Module: xenomai-3
Branch: next
Commit: ba8557dd918b464a4cba94b10f4085fde6d02933
URL:    
http://git.xenomai.org/?p=xenomai-3.git;a=commit;h=ba8557dd918b464a4cba94b10f4085fde6d02933

Author: Jan Kiszka <jan.kis...@siemens.com>
Date:   Wed Jan  7 17:42:34 2015 +0100

copperplate/registry: Make inter-user sharing configurable

There are two scenarios to consider when it comes to sharing registry
mounts: either Xenomai applications only run as root or a group was
given the rights to run such applications as well. In the former, case
there is no need to expose registry data to non-root users. The latter
case still requires more work and is currently not supported /wrt the
registry.

To prepare controlled sharing of registry mounts, make them
configurable. This is done by new command line options:
--shared-registry as base option for Xenomai programs and --shared for
sysregd. By default, sharing is off in order to avoid unwanted and
needless information disclosure about application internals to
unprivileged users.

Note that unprivileged users will require fuse to be configured in a way
that permits mounts shared with other users. This is off by default in
common distributions.

Signed-off-by: Jan Kiszka <jan.kis...@siemens.com>

---

 doc/asciidoc/README.APPLICATIONS.adoc |    7 +++++++
 include/copperplate/registry.h        |    4 ++--
 lib/copperplate/init.c                |   35 ++++++++++++++++++++++-----------
 lib/copperplate/internal.h            |    3 ++-
 lib/copperplate/regd/regd.c           |   13 +++++++++++-
 lib/copperplate/registry.c            |   14 ++++++++-----
 6 files changed, 55 insertions(+), 21 deletions(-)

diff --git a/doc/asciidoc/README.APPLICATIONS.adoc 
b/doc/asciidoc/README.APPLICATIONS.adoc
index 4474a04..c0b4b98 100644
--- a/doc/asciidoc/README.APPLICATIONS.adoc
+++ b/doc/asciidoc/README.APPLICATIONS.adoc
@@ -75,6 +75,13 @@ link:installing-xenomai-3-x[configuration switch]).
        instead of +/mnt/xenomai+ by default (see the
        +--enable-registry+ switch from the configuration options).
 
+*--shared-registry*::
+
+       Exports the registry of the process to other users. If access
+       is possible, also depends on permissions of the registry path.
+       By default, the registry is only accessible for the user that
+       started the Xenomai process.
+
 *--no-registry*::
 
        This switch disables registry support at runtime. No real-time
diff --git a/include/copperplate/registry.h b/include/copperplate/registry.h
index 0cba3d5..903db4a 100644
--- a/include/copperplate/registry.h
+++ b/include/copperplate/registry.h
@@ -76,7 +76,7 @@ void registry_destroy_file(struct fsobj *fsobj);
 
 void registry_touch_file(struct fsobj *fsobj);
 
-int __registry_pkg_init(const char *arg0, char *mountpt);
+int __registry_pkg_init(const char *arg0, char *mountpt, int shared_registry);
 
 int registry_pkg_init(const char *arg0);
 
@@ -126,7 +126,7 @@ void registry_touch_file(struct fsobj *fsobj)
 }
 
 static inline
-int __registry_pkg_init(const char *arg0, char *mountpt)
+int __registry_pkg_init(const char *arg0, char *mountpt, int shared_registry)
 {
        return 0;
 }
diff --git a/lib/copperplate/init.c b/lib/copperplate/init.c
index 856863e..6b96501 100644
--- a/lib/copperplate/init.c
+++ b/lib/copperplate/init.c
@@ -48,6 +48,7 @@ struct coppernode __node_info = {
 #ifdef CONFIG_XENO_REGISTRY
        .session_label = DEFAULT_REGISTRY_SESSION,
        .registry_root = DEFAULT_REGISTRY_ROOT,
+       .shared_registry = 0,
 #endif
 };
 
@@ -89,63 +90,70 @@ static const struct option base_options[] = {
                .val = 0
        },
        {
-#define no_registry_opt        4
+#define shared_registry_opt    4
+               .name = "shared-registry",
+               .has_arg = 0,
+               .flag = &__node_info.shared_registry,
+               .val = 1
+       },
+       {
+#define no_registry_opt        5
                .name = "no-registry",
                .has_arg = 0,
                .flag = &__node_info.no_registry,
                .val = 1
        },
        {
-#define session_opt    5
+#define session_opt    6
                .name = "session",
                .has_arg = 1,
                .flag = NULL,
                .val = 0
        },
        {
-#define reset_session_opt      6
+#define reset_session_opt      7
                .name = "reset-session",
                .has_arg = 0,
                .flag = &__node_info.reset_session,
                .val = 1
        },
        {
-#define affinity_opt   7
+#define affinity_opt   8
                .name = "cpu-affinity",
                .has_arg = 1,
                .flag = NULL,
                .val = 0
        },
        {
-#define silent_opt     8
+#define silent_opt     9
                .name = "silent",
                .has_arg = 0,
                .flag = &__node_info.silent_mode,
                .val = 1
        },
        {
-#define version_opt    9
+#define version_opt    10
                .name = "version",
                .has_arg = 0,
                .flag = NULL,
                .val = 0
        },
        {
-#define dumpconfig_opt 10
+#define dumpconfig_opt 11
                .name = "dump-config",
                .has_arg = 0,
                .flag = NULL,
                .val = 0
        },
        {
-#define no_sanity_opt  11
+#define no_sanity_opt  12
                .name = "no-sanity",
                .has_arg = 0,
                .flag = &__node_info.no_sanity,
                .val = 1
        },
        {
-#define sanity_opt     12
+#define sanity_opt     13
                .name = "sanity",
                .has_arg = 0,
                .flag = &__node_info.no_sanity,
@@ -179,9 +187,10 @@ static void usage(void)
 
        print_version();
         fprintf(stderr, "usage: program <options>, where options may be:\n");
-       fprintf(stderr, "--mem-pool-size=<sizeK>          size of the main heap 
(kbytes)\n");
+        fprintf(stderr, "--mem-pool-size=<sizeK>          size of the main 
heap (kbytes)\n");
         fprintf(stderr, "--no-mlock                       do not lock memory 
at init (Mercury only)\n");
         fprintf(stderr, "--registry-root=<path>           root path of 
registry\n");
+        fprintf(stderr, "--shared-registry                registry shared 
between different users\n");
         fprintf(stderr, "--no-registry                    suppress object 
registration\n");
         fprintf(stderr, "--session=<label>                label of shared 
multi-processing session\n");
         fprintf(stderr, "--reset                          remove any older 
session\n");
@@ -386,6 +395,7 @@ static int parse_base_options(int *argcp, char *const 
**argvp,
                        break;
                case no_mlock_opt:
                case no_sanity_opt:
+               case shared_registry_opt:
                case no_registry_opt:
                case reset_session_opt:
                case sanity_opt:
@@ -477,7 +487,8 @@ static int parse_skin_options(int *argcp, int largc, char 
**uargv,
  * code only, such as sysregd. No code traversed should depend on
  * __node_info.
  */
-void copperplate_bootstrap_minimal(const char *arg0, char *mountpt)
+void copperplate_bootstrap_minimal(const char *arg0, char *mountpt,
+                                  int shared_registry)
 {
        int ret;
 
@@ -497,7 +508,7 @@ void copperplate_bootstrap_minimal(const char *arg0, char 
*mountpt)
                goto fail;
        }
 
-       ret = __registry_pkg_init(arg0, mountpt);
+       ret = __registry_pkg_init(arg0, mountpt, shared_registry);
        if (ret)
                goto fail;
 
diff --git a/lib/copperplate/internal.h b/lib/copperplate/internal.h
index 119e129..7d048dc 100644
--- a/lib/copperplate/internal.h
+++ b/lib/copperplate/internal.h
@@ -39,6 +39,7 @@ struct coppernode {
        unsigned int mem_pool;
        const char *session_label;
        const char *registry_root;
+       int shared_registry;
        cpu_set_t cpu_affinity;
        int no_mlock;
        int no_registry;
@@ -111,7 +112,7 @@ int copperplate_renice_local_thread(pthread_t ptid, int 
policy,
                                    const struct sched_param_ex *param_ex);
 
 void copperplate_bootstrap_minimal(const char *arg0,
-                                  char *mountpt);
+                                  char *mountpt, int shared_registry);
 
 #ifdef __cplusplus
 }
diff --git a/lib/copperplate/regd/regd.c b/lib/copperplate/regd/regd.c
index e519661..637bd30 100644
--- a/lib/copperplate/regd/regd.c
+++ b/lib/copperplate/regd/regd.c
@@ -60,6 +60,8 @@ static int daemonize;
 
 static int linger;
 
+static int shared;
+
 struct client {
        char *mountpt;
        int sockfd;
@@ -71,6 +73,7 @@ static DEFINE_PRIVATE_LIST(client_list);
 static void usage(void)
 {
        fprintf(stderr, "usage: regd [--root=<dir>]   set registry root 
directory\n");
+       fprintf(stderr, "            [--shared]       share registry between 
different users\n");
        fprintf(stderr, "            [--daemonize]    run in the background\n");
        fprintf(stderr, "            [--linger]       disable timed exit on 
idleness\n");
 }
@@ -103,6 +106,13 @@ static const struct option options[] = {
                .val = 1,
        },
        {
+#define shared_opt     4
+               .name = "shared",
+               .has_arg = 0,
+               .flag = &shared,
+               .val = 1,
+       },
+       {
                .name = NULL,
        },
 };
@@ -365,7 +375,7 @@ static void create_system_fs(const char *arg0, const char 
*rootdir)
        __node_info.session_label = session;
        __node_info.registry_root = rootdir;
        sysroot = mountpt;
-       copperplate_bootstrap_minimal(arg0, mountpt);
+       copperplate_bootstrap_minimal(arg0, mountpt, shared);
 
        note("mounted system fs at %s", mountpt);
 
@@ -403,6 +413,7 @@ int main(int argc, char *const *argv)
                        return 0;
                case daemonize_opt:
                case linger_opt:
+               case shared_opt:
                        break;
                case root_opt:
                        rootdir = optarg;
diff --git a/lib/copperplate/registry.c b/lib/copperplate/registry.c
index 225c1bb..87cfd92 100644
--- a/lib/copperplate/registry.c
+++ b/lib/copperplate/registry.c
@@ -60,6 +60,7 @@ static pthread_t regfs_thid;
 struct regfs_data {
        const char *arg0;
        char *mountpt;
+       int shared;
        sem_t sync;
        int status;
        pthread_mutex_t lock;
@@ -579,7 +580,8 @@ static void *registry_thread(void *arg)
        av[2] = "-f";
        av[3] = p->mountpt;
        av[4] = "-o";
-       av[5] = "allow_other,default_permissions";
+       av[5] = p->shared ? "default_permissions,allow_other"
+                         : "default_permissions";
        av[6] = NULL;
 
        /*
@@ -641,8 +643,8 @@ static int spawn_daemon(const char *sessdir)
        pid = vfork();
        switch (pid) {
        case 0:
-               execlp(exec_path, "sysregd", "--daemon",
-                      "--root", sessdir, NULL);
+               execlp(exec_path, "sysregd", "--daemon", "--root", sessdir,
+                      __node_info.shared_registry ? "--shared" : "", NULL);
                _exit(1);
        case -1:
                sa.sa_handler = SIG_DFL;
@@ -719,7 +721,7 @@ static void pkg_cleanup(void)
        registry_pkg_destroy();
 }
 
-int __registry_pkg_init(const char *arg0, char *mountpt)
+int __registry_pkg_init(const char *arg0, char *mountpt, int shared_registry)
 {
        struct regfs_data *p = regfs_get_context();
        pthread_mutexattr_t mattr;
@@ -751,6 +753,7 @@ int __registry_pkg_init(const char *arg0, char *mountpt)
        pthread_attr_setscope(&thattr, PTHREAD_SCOPE_PROCESS);
        p->arg0 = arg0;
        p->mountpt = mountpt;
+       p->shared = shared_registry;
        p->status = -EINVAL;
        __STD(sem_init(&p->sync, 0, 0));
 
@@ -797,7 +800,8 @@ int registry_pkg_init(const char *arg0)
        if (ret)
                return ret;
 
-       return __bt(__registry_pkg_init(arg0, mountpt));
+       return __bt(__registry_pkg_init(arg0, mountpt,
+                                       __node_info.shared_registry));
 }
 
 void registry_pkg_destroy(void)


_______________________________________________
Xenomai-git mailing list
Xenomai-git@xenomai.org
http://www.xenomai.org/mailman/listinfo/xenomai-git

Reply via email to