about summary refs log tree commit diff
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2015-09-21 16:01:47 +0000
committerLaurent Bercot <ska-skaware@skarnet.org>2015-09-21 16:01:47 +0000
commit6045e95e3633af28e9b76bff260abe10741b33c8 (patch)
tree1c768589578c2a922933f97a4b102b77e3a7bcc7
parenteba9efcd7afc7b85cfd11fc17f101685cda9e487 (diff)
downloads6-rc-6045e95e3633af28e9b76bff260abe10741b33c8.tar.gz
s6-rc-6045e95e3633af28e9b76bff260abe10741b33c8.tar.xz
s6-rc-6045e95e3633af28e9b76bff260abe10741b33c8.zip
Change s6rc-oneshot-runner to use s6-rc-oneshot-run, as well as s6-rc's
s6-sudo invocation.
 It's less efficient (s6-rc-oneshot-run loads and parses the database
every time) but it's more secure, because only programs in the database
can be executed with s6-sudod privileges.
-rw-r--r--src/s6-rc/s6-rc-compile.c5
-rw-r--r--src/s6-rc/s6-rc.c15
2 files changed, 12 insertions, 8 deletions
diff --git a/src/s6-rc/s6-rc-compile.c b/src/s6-rc/s6-rc-compile.c
index f76bd57..b1b4808 100644
--- a/src/s6-rc/s6-rc-compile.c
+++ b/src/s6-rc/s6-rc-compile.c
@@ -41,7 +41,10 @@ EXECLINE_EXTBINPREFIX "fdmove 1 3\n" \
 S6_EXTBINPREFIX "s6-ipcserver-socketbinder -- s\n" \
 S6_EXTBINPREFIX "s6-ipcserverd -1 --\n" \
 S6_EXTBINPREFIX "s6-ipcserver-access -v0 -E -l0 -i data/rules --\n" \
-S6_EXTBINPREFIX "s6-sudod -t 2000 --\n"
+EXECLINE_EXTBINPREFIX "getcwd WD\n" \
+EXECLINE_EXTBINPREFIX "import -u WD\n" \
+S6_EXTBINPREFIX "s6-sudod -t 2000 --\n" \
+S6RC_LIBEXECPREFIX "s6-rc-oneshot-run -l ${WD}/../.. --\n"
 
 static unsigned int verbosity = 1 ;
 static stralloc keep = STRALLOC_ZERO ;
diff --git a/src/s6-rc/s6-rc.c b/src/s6-rc/s6-rc.c
index ca504e2..0229466 100644
--- a/src/s6-rc/s6-rc.c
+++ b/src/s6-rc/s6-rc.c
@@ -86,17 +86,17 @@ static unsigned int compute_timeout (unsigned int i, int h)
 
 static pid_t start_oneshot (unsigned int i, int h)
 {
-  unsigned int argc = db->services[i].x.oneshot.argc[h] ;
-  char const *const *argv = db->argvs + db->services[i].x.oneshot.argv[h] ;
   unsigned int m = 0 ;
-  char const *newargv[9 + argc + !!dryrun[0] * 6] ;
-  char fmt[UINT32_FMT] ;
+  char const *newargv[11 + !!dryrun[0] * 6] ;
+  char tfmt[UINT32_FMT] ;
   char vfmt[UINT_FMT] ;
+  char ifmt[UINT_FMT] ;
   char socketfn[livelen + S6RC_ONESHOT_RUNNER_LEN + 12] ;
   byte_copy(socketfn, livelen, live) ;
   byte_copy(socketfn + livelen, 12 + S6RC_ONESHOT_RUNNER_LEN, "/scandir/" S6RC_ONESHOT_RUNNER "/s") ;
-  fmt[uint32_fmt(fmt, compute_timeout(i, h))] = 0 ;
+  tfmt[uint32_fmt(tfmt, compute_timeout(i, h))] = 0 ;
   vfmt[uint_fmt(vfmt, verbosity)] = 0 ;
+  ifmt[uint_fmt(ifmt, i)] = 0 ;
   if (dryrun[0])
   {
     newargv[m++] = S6RC_BINPREFIX "s6-rc-dryrun" ;
@@ -111,10 +111,11 @@ static pid_t start_oneshot (unsigned int i, int h)
   newargv[m++] = "-t" ;
   newargv[m++] = "2000" ;
   newargv[m++] = "-T" ;
-  newargv[m++] = fmt ;
+  newargv[m++] = tfmt ;
   newargv[m++] = "--" ;
   newargv[m++] = socketfn ;
-  while (argc--) newargv[m++] = *argv++ ;
+  newargv[m++] = h ? "up" : "down" ;
+  newargv[m++] = ifmt ;
   newargv[m++] = 0 ;
   return child_spawn0(newargv[0], newargv, (char const *const *)environ) ;
 }