-compile.html">s6-rc-compile</a> does not support the <tt>-u</tt> +or <tt>-g</tt> options anymore; instead, at any time, the user who can operate +a s6-rc database is the user who owns the supervision tree. </li> </ul> <h2> in 0.4.1.0 </h2> diff --git a/package/info b/package/info index 93c0300..fc972e1 100644 --- a/package/info +++ b/package/info @@ -1,4 +1,4 @@ package=s6-rc -version=0.4.1.1 +version=0.5.0.0 category=admin package_macro_name=S6RC diff --git a/src/s6-rc/s6-rc-compile.c b/src/s6-rc/s6-rc-compile.c index a017fd1..ef6a040 100644 --- a/src/s6-rc/s6-rc-compile.c +++ b/src/s6-rc/s6-rc-compile.c @@ -27,7 +27,7 @@ #include <s6-rc/config.h> #include <s6-rc/s6rc.h> -#define USAGE "s6-rc-compile [ -v verbosity ] [ -u okuid,okuid... ] [ -g okgid,okgid... ] [ -h fdholder_user ] [ -b ] destdir sources..." +#define USAGE "s6-rc-compile [ -v verbosity ] [ -h fdholder_user ] [ -b ] destdir sources..." #define dieusage() strerr_dieusage(100, USAGE) #define dienomem() strerr_dief1x(111, "out of memory") ; @@ -968,13 +968,13 @@ static inline void write_sizes (char const *compiled, s6rc_db_t const *db) auto_file(compiled, "n", pack, 24) ; } -static void make_skel (char const *compiled, char const *name, uid_t const *uids, size_t uidn, gid_t const *gids, size_t gidn, unsigned int notif) +static void make_skel (char const *compiled, char const *name, unsigned int notif) { size_t namelen = strlen(name) ; char fmt[UINT_FMT] ; size_t i = uint_fmt(fmt, notif) ; fmt[i++] = '\n' ; - char fn[namelen + 29] ; + char fn[namelen + 36] ; memcpy(fn, "servicedirs/", 12) ; memcpy(fn + 12, name, namelen + 1) ; auto_dir(compiled, fn) ; @@ -984,43 +984,26 @@ static void make_skel (char const *compiled, char const *name, uid_t const *uids auto_dir(compiled, fn) ; memcpy(fn + 17 + namelen, "/rules", 7) ; auto_dir(compiled, fn) ; - if (gidn) - { - memcpy(fn + 23 + namelen, "/gid", 5) ; - auto_dir(compiled, fn) ; - } + memcpy(fn + 23 + namelen, "/gid", 5) ; + auto_dir(compiled, fn) ; + memcpy(fn + 27 + namelen, "/0", 3) ; + auto_dir(compiled, fn) ; + memcpy(fn + 29 + namelen, "/allow", 7) ; + auto_file(compiled, fn, "", 0) ; memcpy(fn + 23 + namelen, "/uid", 5) ; auto_dir(compiled, fn) ; + memcpy(fn + 27 + namelen, "/0", 3) ; + auto_dir(compiled, fn) ; + memcpy(fn + 29 + namelen, "/allow", 7) ; + auto_file(compiled, fn, "", 0) ; + memcpy(fn + 27 + namelen, "/self", 6) ; + auto_symlink(compiled, fn, "0") ; } -static inline void write_oneshot_runner (char const *compiled, uid_t const *uids, size_t uidn, gid_t const *gids, size_t gidn, int blocking) +static inline void write_oneshot_runner (char const *compiled, int blocking) { size_t base = satmp.len ; - size_t i ; - char fn[35 + sizeof(S6RC_ONESHOT_RUNNER)] = "servicedirs/" S6RC_ONESHOT_RUNNER "/data/rules/gid/" ; - make_skel(compiled, S6RC_ONESHOT_RUNNER, uids, uidn, gids, gidn, 3) ; - if (gidn) - { - i = gidn ; - while (i--) - { - size_t len = gid_fmt(fn + 28 + S6RC_ONESHOT_RUNNER_LEN, gids[i]) ; - fn[28 + S6RC_ONESHOT_RUNNER_LEN + len] = 0 ; - auto_dir(compiled, fn) ; - memcpy(fn + 28 + S6RC_ONESHOT_RUNNER_LEN + len, "/allow", 7) ; - auto_file(compiled, fn, "", 0) ; - } - } - fn[24 + S6RC_ONESHOT_RUNNER_LEN] = 'u' ; - i = uidn ; - while (i--) - { - size_t len = uid_fmt(fn + 28 + S6RC_ONESHOT_RUNNER_LEN, uids[i]) ; - fn[28 + S6RC_ONESHOT_RUNNER_LEN + len] = 0 ; - auto_dir(compiled, fn) ; - memcpy(fn + 28 + S6RC_ONESHOT_RUNNER_LEN + len, "/allow", 7) ; - auto_file(compiled, fn, "", 0) ; - } + make_skel(compiled, S6RC_ONESHOT_RUNNER, 3) ; if (!stralloc_cats(&satmp, "#!" EXECLINE_SHEBANGPREFIX "execlineb -P\n" EXECLINE_EXTBINPREFIX "fdmove -c 2 1\n" @@ -1037,47 +1020,24 @@ static inline void write_oneshot_runner (char const *compiled, uid_t const *uids auto_rights(compiled, "servicedirs/" S6RC_ONESHOT_RUNNER "/run", 0755) ; } -static inline void write_fdholder (char const *compiled, s6rc_db_t const *db, uid_t const *uids, size_t uidn, gid_t const *gids, size_t gidn, char const *fdhuser) +static inline void write_fdholder (char const *compiled, s6rc_db_t const *db, char const *fdhuser) { size_t base = satmp.len ; - make_skel(compiled, S6RC_FDHOLDER, uids, uidn, gids, gidn, 1) ; - { - char fn[62 + S6RC_FDHOLDER_LEN + UID_FMT] = "servicedirs/" S6RC_FDHOLDER "/data/rules/uid/" ; - char fmt[7 + UID_FMT] = "../uid/" ; - size_t i = uid_fmt(fmt + 7, uids[0]) ; - fmt[7 + i] = 0 ; - memcpy(fn + 28 + S6RC_FDHOLDER_LEN, fmt + 7, i + 1) ; - auto_dir(compiled, fn) ; - memcpy(fn + 28 + S6RC_FDHOLDER_LEN + i, "/allow", 7) ; - auto_file(compiled, fn, "", 0) ; - memcpy(fn + 29 + S6RC_FDHOLDER_LEN + i, "env", 4) ; - auto_dir(compiled, fn) ; - memcpy(fn + 32 + S6RC_FDHOLDER_LEN + i, "/S6_FDHOLDER_LIST", 18) ; - auto_file(compiled, fn, "\n", 1) ; - memcpy(fn + 45 + S6RC_FDHOLDER_LEN + i, "STORE_REGEX", 12) ; - auto_file(compiled, fn, "^pipe:s6rc-\n", 12) ; - memcpy(fn + 45 + S6RC_FDHOLDER_LEN + i, "RETRIEVE_REGEX", 15) ; - auto_symlink(compiled, fn, "S6_FDHOLDER_STORE_REGEX") ; - memcpy(fn + 45 + S6RC_FDHOLDER_LEN + i, "SETDUMP", 8) ; - auto_file(compiled, fn, "\n", 1) ; - fn[45 + S6RC_FDHOLDER_LEN + i] = 'G' ; - auto_file(compiled, fn, "\n", 1) ; - - for (i = 1 ; i < uidn ; i++) - { - size_t len = uid_fmt(fn + 28 + S6RC_FDHOLDER_LEN, uids[i]) ; - fn[28 + S6RC_FDHOLDER_LEN + len] = 0 ; - auto_symlink(compiled, fn, fmt + 7) ; - } - fn[24 + S6RC_FDHOLDER_LEN] = 'g' ; - i = gidn ; - while (i--) - { - size_t len = gid_fmt(fn + 28 + S6RC_FDHOLDER_LEN, gids[i]) ; - fn[28 + S6RC_FDHOLDER_LEN + len] = 0 ; - auto_symlink(compiled, fn, fmt) ; - } - } + char fn[61 + S6RC_FDHOLDER_LEN] = "servicedirs/" S6RC_FDHOLDER "/data/rules/uid/0/env" ; + make_skel(compiled, S6RC_FDHOLDER, 1) ; + auto_dir(compiled, fn) ; + memcpy(fn + 33 + S6RC_FDHOLDER_LEN, "/S6_FDHOLDER_LIST", 18) ; + auto_file(compiled, fn, "\n", 1) ; + memcpy(fn + 46 + S6RC_FDHOLDER_LEN, "STORE_REGEX", 12) ; + auto_file(compiled, fn, "^pipe:s6rc-\n", 12) ; + memcpy(fn + 46 + S6RC_FDHOLDER_LEN, "RETRIEVE_REGEX", 15) ; + auto_symlink(compiled, fn, "S6_FDHOLDER_STORE_REGEX") ; + memcpy(fn + 46 + S6RC_FDHOLDER_LEN, "SETDUMP", 8) ; + auto_file(compiled, fn, "\n", 1) ; + fn[46 + S6RC_FDHOLDER_LEN] = 'G' ; + auto_file(compiled, fn, "\n", 1) ; + memcpy(fn + 24 + S6RC_FDHOLDER_LEN, "gid/0/env", 10) ; + auto_symlink(compiled, fn, "../../uid/0/env") ; for (uint32_t j = 0 ; j < db->nlong ; j++) if (db->services[j].x.longrun.nproducers) @@ -1115,10 +1075,10 @@ static inline void write_fdholder (char const *compiled, s6rc_db_t const *db, ui auto_rights(compiled, "servicedirs/" S6RC_FDHOLDER "/run", 0755) ; } -static inline void write_specials (char const *compiled, s6rc_db_t const *db, uid_t const *uids, size_t uidn, gid_t const *gids, size_t gidn, char const *fdhuser, int blocking) +static inline void write_specials (char const *compiled, s6rc_db_t const *db, char const *fdhuser, int blocking) { - write_oneshot_runner(compiled, uids, uidn, gids, gidn, blocking) ; - write_fdholder(compiled, db, uids, uidn, gids, gidn, fdhuser) ; + write_oneshot_runner(compiled, blocking) ; + write_fdholder(compiled, db, fdhuser) ; } static inline void write_resolve (char const *compiled, s6rc_db_t const *db, bundle_t const *bundles, unsigned int nbundles, uint32_t const *bdeps) @@ -1432,10 +1392,6 @@ static inline void write_compiled ( bundle_t const *bundles, unsigned int nbundles, uint32_t const *bdeps, - uid_t const *uids, - size_t uidn, - gid_t const *gids, - size_t gidn, char const *fdhuser, int blocking) { @@ -1445,7 +1401,7 @@ static inline void write_compiled ( write_resolve(compiled, db, bundles, nbundles, bdeps) ; stralloc_free(&data) ; write_db(compiled, db) ; - write_specials(compiled, db, uids, uidn, gids, gidn, fdhuser, blocking) ; + write_specials(compiled, db, fdhuser, blocking) ; write_servicedirs(compiled, db, srcdirs) ; } @@ -1455,9 +1411,6 @@ int main (int argc, char const *const *argv) char const *compiled ; char const *fdhuser = 0 ; int blocking = 0 ; - size_t uidn = 0, gidn = 0 ; - uid_t uids[256] ; - gid_t gids[256] ; PROG = "s6-rc-compile" ; { subgetopt_t l = SUBGETOPT_ZERO ; @@ -1468,8 +1421,6 @@ int main (int argc, char const *const *argv) switch (opt) { case 'v' : if (!uint0_scan(l.arg, &verbosity)) dieusage() ; break ; - case 'u' : if (!uid_scanlist(uids, 255, l.arg, &uidn)) dieusage() ; break ; - case 'g' : if (!gid_scanlist(gids, 255, l.arg, &gidn)) dieusage() ; break ; case 'h' : fdhuser = l.arg ; break ; case 'b' : blocking = 1 ; break ; default : dieusage() ; @@ -1478,7 +1429,6 @@ int main (int argc, char const *const *argv) argc -= l.ind ; argv += l.ind ; } if (argc < 2) dieusage() ; - if (!uidn && !gidn) uids[uidn++] = 0 ; compiled = *argv++ ; before.specialdeps[0] = add_internal_longrun(&before, S6RC_ONESHOT_RUNNER) ; before.specialdeps[1] = add_internal_longrun(&before, S6RC_FDHOLDER) ; @@ -1525,7 +1475,7 @@ int main (int argc, char const *const *argv) uint32_t deps[db.ndeps << 1] ; db.deps = deps ; flatlist_services(&db, sarray) ; - write_compiled(compiled, &db, srcdirs, bundles, nbundles, bdeps, uids, uidn, gids, gidn, fdhuser, blocking) ; + write_compiled(compiled, &db, srcdirs, bundles, nbundles, bdeps, fdhuser, blocking) ; } } |