From 8c22e88befbd6ce76acdc9371683dca43425235e Mon Sep 17 00:00:00 2001
From: Laurent Bercot
Date: Mon, 4 Feb 2019 20:20:54 +0000
Subject: Scrap s6-rc-compile -u/-g, implement uid/self instead. Prepare for
0.5.0.0
---
NEWS | 4 +-
doc/index.html | 2 +-
doc/s6-rc-compile.html | 32 ++----------
doc/s6-rc.html | 9 ++--
doc/upgrade.html | 5 +-
package/info | 2 +-
src/s6-rc/s6-rc-compile.c | 126 ++++++++++++++--------------------------------
7 files changed, 58 insertions(+), 122 deletions(-)
diff --git a/NEWS b/NEWS
index 88b559d..84759a1 100644
--- a/NEWS
+++ b/NEWS
@@ -1,10 +1,12 @@
Changelog for s6-rc.
-In 0.4.1.1
+In 0.5.0.0
----------
- Adaptation to skalibs-2.8.0.0 and s6-2.8.0.0
- Bugfixes.
+ - s6-rc-compile doesn't support -u and -g anymore; the user who
+can run s6-rc on a database is the user who owns the supervision tree.
In 0.4.1.0
diff --git a/doc/index.html b/doc/index.html
index 625121f..07f35f9 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -66,7 +66,7 @@ scripts are also run in a controlled environment.
-
- If the -u or -g option is used, then 0
-must be explicitly listed in uids in order to allow root
-to operate the database. If neither option is used, then root
-(and only root) is implicitly allowed.
-
-
-
- It is important to only use the -u or -g
-options when the user owning the supervision tree is not root. The
-internal s6-rc mechanisms allow uids and gids specified by those
-options to run any oneshot in the compiled service database as the
-user owning the supervision tree;
-if that user is root, this becomes an avenue for unwanted
-privilege gain. Only specify users that have the right to operate
-the supervision tree!
-
-
Source format
@@ -408,6 +382,10 @@ following an invocation of s6-rc-init or
and it must not be deleted. The only way to "free" such a compiled database
for displacement or deletion is to replace it as the live one via another
call to s6-rc-update.
+
No matter what user compiles the database, only root and the
+user owning the supervision tree at run-time will be able
+to operate the compiled database with the s6-rc
+command.
diff --git a/doc/s6-rc.html b/doc/s6-rc.html
index 8aa530c..85a223e 100644
--- a/doc/s6-rc.html
+++ b/doc/s6-rc.html
@@ -35,9 +35,12 @@ should be achieved by a single s6-rc change invocation.
- Except in test installations with specifically made compiled
-databases and live directories, s6-rc should only be run as root -
-especially when asking for a state change.
+ s6-rc should only be run by the user owning the underlying
+s6 supervision tree. It can
+also be run by root even if the supervision tree is not owned
+by root, but in this case the services will always be started and
+stopped by the user owning the supervision tree - they will not have
+root privileges.
Interface
diff --git a/doc/upgrade.html b/doc/upgrade.html
index d186ffc..5fc4cee 100644
--- a/doc/upgrade.html
+++ b/doc/upgrade.html
@@ -30,7 +30,7 @@ minor and bugfix version changes.
What has changed in s6-rc
- in 0.4.1.1
+ in 0.5.0.0
- skalibs
@@ -39,6 +39,9 @@ dependency bumped to 2.8.0.0.
dependency bumped to 2.5.0.2.
- s6
dependency bumped to 2.8.0.0.
+ - s6-rc-compile does not support the -u
+or -g options anymore; instead, at any time, the user who can operate
+a s6-rc database is the user who owns the supervision tree.
in 0.4.1.0
diff --git a/package/info b/package/info
index 93c0300..fc972e1 100644
--- a/package/info
+++ b/package/info
@@ -1,4 +1,4 @@
package=s6-rc
-version=0.4.1.1
+version=0.5.0.0
category=admin
package_macro_name=S6RC
diff --git a/src/s6-rc/s6-rc-compile.c b/src/s6-rc/s6-rc-compile.c
index a017fd1..ef6a040 100644
--- a/src/s6-rc/s6-rc-compile.c
+++ b/src/s6-rc/s6-rc-compile.c
@@ -27,7 +27,7 @@
#include
#include
-#define USAGE "s6-rc-compile [ -v verbosity ] [ -u okuid,okuid... ] [ -g okgid,okgid... ] [ -h fdholder_user ] [ -b ] destdir sources..."
+#define USAGE "s6-rc-compile [ -v verbosity ] [ -h fdholder_user ] [ -b ] destdir sources..."
#define dieusage() strerr_dieusage(100, USAGE)
#define dienomem() strerr_dief1x(111, "out of memory") ;
@@ -968,13 +968,13 @@ static inline void write_sizes (char const *compiled, s6rc_db_t const *db)
auto_file(compiled, "n", pack, 24) ;
}
-static void make_skel (char const *compiled, char const *name, uid_t const *uids, size_t uidn, gid_t const *gids, size_t gidn, unsigned int notif)
+static void make_skel (char const *compiled, char const *name, unsigned int notif)
{
size_t namelen = strlen(name) ;
char fmt[UINT_FMT] ;
size_t i = uint_fmt(fmt, notif) ;
fmt[i++] = '\n' ;
- char fn[namelen + 29] ;
+ char fn[namelen + 36] ;
memcpy(fn, "servicedirs/", 12) ;
memcpy(fn + 12, name, namelen + 1) ;
auto_dir(compiled, fn) ;
@@ -984,43 +984,26 @@ static void make_skel (char const *compiled, char const *name, uid_t const *uids
auto_dir(compiled, fn) ;
memcpy(fn + 17 + namelen, "/rules", 7) ;
auto_dir(compiled, fn) ;
- if (gidn)
- {
- memcpy(fn + 23 + namelen, "/gid", 5) ;
- auto_dir(compiled, fn) ;
- }
+ memcpy(fn + 23 + namelen, "/gid", 5) ;
+ auto_dir(compiled, fn) ;
+ memcpy(fn + 27 + namelen, "/0", 3) ;
+ auto_dir(compiled, fn) ;
+ memcpy(fn + 29 + namelen, "/allow", 7) ;
+ auto_file(compiled, fn, "", 0) ;
memcpy(fn + 23 + namelen, "/uid", 5) ;
auto_dir(compiled, fn) ;
+ memcpy(fn + 27 + namelen, "/0", 3) ;
+ auto_dir(compiled, fn) ;
+ memcpy(fn + 29 + namelen, "/allow", 7) ;
+ auto_file(compiled, fn, "", 0) ;
+ memcpy(fn + 27 + namelen, "/self", 6) ;
+ auto_symlink(compiled, fn, "0") ;
}
-static inline void write_oneshot_runner (char const *compiled, uid_t const *uids, size_t uidn, gid_t const *gids, size_t gidn, int blocking)
+static inline void write_oneshot_runner (char const *compiled, int blocking)
{
size_t base = satmp.len ;
- size_t i ;
- char fn[35 + sizeof(S6RC_ONESHOT_RUNNER)] = "servicedirs/" S6RC_ONESHOT_RUNNER "/data/rules/gid/" ;
- make_skel(compiled, S6RC_ONESHOT_RUNNER, uids, uidn, gids, gidn, 3) ;
- if (gidn)
- {
- i = gidn ;
- while (i--)
- {
- size_t len = gid_fmt(fn + 28 + S6RC_ONESHOT_RUNNER_LEN, gids[i]) ;
- fn[28 + S6RC_ONESHOT_RUNNER_LEN + len] = 0 ;
- auto_dir(compiled, fn) ;
- memcpy(fn + 28 + S6RC_ONESHOT_RUNNER_LEN + len, "/allow", 7) ;
- auto_file(compiled, fn, "", 0) ;
- }
- }
- fn[24 + S6RC_ONESHOT_RUNNER_LEN] = 'u' ;
- i = uidn ;
- while (i--)
- {
- size_t len = uid_fmt(fn + 28 + S6RC_ONESHOT_RUNNER_LEN, uids[i]) ;
- fn[28 + S6RC_ONESHOT_RUNNER_LEN + len] = 0 ;
- auto_dir(compiled, fn) ;
- memcpy(fn + 28 + S6RC_ONESHOT_RUNNER_LEN + len, "/allow", 7) ;
- auto_file(compiled, fn, "", 0) ;
- }
+ make_skel(compiled, S6RC_ONESHOT_RUNNER, 3) ;
if (!stralloc_cats(&satmp, "#!"
EXECLINE_SHEBANGPREFIX "execlineb -P\n"
EXECLINE_EXTBINPREFIX "fdmove -c 2 1\n"
@@ -1037,47 +1020,24 @@ static inline void write_oneshot_runner (char const *compiled, uid_t const *uids
auto_rights(compiled, "servicedirs/" S6RC_ONESHOT_RUNNER "/run", 0755) ;
}
-static inline void write_fdholder (char const *compiled, s6rc_db_t const *db, uid_t const *uids, size_t uidn, gid_t const *gids, size_t gidn, char const *fdhuser)
+static inline void write_fdholder (char const *compiled, s6rc_db_t const *db, char const *fdhuser)
{
size_t base = satmp.len ;
- make_skel(compiled, S6RC_FDHOLDER, uids, uidn, gids, gidn, 1) ;
- {
- char fn[62 + S6RC_FDHOLDER_LEN + UID_FMT] = "servicedirs/" S6RC_FDHOLDER "/data/rules/uid/" ;
- char fmt[7 + UID_FMT] = "../uid/" ;
- size_t i = uid_fmt(fmt + 7, uids[0]) ;
- fmt[7 + i] = 0 ;
- memcpy(fn + 28 + S6RC_FDHOLDER_LEN, fmt + 7, i + 1) ;
- auto_dir(compiled, fn) ;
- memcpy(fn + 28 + S6RC_FDHOLDER_LEN + i, "/allow", 7) ;
- auto_file(compiled, fn, "", 0) ;
- memcpy(fn + 29 + S6RC_FDHOLDER_LEN + i, "env", 4) ;
- auto_dir(compiled, fn) ;
- memcpy(fn + 32 + S6RC_FDHOLDER_LEN + i, "/S6_FDHOLDER_LIST", 18) ;
- auto_file(compiled, fn, "\n", 1) ;
- memcpy(fn + 45 + S6RC_FDHOLDER_LEN + i, "STORE_REGEX", 12) ;
- auto_file(compiled, fn, "^pipe:s6rc-\n", 12) ;
- memcpy(fn + 45 + S6RC_FDHOLDER_LEN + i, "RETRIEVE_REGEX", 15) ;
- auto_symlink(compiled, fn, "S6_FDHOLDER_STORE_REGEX") ;
- memcpy(fn + 45 + S6RC_FDHOLDER_LEN + i, "SETDUMP", 8) ;
- auto_file(compiled, fn, "\n", 1) ;
- fn[45 + S6RC_FDHOLDER_LEN + i] = 'G' ;
- auto_file(compiled, fn, "\n", 1) ;
-
- for (i = 1 ; i < uidn ; i++)
- {
- size_t len = uid_fmt(fn + 28 + S6RC_FDHOLDER_LEN, uids[i]) ;
- fn[28 + S6RC_FDHOLDER_LEN + len] = 0 ;
- auto_symlink(compiled, fn, fmt + 7) ;
- }
- fn[24 + S6RC_FDHOLDER_LEN] = 'g' ;
- i = gidn ;
- while (i--)
- {
- size_t len = gid_fmt(fn + 28 + S6RC_FDHOLDER_LEN, gids[i]) ;
- fn[28 + S6RC_FDHOLDER_LEN + len] = 0 ;
- auto_symlink(compiled, fn, fmt) ;
- }
- }
+ char fn[61 + S6RC_FDHOLDER_LEN] = "servicedirs/" S6RC_FDHOLDER "/data/rules/uid/0/env" ;
+ make_skel(compiled, S6RC_FDHOLDER, 1) ;
+ auto_dir(compiled, fn) ;
+ memcpy(fn + 33 + S6RC_FDHOLDER_LEN, "/S6_FDHOLDER_LIST", 18) ;
+ auto_file(compiled, fn, "\n", 1) ;
+ memcpy(fn + 46 + S6RC_FDHOLDER_LEN, "STORE_REGEX", 12) ;
+ auto_file(compiled, fn, "^pipe:s6rc-\n", 12) ;
+ memcpy(fn + 46 + S6RC_FDHOLDER_LEN, "RETRIEVE_REGEX", 15) ;
+ auto_symlink(compiled, fn, "S6_FDHOLDER_STORE_REGEX") ;
+ memcpy(fn + 46 + S6RC_FDHOLDER_LEN, "SETDUMP", 8) ;
+ auto_file(compiled, fn, "\n", 1) ;
+ fn[46 + S6RC_FDHOLDER_LEN] = 'G' ;
+ auto_file(compiled, fn, "\n", 1) ;
+ memcpy(fn + 24 + S6RC_FDHOLDER_LEN, "gid/0/env", 10) ;
+ auto_symlink(compiled, fn, "../../uid/0/env") ;
for (uint32_t j = 0 ; j < db->nlong ; j++)
if (db->services[j].x.longrun.nproducers)
@@ -1115,10 +1075,10 @@ static inline void write_fdholder (char const *compiled, s6rc_db_t const *db, ui
auto_rights(compiled, "servicedirs/" S6RC_FDHOLDER "/run", 0755) ;
}
-static inline void write_specials (char const *compiled, s6rc_db_t const *db, uid_t const *uids, size_t uidn, gid_t const *gids, size_t gidn, char const *fdhuser, int blocking)
+static inline void write_specials (char const *compiled, s6rc_db_t const *db, char const *fdhuser, int blocking)
{
- write_oneshot_runner(compiled, uids, uidn, gids, gidn, blocking) ;
- write_fdholder(compiled, db, uids, uidn, gids, gidn, fdhuser) ;
+ write_oneshot_runner(compiled, blocking) ;
+ write_fdholder(compiled, db, fdhuser) ;
}
static inline void write_resolve (char const *compiled, s6rc_db_t const *db, bundle_t const *bundles, unsigned int nbundles, uint32_t const *bdeps)
@@ -1432,10 +1392,6 @@ static inline void write_compiled (
bundle_t const *bundles,
unsigned int nbundles,
uint32_t const *bdeps,
- uid_t const *uids,
- size_t uidn,
- gid_t const *gids,
- size_t gidn,
char const *fdhuser,
int blocking)
{
@@ -1445,7 +1401,7 @@ static inline void write_compiled (
write_resolve(compiled, db, bundles, nbundles, bdeps) ;
stralloc_free(&data) ;
write_db(compiled, db) ;
- write_specials(compiled, db, uids, uidn, gids, gidn, fdhuser, blocking) ;
+ write_specials(compiled, db, fdhuser, blocking) ;
write_servicedirs(compiled, db, srcdirs) ;
}
@@ -1455,9 +1411,6 @@ int main (int argc, char const *const *argv)
char const *compiled ;
char const *fdhuser = 0 ;
int blocking = 0 ;
- size_t uidn = 0, gidn = 0 ;
- uid_t uids[256] ;
- gid_t gids[256] ;
PROG = "s6-rc-compile" ;
{
subgetopt_t l = SUBGETOPT_ZERO ;
@@ -1468,8 +1421,6 @@ int main (int argc, char const *const *argv)
switch (opt)
{
case 'v' : if (!uint0_scan(l.arg, &verbosity)) dieusage() ; break ;
- case 'u' : if (!uid_scanlist(uids, 255, l.arg, &uidn)) dieusage() ; break ;
- case 'g' : if (!gid_scanlist(gids, 255, l.arg, &gidn)) dieusage() ; break ;
case 'h' : fdhuser = l.arg ; break ;
case 'b' : blocking = 1 ; break ;
default : dieusage() ;
@@ -1478,7 +1429,6 @@ int main (int argc, char const *const *argv)
argc -= l.ind ; argv += l.ind ;
}
if (argc < 2) dieusage() ;
- if (!uidn && !gidn) uids[uidn++] = 0 ;
compiled = *argv++ ;
before.specialdeps[0] = add_internal_longrun(&before, S6RC_ONESHOT_RUNNER) ;
before.specialdeps[1] = add_internal_longrun(&before, S6RC_FDHOLDER) ;
@@ -1525,7 +1475,7 @@ int main (int argc, char const *const *argv)
uint32_t deps[db.ndeps << 1] ;
db.deps = deps ;
flatlist_services(&db, sarray) ;
- write_compiled(compiled, &db, srcdirs, bundles, nbundles, bdeps, uids, uidn, gids, gidn, fdhuser, blocking) ;
+ write_compiled(compiled, &db, srcdirs, bundles, nbundles, bdeps, fdhuser, blocking) ;
}
}
--
cgit v1.2.3