s6

Mirror/fork of https://skarnet.org/software/s6/
git clone https://ccx.te2000.cz/git/s6
Log | Files | Refs | README | LICENSE

commit dcde199cad545f33847d94e7bfa662f38559d517
parent 857822a80ba63508999855221620d8c6ebd28044
Author: Laurent Bercot <ska-skaware@skarnet.org>
Date:   Fri,  8 Jan 2021 17:48:46 +0000

 s6-u-m fixes and doc fixes

Diffstat:
M.gitignore | 1+
Mdoc/s6-usertree-maker.html | 12++++++++++++
Msrc/usertree/s6-usertree-maker.c | 25++++++++++++++++---------
3 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/.gitignore b/.gitignore @@ -67,3 +67,4 @@ /s6-fdholder-transferdumpc /s6-applyuidgid /s6-setuidgid +/s6-usertree-maker diff --git a/doc/s6-usertree-maker.html b/doc/s6-usertree-maker.html @@ -252,6 +252,18 @@ easier to generate programmatically and to harden than shell scripts, so it is o built if s6 is built with <a href="//skarnet.org/software/execline/">execline</a> support - i.e. the <tt>--disable-execline</tt> switch has <em>not</em> been given to configure. </li> + <li> For the admin who wants to automate user tree management, s6-usertree-maker +is a <em>building block</em> meant to be used in scripts, not a complete turnkey +solution. For instance, s6-usertree-maker does not create <em>userscandir</em> for +a user: it assumes that that scandir is already in place. It does not create +<em>logdir</em> either: <em>logdir</em>, or at least its parent directory, must +already exist before the logger is run, else <a href="s6-log.html">s6-log</a> will +fail repeatedly. Make sure that all the data and metadata referenced by the service's +and the logger's run scripts are actually present and valid before starting the +service. </li> + <li> If s6-usertree-maker encounters failure (and exits 111), it does not clean up +the directories it created. Make sure to always test s6-usertree-maker's return code +and clean up after it if needed. </li> </ul> </body> diff --git a/src/usertree/s6-usertree-maker.c b/src/usertree/s6-usertree-maker.c @@ -46,6 +46,7 @@ static inline void write_run (char const *runfile, char const *user, char const S6_EXTBINPREFIX "s6-envuidgid -i -- ") < 0 || buffer_put(&b, sa.s, sa.len) < 0 || buffer_puts(&b, "\n" + S6_EXTBINPREFIX "s6-applyuidgid -U --\n" EXECLINE_EXTBINPREFIX "backtick -in HOME { " EXECLINE_EXTBINPREFIX "homeof ") < 0 || buffer_put(&b, sa.s, sa.len) < 0 @@ -177,25 +178,24 @@ static void write_logger (char const *dir, char const *user, char const *logdir, { size_t dirlen = strlen(dir) ; char fn[dirlen + 17] ; - if (mkdir(dir, 0755) < 0) strerr_diefu2sys(111, "mkdir ", dir) ; memcpy(fn, dir, dirlen) ; memcpy(fn + dirlen, "/notification-fd", 17) ; - if (!openwritenclose_unsafe(fn, "3\n", 2)) strerr_diefu2sys(111, "write to ", fn) ; + if (!openwritenclose_unsafe(fn, "3\n", 2)) goto err ; memcpy(fn + dirlen + 1, "run", 4) ; write_logrun(fn, user, logdir, stamptype, nfiles, filesize, maxsize) ; if (service) { struct iovec v[2] = { { .iov_base = (char *)service, .iov_len = strlen(service) }, { .iov_base = "\n", .iov_len = 1 } } ; memcpy(fn + dirlen + 1, "type", 5) ; - if (!openwritenclose_unsafe(fn, "longrun\n", 8)) strerr_diefu2sys(111, "write to ", fn) ; + if (!openwritenclose_unsafe(fn, "longrun\n", 8)) goto err ; memcpy(fn + dirlen + 1, "consumer-for", 13) ; - if (!openwritevnclose_unsafe(fn, v, 2)) strerr_diefu2sys(111, "write to ", fn) ; + if (!openwritevnclose_unsafe(fn, v, 2)) goto err ; if (pipelinename) { v[0].iov_base = (char *)pipelinename ; v[0].iov_len = strlen(pipelinename) ; memcpy(fn + dirlen + 1, "pipeline-name", 14) ; - if (!openwritevnclose_unsafe(fn, v, 2)) strerr_diefu2sys(111, "write to ", fn) ; + if (!openwritevnclose_unsafe(fn, v, 2)) goto err ; } } else @@ -203,6 +203,9 @@ static void write_logger (char const *dir, char const *user, char const *logdir, if (chmod(fn, mask | ((mask >> 2) & 0111)) < 0) strerr_diefu2sys(111, "chmod ", fn) ; } + return ; + err: + strerr_diefu2sys(111, "write to ", fn) ; } int main (int argc, char *const *argv) @@ -273,7 +276,6 @@ int main (int argc, char *const *argv) } } mask = umask(0) ; - umask(mask) ; mask = ~mask & 0666 ; dirlen = strlen(argv[2]) ; @@ -281,16 +283,19 @@ int main (int argc, char *const *argv) { size_t svclen = strlen(rcinfo[0]) ; size_t loglen = strlen(rcinfo[1]) ; - char dir[dirlen + 2 + svclen > loglen ? svclen : loglen] ; + char dir[dirlen + 2 + (svclen > loglen ? svclen : loglen)] ; memcpy(dir, argv[2], dirlen) ; dir[dirlen] = '/' ; - memcpy(dir + dirlen + 1, rcinfo[0], svclen + 1) ; if (mkdir(argv[2], 0755) < 0 && errno != EEXIST) strerr_diefu2sys(111, "mkdir ", argv[2]) ; + memcpy(dir + dirlen + 1, rcinfo[0], svclen + 1) ; if (mkdir(dir, 0755) < 0) strerr_diefu2sys(111, "mkdir ", dir) ; - write_service(dir, argv[0], userscandir, rcinfo[1], path, userenvdir, vars, varlen) ; memcpy(dir + dirlen + 1, rcinfo[1], loglen + 1) ; + if (mkdir(dir, 0755) < 0) strerr_diefu2sys(111, "mkdir ", dir) ; + umask(mask) ; write_logger(dir, loguser, argv[1], stamptype, nfiles, filesize, maxsize, rcinfo[0], rcinfo[2]) ; + memcpy(dir + dirlen + 1, rcinfo[0], svclen + 1) ; + write_service(dir, argv[0], userscandir, rcinfo[1], path, userenvdir, vars, varlen) ; } else { @@ -298,6 +303,8 @@ int main (int argc, char *const *argv) memcpy(dir, argv[2], dirlen) ; memcpy(dir + dirlen, "/log", 5) ; if (mkdir(argv[2], 0755) < 0) strerr_diefu2sys(111, "mkdir ", argv[2]) ; + if (mkdir(dir, 0755) < 0) strerr_diefu2sys(111, "mkdir ", argv[2]) ; + umask(mask) ; write_service(argv[2], argv[0], userscandir, 0, path, userenvdir, vars, varlen) ; write_logger(dir, loguser, argv[1], stamptype, nfiles, filesize, maxsize, 0, 0) ; }