Module: xenomai-3 Branch: master Commit: 1b1166d7445760078fc2cc1943f4754f557eedc2 URL: http://git.xenomai.org/?p=xenomai-3.git;a=commit;h=1b1166d7445760078fc2cc1943f4754f557eedc2
Author: Jan Kiszka <jan.kis...@siemens.com> Date: Wed Jan 7 17:42:34 2015 +0100 copperplate/registry: Make inter-user sharing configurable There are two scenarios to consider when it comes to sharing registry mounts: either Xenomai applications only run as root or a group was given the rights to run such applications as well. In the former, case there is no need to expose registry data to non-root users. The latter case still requires more work and is currently not supported /wrt the registry. But that will only require sharing of the anonymous session. To prepare controlled sharing of registry mounts, make them configurable. This is done by a new command line option --shared for sysregd. By default, sharing is off in order to avoid unwanted and needless information disclosure about application internals to unprivileged users. Signed-off-by: Jan Kiszka <jan.kis...@siemens.com> --- include/copperplate/registry.h | 4 ++-- lib/copperplate/init.c | 5 +++-- lib/copperplate/internal.h | 2 +- lib/copperplate/regd/regd.c | 13 ++++++++++++- lib/copperplate/registry.c | 9 ++++++--- 5 files changed, 24 insertions(+), 9 deletions(-) diff --git a/include/copperplate/registry.h b/include/copperplate/registry.h index 0cba3d5..903db4a 100644 --- a/include/copperplate/registry.h +++ b/include/copperplate/registry.h @@ -76,7 +76,7 @@ void registry_destroy_file(struct fsobj *fsobj); void registry_touch_file(struct fsobj *fsobj); -int __registry_pkg_init(const char *arg0, char *mountpt); +int __registry_pkg_init(const char *arg0, char *mountpt, int shared_registry); int registry_pkg_init(const char *arg0); @@ -126,7 +126,7 @@ void registry_touch_file(struct fsobj *fsobj) } static inline -int __registry_pkg_init(const char *arg0, char *mountpt) +int __registry_pkg_init(const char *arg0, char *mountpt, int shared_registry) { return 0; } diff --git a/lib/copperplate/init.c b/lib/copperplate/init.c index 856863e..0aba4c3 100644 --- a/lib/copperplate/init.c +++ b/lib/copperplate/init.c @@ -477,7 +477,8 @@ static int parse_skin_options(int *argcp, int largc, char **uargv, * code only, such as sysregd. No code traversed should depend on * __node_info. */ -void copperplate_bootstrap_minimal(const char *arg0, char *mountpt) +void copperplate_bootstrap_minimal(const char *arg0, char *mountpt, + int shared_registry) { int ret; @@ -497,7 +498,7 @@ void copperplate_bootstrap_minimal(const char *arg0, char *mountpt) goto fail; } - ret = __registry_pkg_init(arg0, mountpt); + ret = __registry_pkg_init(arg0, mountpt, shared_registry); if (ret) goto fail; diff --git a/lib/copperplate/internal.h b/lib/copperplate/internal.h index 119e129..cc41101 100644 --- a/lib/copperplate/internal.h +++ b/lib/copperplate/internal.h @@ -111,7 +111,7 @@ int copperplate_renice_local_thread(pthread_t ptid, int policy, const struct sched_param_ex *param_ex); void copperplate_bootstrap_minimal(const char *arg0, - char *mountpt); + char *mountpt, int shared_registry); #ifdef __cplusplus } diff --git a/lib/copperplate/regd/regd.c b/lib/copperplate/regd/regd.c index e519661..637bd30 100644 --- a/lib/copperplate/regd/regd.c +++ b/lib/copperplate/regd/regd.c @@ -60,6 +60,8 @@ static int daemonize; static int linger; +static int shared; + struct client { char *mountpt; int sockfd; @@ -71,6 +73,7 @@ static DEFINE_PRIVATE_LIST(client_list); static void usage(void) { fprintf(stderr, "usage: regd [--root=<dir>] set registry root directory\n"); + fprintf(stderr, " [--shared] share registry between different users\n"); fprintf(stderr, " [--daemonize] run in the background\n"); fprintf(stderr, " [--linger] disable timed exit on idleness\n"); } @@ -103,6 +106,13 @@ static const struct option options[] = { .val = 1, }, { +#define shared_opt 4 + .name = "shared", + .has_arg = 0, + .flag = &shared, + .val = 1, + }, + { .name = NULL, }, }; @@ -365,7 +375,7 @@ static void create_system_fs(const char *arg0, const char *rootdir) __node_info.session_label = session; __node_info.registry_root = rootdir; sysroot = mountpt; - copperplate_bootstrap_minimal(arg0, mountpt); + copperplate_bootstrap_minimal(arg0, mountpt, shared); note("mounted system fs at %s", mountpt); @@ -403,6 +413,7 @@ int main(int argc, char *const *argv) return 0; case daemonize_opt: case linger_opt: + case shared_opt: break; case root_opt: rootdir = optarg; diff --git a/lib/copperplate/registry.c b/lib/copperplate/registry.c index 225c1bb..720093c 100644 --- a/lib/copperplate/registry.c +++ b/lib/copperplate/registry.c @@ -60,6 +60,7 @@ static pthread_t regfs_thid; struct regfs_data { const char *arg0; char *mountpt; + int shared; sem_t sync; int status; pthread_mutex_t lock; @@ -579,7 +580,8 @@ static void *registry_thread(void *arg) av[2] = "-f"; av[3] = p->mountpt; av[4] = "-o"; - av[5] = "allow_other,default_permissions"; + av[5] = p->shared ? "default_permissions,allow_other" + : "default_permissions"; av[6] = NULL; /* @@ -719,7 +721,7 @@ static void pkg_cleanup(void) registry_pkg_destroy(); } -int __registry_pkg_init(const char *arg0, char *mountpt) +int __registry_pkg_init(const char *arg0, char *mountpt, int shared_registry) { struct regfs_data *p = regfs_get_context(); pthread_mutexattr_t mattr; @@ -751,6 +753,7 @@ int __registry_pkg_init(const char *arg0, char *mountpt) pthread_attr_setscope(&thattr, PTHREAD_SCOPE_PROCESS); p->arg0 = arg0; p->mountpt = mountpt; + p->shared = shared_registry; p->status = -EINVAL; __STD(sem_init(&p->sync, 0, 0)); @@ -797,7 +800,7 @@ int registry_pkg_init(const char *arg0) if (ret) return ret; - return __bt(__registry_pkg_init(arg0, mountpt)); + return __bt(__registry_pkg_init(arg0, mountpt, 0)); } void registry_pkg_destroy(void) _______________________________________________ Xenomai-git mailing list Xenomai-git@xenomai.org http://www.xenomai.org/mailman/listinfo/xenomai-git