On 10/12/16 00:19, Christian Hesse wrote:
> From: Christian Hesse <m...@eworm.de>
> sd_notify() uses a socket to communicate with systemd. Communication
> fails if the socket is not available within the chroot. So bind mount
> the socket into the chroot when startet from systemd.
> Unsharing namespace and mounting requires extra capability CAP_SYS_ADMIN.

I will pick up this one after 2.4.0 has been released.  This is a very
promising approach.  However, I'm not too happy about CAP_SYS_ADMIN
though, that grants quite some privileges.  Can we look at dropping this
capability once we know we won't need it any more?  Perhaps when we send

> +              char * chroot_notify = NULL;
> +
> +              if (sd_notify(0, "READY=0") > 0)
> +                {
> +                  asprintf(&chroot_notify, "%s/notify", 
> c->options.chroot_dir);

Here we should use the buffer/string functions, based on the gc_arena
implementation.  Unfortunately we do not have a direct equivalent to
asprintf().  A starting point would be to for example look at the string
handling in print_sockaddr_ex() [socket.c:2386] or x_msg_va()
[error.c:251] ... there might be better examples too, I'm just not able
to remember them now :)  .... buffer.[ch] keeps most of these functions.

The reason for this is basically to use the same well tested
infrastructure.  And with gc_arena, only a single gc_free() is required,
regardless of how many buffers you allocate to that arena.

kind regards,

David Sommerseth
OpenVPN Technologies, Inc

Attachment: signature.asc
Description: OpenPGP digital signature

Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
Openvpn-devel mailing list

Reply via email to