On Mon, Feb 25, 2008 at 4:33 AM, Cathy Zhou <Cathy.Zhou at sun.com> wrote: > For people who don't have SWAN access, the webrev can be found in: > > http://cr.opensolaris.org/~yun/webrev_dlmgmtd > > Thanks > - Cathy > > > ---------- Forwarded message ---------- > From: Cathy Zhou <Cathy.Zhou at Sun.COM> > To: clearview at Sun.COM > Date: Mon, 25 Feb 2008 18:25:30 +0800 > Subject: the dlmgmtd fasttrack > Hi, > > Please see the attached fast-track which is needed to fix the bug 6665965. > This fasttrack > also includes the proposal to change the dlmgmtd to be run by "dladm". I > merged these two > changes together as they all need the "/etc/svc/volatile/dlmgmt" directory. > > I am not sure whether this fasttrack is too much a change to be filed as a > self-reviewed case. > > The webrev is here: > > /net/aquila.prc/export/home/cathy/6665965/webrev_0225/index.html > > I am having some trouble to submit the webrev on cr.opensolaris.org, once > that is done, I > can send this mail to clearview-discuss. > > Thanks > - Cathy > > 1 Introduction > ============== > > This case proposes two changes related to the dlmgmtd daemon: > > 1) Change the dlmgmtd daemon to be run by the "dladm" user, and no extra > privileges are required. > > 2) Change the dlmgmtd door file from /etc/.dlmgmt_door to > /etc/svc/volatile/dlmgmt/dlmgmt_door. Remove the /etc/.dlmgmt_door > file from the SUNWcsr package.
Would /var/run be a better location for the door file? On my system, I see several in there (rpc_door, syslog_door, picld_door, name_service_door, kcfd_door, and I believe wpad also creates them there), so there seems to be at least some precedent for using that location (though I don't know if there's an actual policy or not). > > 2. Details > ========== > > - Privileges for dlmgmtd > > As part of PSARC/2008/002, we already limit privileges of the dlmgmtd > daemon to be only "file_dac_write, file_chown_self, sys_mount, and > sys_net_config", but since dlmgmtd is still run by uid 0, it is > still vulnerable as it still the unnecessary privileges (e.g., read > access to all root owned files). > > We propose to change the dlmgmtd daemon to be run by the "dladm" user. > Note that the "dladm" user already exists and owns the files under > /etc/dladm. The dlmgmtd daemon needs to access the files under > /etc/dladm, so it is nature to run dlmgmtd by "dladm". > > A /etc/svc/volatile/dlmgmt directory will be created and will be owned > by "dladm". This directory will be used to hold the temporary datalink > configuration files and the dlmgmtd door file (discussed below). > > > - Door file for dlmgmtd > > As part of PSARC/2006/299, we proposed the dlmgmtd daemon to communicate > with datalink management interfaces consumers using a door located in > /etc (/etc/.dlmgmt_door). Because the dlmgmtd daemon is started very > early at boot, we choose to make the /etc/.dlmgmt_door file as part of > the SUNWcsr package, to avoid creating the door file before the root > FS becomes writable. > > Several issues are found related to the above implementation though: > > 1) Missing /etc/.dlmgmt_door file after flashinstall > > In the case of flashinstall, the flarcreate's "fdo" command excludes > all the door files because "archiver (cpio/pax) unable to archive > DOOR and SOCKET files, and it gives error". As a result, the > /etc/.dlmgmt_door file is excluded by flarcreate and hence will not > exist on the system after flashinstall. This causes the failure of > the network/datalink-management service (which starts dlmgmtd) and > an unusable system. > > 2) After system is booted, "pkgchk -n SUNWcsr" reports error > > Because a file is never packaged as a door, the /etc/.dlmgmt_door > file is packaged as part of SUNWcsr (file type 'f'), and only becomes > a door by dlmgmtd calls fattach() on it at runtime. But this causes > pkgchk to report an error: > > # pkgchk -n SUNWcsr > ERROR: /etc/.dlmgmt_door > file type <f> expected <D> actual > > To resolve the above two issues, we propose to change the dlmgmtd door > file from /etc/.dlmgmt_door to /etc/svc/volatile/dlmgmt/dlmgmt_door. > Because /etc/svc/volatile is mounted as tmpfs, there is no problem to > create the door file early at boot, and the /etc/.dlmgmt_door file > is no longer needed. > > > _________________________________ > clearview-discuss mailing list > clearview-discuss at opensolaris.org > >
