Module: xenomai-jki
Branch: for-forge
Commit: fe7f4535c02a34a33121eaad43c1924ac2ce68c1
URL:
http://git.xenomai.org/?p=xenomai-jki.git;a=commit;h=fe7f4535c02a34a33121eaad43c1924ac2ce68c1
Author: Jan Kiszka <jan.kis...@siemens.com>
Date: Wed Jan 7 17:42:34 2015 +0100
copperplate/registry: Make inter-user sharing configurable
There are two scenarios to consider when it comes to sharing registry
mounts: either Xenomai applications only run as root or a group was
given the rights to run such applications as well. In the former, case
there is no need to expose registry data to non-root users. The latter
case still requires more work and is currently not supported /wrt the
registry. But that will only require sharing of the anonymous session.
To prepare controlled sharing of registry mounts, make them
configurable. This is done by a new command line option --shared for
sysregd. By default, sharing is off in order to avoid unwanted and
needless information disclosure about application internals to
unprivileged users.
Signed-off-by: Jan Kiszka <jan.kis...@siemens.com>
---
include/copperplate/registry.h | 4 ++--
lib/copperplate/init.c | 5 +++--
lib/copperplate/internal.h | 2 +-
lib/copperplate/regd/regd.c | 13 ++++++++++++-
lib/copperplate/registry.c | 9 ++++++---
5 files changed, 24 insertions(+), 9 deletions(-)
diff --git a/include/copperplate/registry.h b/include/copperplate/registry.h
index 0cba3d5..903db4a 100644
--- a/include/copperplate/registry.h
+++ b/include/copperplate/registry.h
@@ -76,7 +76,7 @@ void registry_destroy_file(struct fsobj *fsobj);
void registry_touch_file(struct fsobj *fsobj);
-int __registry_pkg_init(const char *arg0, char *mountpt);
+int __registry_pkg_init(const char *arg0, char *mountpt, int shared_registry);
int registry_pkg_init(const char *arg0);
@@ -126,7 +126,7 @@ void registry_touch_file(struct fsobj *fsobj)
}
static inline
-int __registry_pkg_init(const char *arg0, char *mountpt)
+int __registry_pkg_init(const char *arg0, char *mountpt, int shared_registry)
{
return 0;
}
diff --git a/lib/copperplate/init.c b/lib/copperplate/init.c
index 856863e..0aba4c3 100644
--- a/lib/copperplate/init.c
+++ b/lib/copperplate/init.c
@@ -477,7 +477,8 @@ static int parse_skin_options(int *argcp, int largc, char
**uargv,
* code only, such as sysregd. No code traversed should depend on
* __node_info.
*/
-void copperplate_bootstrap_minimal(const char *arg0, char *mountpt)
+void copperplate_bootstrap_minimal(const char *arg0, char *mountpt,
+ int shared_registry)
{
int ret;
@@ -497,7 +498,7 @@ void copperplate_bootstrap_minimal(const char *arg0, char
*mountpt)
goto fail;
}
- ret = __registry_pkg_init(arg0, mountpt);
+ ret = __registry_pkg_init(arg0, mountpt, shared_registry);
if (ret)
goto fail;
diff --git a/lib/copperplate/internal.h b/lib/copperplate/internal.h
index 119e129..cc41101 100644
--- a/lib/copperplate/internal.h
+++ b/lib/copperplate/internal.h
@@ -111,7 +111,7 @@ int copperplate_renice_local_thread(pthread_t ptid, int
policy,
const struct sched_param_ex *param_ex);
void copperplate_bootstrap_minimal(const char *arg0,
- char *mountpt);
+ char *mountpt, int shared_registry);
#ifdef __cplusplus
}
diff --git a/lib/copperplate/regd/regd.c b/lib/copperplate/regd/regd.c
index e519661..637bd30 100644
--- a/lib/copperplate/regd/regd.c
+++ b/lib/copperplate/regd/regd.c
@@ -60,6 +60,8 @@ static int daemonize;
static int linger;
+static int shared;
+
struct client {
char *mountpt;
int sockfd;
@@ -71,6 +73,7 @@ static DEFINE_PRIVATE_LIST(client_list);
static void usage(void)
{
fprintf(stderr, "usage: regd [--root=<dir>] set registry root
directory\n");
+ fprintf(stderr, " [--shared] share registry between
different users\n");
fprintf(stderr, " [--daemonize] run in the background\n");
fprintf(stderr, " [--linger] disable timed exit on
idleness\n");
}
@@ -103,6 +106,13 @@ static const struct option options[] = {
.val = 1,
},
{
+#define shared_opt 4
+ .name = "shared",
+ .has_arg = 0,
+ .flag = &shared,
+ .val = 1,
+ },
+ {
.name = NULL,
},
};
@@ -365,7 +375,7 @@ static void create_system_fs(const char *arg0, const char
*rootdir)
__node_info.session_label = session;
__node_info.registry_root = rootdir;
sysroot = mountpt;
- copperplate_bootstrap_minimal(arg0, mountpt);
+ copperplate_bootstrap_minimal(arg0, mountpt, shared);
note("mounted system fs at %s", mountpt);
@@ -403,6 +413,7 @@ int main(int argc, char *const *argv)
return 0;
case daemonize_opt:
case linger_opt:
+ case shared_opt:
break;
case root_opt:
rootdir = optarg;
diff --git a/lib/copperplate/registry.c b/lib/copperplate/registry.c
index 225c1bb..720093c 100644
--- a/lib/copperplate/registry.c
+++ b/lib/copperplate/registry.c
@@ -60,6 +60,7 @@ static pthread_t regfs_thid;
struct regfs_data {
const char *arg0;
char *mountpt;
+ int shared;
sem_t sync;
int status;
pthread_mutex_t lock;
@@ -579,7 +580,8 @@ static void *registry_thread(void *arg)
av[2] = "-f";
av[3] = p->mountpt;
av[4] = "-o";
- av[5] = "allow_other,default_permissions";
+ av[5] = p->shared ? "default_permissions,allow_other"
+ : "default_permissions";
av[6] = NULL;
/*
@@ -719,7 +721,7 @@ static void pkg_cleanup(void)
registry_pkg_destroy();
}
-int __registry_pkg_init(const char *arg0, char *mountpt)
+int __registry_pkg_init(const char *arg0, char *mountpt, int shared_registry)
{
struct regfs_data *p = regfs_get_context();
pthread_mutexattr_t mattr;
@@ -751,6 +753,7 @@ int __registry_pkg_init(const char *arg0, char *mountpt)
pthread_attr_setscope(&thattr, PTHREAD_SCOPE_PROCESS);
p->arg0 = arg0;
p->mountpt = mountpt;
+ p->shared = shared_registry;
p->status = -EINVAL;
__STD(sem_init(&p->sync, 0, 0));
@@ -797,7 +800,7 @@ int registry_pkg_init(const char *arg0)
if (ret)
return ret;
- return __bt(__registry_pkg_init(arg0, mountpt));
+ return __bt(__registry_pkg_init(arg0, mountpt, 0));
}
void registry_pkg_destroy(void)
_______________________________________________
Xenomai-git mailing list
Xenomai-git@xenomai.org
http://www.xenomai.org/mailman/listinfo/xenomai-git
