On 10/12/16 00:19, Christian Hesse wrote: > From: Christian Hesse <[email protected]> > > sd_notify() uses a socket to communicate with systemd. Communication > fails if the socket is not available within the chroot. So bind mount > the socket into the chroot when startet from systemd. > > Unsharing namespace and mounting requires extra capability CAP_SYS_ADMIN.
I will pick up this one after 2.4.0 has been released. This is a very
promising approach. However, I'm not too happy about CAP_SYS_ADMIN
though, that grants quite some privileges. Can we look at dropping this
capability once we know we won't need it any more? Perhaps when we send
READY=1?
> + char * chroot_notify = NULL;
> +
> + if (sd_notify(0, "READY=0") > 0)
> + {
> + asprintf(&chroot_notify, "%s/notify",
> c->options.chroot_dir);
Here we should use the buffer/string functions, based on the gc_arena
implementation. Unfortunately we do not have a direct equivalent to
asprintf(). A starting point would be to for example look at the string
handling in print_sockaddr_ex() [socket.c:2386] or x_msg_va()
[error.c:251] ... there might be better examples too, I'm just not able
to remember them now :) .... buffer.[ch] keeps most of these functions.
The reason for this is basically to use the same well tested
infrastructure. And with gc_arena, only a single gc_free() is required,
regardless of how many buffers you allocate to that arena.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
