David Sommerseth <open...@sf.lists.topphemmelig.net> on Sat, 2016/12/10 01:03:
> On 10/12/16 00:19, Christian Hesse wrote:
> > From: Christian Hesse <m...@eworm.de>
> > 
> > sd_notify() uses a socket to communicate with systemd. Communication
> > fails if the socket is not available within the chroot. So bind mount
> > the socket into the chroot when startet from systemd.
> > 
> > Unsharing namespace and mounting requires extra capability
> > CAP_SYS_ADMIN.  
> 
> I will pick up this one after 2.4.0 has been released.  This is a very
> promising approach.  However, I'm not too happy about CAP_SYS_ADMIN
> though, that grants quite some privileges.  Can we look at dropping this
> capability once we know we won't need it any more?  Perhaps when we send
> READY=1?

Never tried to drop capabilities... Have to look into that.
We do no longer need CAP_SYS_ADMIN after the bind mount. (Or not at all
without chrooting.)

> > +              char * chroot_notify = NULL;
> > +
> > +              if (sd_notify(0, "READY=0") > 0)
> > +                {
> > +                  asprintf(&chroot_notify, "%s/notify",
> > c->options.chroot_dir);  
> 
> Here we should use the buffer/string functions, based on the gc_arena
> implementation.  Unfortunately we do not have a direct equivalent to
> asprintf().  A starting point would be to for example look at the string
> handling in print_sockaddr_ex() [socket.c:2386] or x_msg_va()
> [error.c:251] ... there might be better examples too, I'm just not able
> to remember them now :)  .... buffer.[ch] keeps most of these functions.
> 
> The reason for this is basically to use the same well tested
> infrastructure.  And with gc_arena, only a single gc_free() is required,
> regardless of how many buffers you allocate to that arena.

I do not like this myself. The patch is just a proof of concept... So this
should be polished before committing. ;)

Thanks for the hints, I will have a look.
-- 
main(a){char*c=/*    Schoene Gruesse                         */"B?IJj;MEH"
"CX:;",b;for(a/*    Best regards             my address:    */=0;b=c[a++];)
putchar(b-1/(/*    Chris            cc -ox -xc - && ./x    */b/42*2-3)*42);}

Attachment: pgpdFAvSbXJm8.pgp
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to