David Powell wrote: > Roland Mainz wrote: > >> David Powell wrote: >> >>> Instead of elaborate counting logic to limit the number of >>> iterations of your while loops, just use 'for i in `seq 1 3`; >>> do...'. >>> >> "seq" comes from the "SUNWgnu-coreutils" and requires a package >> dependicy in this case. >> > > Good point; seq may not be the greatest idea after all. > > >>> ipf_get_lock is racy. A simpler and more robust lock file can be >>> created by creating a lockfile.$newpid that contains $newpid and >>> attempting to ln $IPF_LOCK to your lockfile. >>> >> Erm... AFAIK the only portable way (portable across all types of >> filesystems, including NFS and DFS) is to use the atomic nature of >> "mkdir", e.g. use "mkdir" to create the lock and "rmdir" to release it, >> if "mkdir" fails then spin at this lock in incremetally larger time >> intervals (e.g 0.1, 0.2, 0.4, 0.8, 1.6 seconds etc.). >> > > In this case it only ever needs to work on tmpfs. >
The filesystem makes no difference. Whether or not the permissions on the owning directory are 777 or not changes whether or not it is a serious security problem. But I think there are other problems with this file... If we consider that all SMF instances can have multiple instances then all of the configuration file settings in this script need to be changable because it is highly unlikely that the non-default instances will want to use the same configuration files or the same lock file path name. To answer that concern, it might be appropriate for ipf_include.sh to attempt to get all of the configuration filenames from service properties and if they don't exist (or are NULL) then apply a default name... that may also require an update of the PSARC case to document new private properties...*may* In process_server_svc, an assumption is made that all uses of inetd as a restarter will be with the default inetd FMRI. I'm not sure that this is good logic. In http://cr.opensolaris.org/~tonyn/firewallDec112008/'s version of this file, RPCBINDFMRI is defined but not used? I suspect that instead of doing: if [ "$1" = "$IPF_FMRI" ] ; then you want to be doing something like: if [ $1 matches $IPF_FMRI's basename ] ; then Darren
