experiments/clixon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added fdkeep parameter to clixon_process_register

Browse source
This commit is contained in:
Olof hagsand 2023-06-08 15:51:16 +02:00
parent 634e13ea32
commit 8091b4ab7e
4 changed files with 17 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

2
CHANGELOG.md
View file

@ -54,7 +54,7 @@ Expected: July 2023
### C/CLI-API changes on existing features ### C/CLI-API changes on existing features
Developers may need to change their code Developers may need to change their code
* Added `uid` and `gid` parameters to `clixon_process_register()` for drop privs * Added `uid`, `gid` and `fdkeep` parameters to `clixon_process_register()` for drop privs
* Added output function to JSON output: * Added output function to JSON output:
* `xml2json_vec(...,skiptop)` --> `xml2json_vec(..., cligen_output, skiptop)` * `xml2json_vec(...,skiptop)` --> `xml2json_vec(..., cligen_output, skiptop)`
* `yang2cli_yspec` removed last argument `printgen`. * `yang2cli_yspec` removed last argument `printgen`.

2
apps/backend/backend_plugin_restconf.c
View file

@ -314,7 +314,7 @@ restconf_pseudo_process_control(clicon_handle h)
if (clixon_process_register(h, RESTCONF_PROCESS, if (clixon_process_register(h, RESTCONF_PROCESS,
"Clixon RESTCONF process", "Clixon RESTCONF process",
NULL /* XXX network namespace */, NULL /* XXX network namespace */,
-1, -1, -1, -1, -1,
restconf_rpc_wrapper, restconf_rpc_wrapper,
argv, nr) < 0) argv, nr) < 0)
goto done; goto done;

2
lib/clixon/clixon_proc.h
View file

@ -70,7 +70,7 @@ int clixon_proc_socket_close(pid_t pid, int sock);
int clixon_process_pid(clicon_handle h, const char *name, pid_t *pid); int clixon_process_pid(clicon_handle h, const char *name, pid_t *pid);
proc_operation clixon_process_op_str2int(char *opstr); proc_operation clixon_process_op_str2int(char *opstr);
int clixon_process_argv_get(clicon_handle h, const char *name, char ***argv, int *argc); int clixon_process_argv_get(clicon_handle h, const char *name, char ***argv, int *argc);
int clixon_process_register(clicon_handle h, const char *name, const char *descr, const char *netns, uid_t uid, gid_t gid, proc_cb_t *callback, char **argv, int argc); int clixon_process_register(clicon_handle h, const char *name, const char *descr, const char *netns, uid_t uid, gid_t gid, int fdkeep, proc_cb_t *callback, char **argv, int argc);
int clixon_process_delete_all(clicon_handle h); int clixon_process_delete_all(clicon_handle h);
int clixon_process_operation(clicon_handle h, const char *name, proc_operation op, const int wrapit); int clixon_process_operation(clicon_handle h, const char *name, proc_operation op, const int wrapit);
int clixon_process_status(clicon_handle h, const char *name, cbuf *cbret); int clixon_process_status(clicon_handle h, const char *name, cbuf *cbret);

21
lib/src/clixon_proc.c
View file

@ -147,6 +147,7 @@ struct process_entry_t {
char *pe_netns; /* Network namespace */ char *pe_netns; /* Network namespace */
uid_t pe_uid; /* UID of process or -1 to keep same as backend */ uid_t pe_uid; /* UID of process or -1 to keep same as backend */
gid_t pe_gid; /* GID of process or -1 to keep same as backend */ gid_t pe_gid; /* GID of process or -1 to keep same as backend */
gid_t pe_fdkeep; /* Unless -1 skip closing (one) filedes, typically 2/stderr */
char **pe_argv; /* argv with command as element 0 and NULL-terminated */ char **pe_argv; /* argv with command as element 0 and NULL-terminated */
int pe_argc; /* Length of argc */ int pe_argc; /* Length of argc */
pid_t pe_pid; /* Running process id (state) or 0 if dead (pid is set if exiting=1) */ pid_t pe_pid; /* Running process id (state) or 0 if dead (pid is set if exiting=1) */
@ -266,6 +267,7 @@ clixon_proc_socket_close(pid_t pid,
* @param[in] argv NULL-terminated Argument vector * @param[in] argv NULL-terminated Argument vector
* @param[in] netns Network namespace (or NULL) * @param[in] netns Network namespace (or NULL)
* @param[in] uid User-id or -1 to keep existing * @param[in] uid User-id or -1 to keep existing
* @param[in] fdkeep If -1 keep this filedes open
* @param[out] pid Process id * @param[out] pid Process id
* @retval 0 OK * @retval 0 OK
* @retval -1 Error. * @retval -1 Error.
@ -275,6 +277,7 @@ clixon_proc_background(char **argv,
const char *netns, const char *netns,
uid_t uid, uid_t uid,
gid_t gid, gid_t gid,
int fdkeep,
pid_t *pid0) pid_t *pid0)
{ {
int retval = -1; int retval = -1;
@ -315,19 +318,20 @@ clixon_proc_background(char **argv,
char nsfile[PATH_MAX]; char nsfile[PATH_MAX];
int nsfd; int nsfd;
#endif #endif
clicon_debug(1, "%s child", __FUNCTION__); clicon_debug(1, "%s child", __FUNCTION__);
clicon_signal_unblock(0); clicon_signal_unblock(0);
signal(SIGTSTP, SIG_IGN); signal(SIGTSTP, SIG_IGN);
if (chdir("/") < 0){ if (chdir("/") < 0){
clicon_err(OE_UNIX, errno, "chdirq"); clicon_err(OE_UNIX, errno, "chdir");
exit(1); exit(1);
} }
/* Close open descriptors */ /* Close open descriptors */
if ( ! getrlimit(RLIMIT_NOFILE, &rlim)) if ( ! getrlimit(RLIMIT_NOFILE, &rlim))
for (i = 0; i < rlim.rlim_cur; i++) for (i = 0; i < rlim.rlim_cur; i++){
if (fdkeep != -1 && i == fdkeep) // XXX stderr
continue;
close(i); close(i);
}
#ifdef HAVE_SETNS /* linux network namespaces */ #ifdef HAVE_SETNS /* linux network namespaces */
/* If network namespace is defined, let child join it /* If network namespace is defined, let child join it
* XXX: this is work-in-progress * XXX: this is work-in-progress
@ -445,6 +449,7 @@ clixon_process_argv_get(clicon_handle h,
* @param[in] netns Namespace netspace (or NULL) * @param[in] netns Namespace netspace (or NULL)
* @param[in] uid UID of process (or -1 to keep same) * @param[in] uid UID of process (or -1 to keep same)
* @param[in] gid GID of process (or -1 to keep same) * @param[in] gid GID of process (or -1 to keep same)
* @param[in] fdkeep Unless -1 skip closing (one) filedes, typically 2/stderr
* @param[in] callback Wrapper function * @param[in] callback Wrapper function
* @param[in] argv NULL-terminated vector of vectors * @param[in] argv NULL-terminated vector of vectors
* @param[in] argc Length of argv * @param[in] argc Length of argv
@ -459,6 +464,7 @@ clixon_process_register(clicon_handle h,
const char *netns, const char *netns,
const uid_t uid, const uid_t uid,
const gid_t gid, const gid_t gid,
const int fdkeep,
proc_cb_t *callback, proc_cb_t *callback,
char **argv, char **argv,
int argc) int argc)
@ -494,6 +500,7 @@ clixon_process_register(clicon_handle h,
} }
pe->pe_uid = uid; pe->pe_uid = uid;
pe->pe_gid = gid; pe->pe_gid = gid;
pe->pe_fdkeep = fdkeep;
pe->pe_argc = argc; pe->pe_argc = argc;
if ((pe->pe_argv = calloc(argc, sizeof(char *))) == NULL){ if ((pe->pe_argv = calloc(argc, sizeof(char *))) == NULL){
clicon_err(OE_UNIX, errno, "calloc"); clicon_err(OE_UNIX, errno, "calloc");
@ -864,7 +871,7 @@ clixon_process_sched(int fd,
goto done; goto done;
if (!isrunning) if (!isrunning)
if (clixon_proc_background(pe->pe_argv, pe->pe_netns, if (clixon_proc_background(pe->pe_argv, pe->pe_netns,
pe->pe_uid, pe->pe_gid, pe->pe_uid, pe->pe_gid, pe->pe_fdkeep,
&pe->pe_pid) < 0) &pe->pe_pid) < 0)
goto done; goto done;
clicon_debug(1, "%s %s(%d) %s --%s--> %s", __FUNCTION__, clicon_debug(1, "%s %s(%d) %s --%s--> %s", __FUNCTION__,
@ -891,7 +898,7 @@ clixon_process_sched(int fd,
if (isrunning) /* Already runs */ if (isrunning) /* Already runs */
break; break;
if (clixon_proc_background(pe->pe_argv, pe->pe_netns, if (clixon_proc_background(pe->pe_argv, pe->pe_netns,
pe->pe_uid, pe->pe_gid, pe->pe_uid, pe->pe_gid, pe->pe_fdkeep,
&pe->pe_pid) < 0) &pe->pe_pid) < 0)
goto done; goto done;
clicon_debug(1, "%s %s(%d) %s --%s--> %s", __FUNCTION__, clicon_debug(1, "%s %s(%d) %s --%s--> %s", __FUNCTION__,
@ -996,7 +1003,7 @@ clixon_process_waitpid(clicon_handle h)
/* This is the case where there is an existing process running. /* This is the case where there is an existing process running.
* it was killed above but still runs and needs to be reaped */ * it was killed above but still runs and needs to be reaped */
if (clixon_proc_background(pe->pe_argv, pe->pe_netns, if (clixon_proc_background(pe->pe_argv, pe->pe_netns,
pe->pe_uid, pe->pe_gid, pe->pe_uid, pe->pe_gid, pe->pe_fdkeep,
&pe->pe_pid) < 0) &pe->pe_pid) < 0)
goto done; goto done;
gettimeofday(&pe->pe_starttime, NULL); gettimeofday(&pe->pe_starttime, NULL);