On Tue, Jan 27, 2009 at 8:03 PM, Jeffrey Hutzelman <jhutz at cmu.edu> wrote:
> Oh, yes, you could do that -- combine the previously-discussed workarounds
> in a safe way, so that local-zones see an atomically-updated copy of the
> passwd and shadow files, but don't get to see the complete contents of /etc.
> Of course, this still requires something in the global zone to periodically
> copy the real passwd and shadow files to the locations visible to the local
> zones, but that's not a major difficulty.
The last time I looked, all of the official mechanisms that modified
/etc/passwd or /etc/shadow did so in a temporary file then called
rename(2) to get the new file in place. A dtrace script could be
written that does something like the following.
/* not tested, and I only write dtrace scripts once in a while */
/* :::entry predicates should verify that it is the global zone */
/* establish interest. Enhance or repeat this for shadow(4) and renameat(2) */
syscall::rename:entry
/ copyinstr(arg1) == "/etc/passwd" /
{
self->file = "passwd"
}
/* Success. Call the propogate script and free up the self->file ref */
syscall::rename:return, syscall:renameat:return
/ self->file && arg0 == 0 /
{
system("/.../propogate %s", self->file);
self->file = 0;
}
/* Failed. Free up self->file ref */
syscall::rename:return, syscall::renameat:return
/ self->file && arg0 != 0 /
{
self->file = 0;
}
--
Mike Gerdts
http://mgerdts.blogspot.com/
