Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Allow operator to use lvm in read-only mode. Switch LVM lock...
details: https://anonhg.NetBSD.org/src/rev/7ad7c34e60f3
branches: trunk
changeset: 760456:7ad7c34e60f3
user: haad <haad%NetBSD.org@localhost>
date: Wed Jan 05 14:57:27 2011 +0000
description:
Allow operator to use lvm in read-only mode. Switch LVM lock dir to
/var/run/lvm and create it in rc.d/mountcritlocal. Fix dm control device
permissions to allow rw for operator.
Test if we are running lvm commands as operator and if that it's true do not
create vg backups and do not print confusing warning.
diffstat:
distrib/sets/lists/base/mi | 6 ++--
etc/mtree/NetBSD.dist.base | 4 +--
etc/rc.d/mountcritlocal | 8 +++++-
external/gpl2/lvm2/dist/include/defaults.h | 4 +-
external/gpl2/lvm2/dist/lib/format_text/archiver.c | 14 +++++++++++-
external/gpl2/lvm2/dist/lib/locking/file_locking.c | 23 ++++++++++++++++---
external/gpl2/lvm2/dist/lib/misc/lvm-globals.c | 17 +++++++++++++-
external/gpl2/lvm2/dist/lib/misc/lvm-globals.h | 7 +++++-
external/gpl2/lvm2/dist/libdm/libdm-file.c | 7 +++++-
external/gpl2/lvm2/dist/tools/lvmcmdline.c | 26 +++++++++++++++++++++-
external/gpl2/lvm2/lvm2tools.mk | 5 ++-
11 files changed, 101 insertions(+), 20 deletions(-)
diffs (294 lines):
diff -r 8251d7509326 -r 7ad7c34e60f3 distrib/sets/lists/base/mi
--- a/distrib/sets/lists/base/mi Wed Jan 05 14:55:10 2011 +0000
+++ b/distrib/sets/lists/base/mi Wed Jan 05 14:57:27 2011 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.912 2011/01/01 13:09:13 haad Exp $
+# $NetBSD: mi,v 1.913 2011/01/05 14:57:29 haad Exp $
#
# Note: Don't delete entries from here - mark them as "obsolete" instead,
# unless otherwise stated below.
@@ -4836,8 +4836,8 @@
./var/games/sail base-games-root
./var/games/save base-obsolete obsolete
./var/heimdal base-krb5-root
-./var/lock base-sys-root
-./var/lock/lvm base-sys-root lvm
+./var/lock base-sys-root obsolete
+./var/lock/lvm base-sys-root obsolete
./var/log base-sys-root
./var/log/rdist base-netutil-root
./var/mail base-mail-root
diff -r 8251d7509326 -r 7ad7c34e60f3 etc/mtree/NetBSD.dist.base
--- a/etc/mtree/NetBSD.dist.base Wed Jan 05 14:55:10 2011 +0000
+++ b/etc/mtree/NetBSD.dist.base Wed Jan 05 14:57:27 2011 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: NetBSD.dist.base,v 1.71 2011/01/01 22:11:45 haad Exp $
+# $NetBSD: NetBSD.dist.base,v 1.72 2011/01/05 14:57:29 haad Exp $
# @(#)4.4BSD.dist 8.1 (Berkeley) 6/13/93
# Do not customize this file as it may be overwritten on upgrades.
@@ -1098,8 +1098,6 @@
./var/games/phantasia uname=games gname=games mode=0775
./var/games/sail uname=games gname=games mode=0775
./var/heimdal
-./var/lock gname=operator mode=0710
-./var/lock/lvm gname=operator mode=0770
./var/log
./var/log/rdist
./var/mail mode=1777
diff -r 8251d7509326 -r 7ad7c34e60f3 etc/rc.d/mountcritlocal
--- a/etc/rc.d/mountcritlocal Wed Jan 05 14:55:10 2011 +0000
+++ b/etc/rc.d/mountcritlocal Wed Jan 05 14:57:27 2011 +0000
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $NetBSD: mountcritlocal,v 1.10 2009/04/21 16:08:57 joerg Exp $
+# $NetBSD: mountcritlocal,v 1.11 2011/01/05 14:57:29 haad Exp $
#
# PROVIDE: mountcritlocal
@@ -25,6 +25,12 @@
#
rm -f /etc/nologin /var/spool/lock/LCK.*
(cd /var/run && rm -rf -- *)
+ # create LVM locking directory, it needs to be owned by operator
+ # group and has parmissions to allow lock file creation.
+ #
+ mkdir /var/run/lvm
+ chown root:operator /var/run/lvm
+ chmod 770 /var/run/lvm
}
load_rc_config $name
diff -r 8251d7509326 -r 7ad7c34e60f3 external/gpl2/lvm2/dist/include/defaults.h
--- a/external/gpl2/lvm2/dist/include/defaults.h Wed Jan 05 14:55:10 2011 +0000
+++ b/external/gpl2/lvm2/dist/include/defaults.h Wed Jan 05 14:57:27 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: defaults.h,v 1.1.1.2 2009/12/02 00:25:44 haad Exp $ */
+/* $NetBSD: defaults.h,v 1.2 2011/01/05 14:57:27 haad Exp $ */
/*
* Copyright (C) 2001-2004 Sistina Software, Inc. All rights reserved.
@@ -39,7 +39,7 @@
#define DEFAULT_DATA_ALIGNMENT_OFFSET_DETECTION 1
#define DEFAULT_DATA_ALIGNMENT_DETECTION 1
-#define DEFAULT_LOCK_DIR "/var/lock/lvm"
+#define DEFAULT_LOCK_DIR "/var/run/lvm"
#define DEFAULT_LOCKING_LIB "liblvm2clusterlock.so"
#define DEFAULT_FALLBACK_TO_LOCAL_LOCKING 1
#define DEFAULT_FALLBACK_TO_CLUSTERED_LOCKING 1
diff -r 8251d7509326 -r 7ad7c34e60f3 external/gpl2/lvm2/dist/lib/format_text/archiver.c
--- a/external/gpl2/lvm2/dist/lib/format_text/archiver.c Wed Jan 05 14:55:10 2011 +0000
+++ b/external/gpl2/lvm2/dist/lib/format_text/archiver.c Wed Jan 05 14:57:27 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: archiver.c,v 1.1.1.3 2009/12/02 00:26:29 haad Exp $ */
+/* $NetBSD: archiver.c,v 1.2 2011/01/05 14:57:28 haad Exp $ */
/*
* Copyright (C) 2001-2004 Sistina Software, Inc. All rights reserved.
@@ -117,6 +117,12 @@
return 1;
}
+#ifdef __NetBSD__
+ if (is_operator()) {
+ log_verbose("Operator usage: Skipping archiving of volume group.");
+ return 1;
+ }
+#endif
if (!dm_create_dir(vg->cmd->archive_params->dir))
return 0;
@@ -221,6 +227,12 @@
return 1;
}
+#ifdef __NetBSD__
+ if (is_operator()) {
+ log_verbose("Operator usage: Skipping archiving of volume group.");
+ return 1;
+ }
+#endif
if (!dm_create_dir(vg->cmd->backup_params->dir))
return 0;
diff -r 8251d7509326 -r 7ad7c34e60f3 external/gpl2/lvm2/dist/lib/locking/file_locking.c
--- a/external/gpl2/lvm2/dist/lib/locking/file_locking.c Wed Jan 05 14:55:10 2011 +0000
+++ b/external/gpl2/lvm2/dist/lib/locking/file_locking.c Wed Jan 05 14:57:27 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: file_locking.c,v 1.1.1.3 2009/12/02 00:26:24 haad Exp $ */
+/* $NetBSD: file_locking.c,v 1.2 2011/01/05 14:57:28 haad Exp $ */
/*
* Copyright (C) 2001-2004 Sistina Software, Inc. All rights reserved.
@@ -322,6 +322,8 @@
int init_file_locking(struct locking_type *locking, struct cmd_context *cmd)
{
+ mode_t old_umask;
+
locking->lock_resource = _file_lock_resource;
locking->reset_locking = _reset_file_locking;
locking->fin_locking = _fin_file_locking;
@@ -335,10 +337,23 @@
_prioritise_write_locks =
find_config_tree_bool(cmd, "global/prioritise_write_locks",
DEFAULT_PRIORITISE_WRITE_LOCKS);
+ old_umask = umask(LVM_LOCKDIR_MODE);
+ if (!dm_create_dir(_lock_dir)){
+ umask(old_umask);
+ return 0;
+ } else {
+ /* Change lockfile directory owner to match with others */
+ if (chown(_lock_dir, DM_DEVICE_UID, DM_DEVICE_GID) == -1) {
+ if (errno == EPERM)
+ goto next;
+ log_sys_error("chown", _lock_dir);
+ return 0;
+ }
+ }
- if (!dm_create_dir(_lock_dir))
- return 0;
-
+next:
+ umask(old_umask);
+
/* Trap a read-only file system */
if ((access(_lock_dir, R_OK | W_OK | X_OK) == -1) && (errno == EROFS))
return 0;
diff -r 8251d7509326 -r 7ad7c34e60f3 external/gpl2/lvm2/dist/lib/misc/lvm-globals.c
--- a/external/gpl2/lvm2/dist/lib/misc/lvm-globals.c Wed Jan 05 14:55:10 2011 +0000
+++ b/external/gpl2/lvm2/dist/lib/misc/lvm-globals.c Wed Jan 05 14:57:27 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: lvm-globals.c,v 1.1.1.3 2009/12/02 00:26:44 haad Exp $ */
+/* $NetBSD: lvm-globals.c,v 1.2 2011/01/05 14:57:28 haad Exp $ */
/*
* Copyright (C) 2001-2004 Sistina Software, Inc. All rights reserved.
@@ -41,6 +41,21 @@
static int _error_message_produced = 0;
static unsigned _is_static = 0;
+#ifdef __NetBSD__
+
+static int _is_operator = 0;
+
+void init_operator(int operator)
+{
+ _is_operator = operator;
+}
+
+int is_operator()
+{
+ return _is_operator;
+}
+#endif
+
void init_verbose(int level)
{
_verbose_level = level;
diff -r 8251d7509326 -r 7ad7c34e60f3 external/gpl2/lvm2/dist/lib/misc/lvm-globals.h
--- a/external/gpl2/lvm2/dist/lib/misc/lvm-globals.h Wed Jan 05 14:55:10 2011 +0000
+++ b/external/gpl2/lvm2/dist/lib/misc/lvm-globals.h Wed Jan 05 14:57:27 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: lvm-globals.h,v 1.1.1.2 2009/02/18 11:17:17 haad Exp $ */
+/* $NetBSD: lvm-globals.h,v 1.2 2011/01/05 14:57:28 haad Exp $ */
/*
* Copyright (C) 2001-2004 Sistina Software, Inc. All rights reserved.
@@ -21,6 +21,11 @@
#define VERBOSE_BASE_LEVEL _LOG_WARN
#define SECURITY_LEVEL 0
+#ifdef __NetBSD__
+void init_operator(int operator);
+int is_operator(void);
+#endif
+
void init_verbose(int level);
void init_test(int level);
void init_md_filtering(int level);
diff -r 8251d7509326 -r 7ad7c34e60f3 external/gpl2/lvm2/dist/libdm/libdm-file.c
--- a/external/gpl2/lvm2/dist/libdm/libdm-file.c Wed Jan 05 14:55:10 2011 +0000
+++ b/external/gpl2/lvm2/dist/libdm/libdm-file.c Wed Jan 05 14:57:27 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: libdm-file.c,v 1.1.1.1 2008/12/22 00:18:33 haad Exp $ */
+/* $NetBSD: libdm-file.c,v 1.2 2011/01/05 14:57:28 haad Exp $ */
/*
* Copyright (C) 2001-2004 Sistina Software, Inc. All rights reserved.
@@ -21,6 +21,11 @@
#include <fcntl.h>
#include <dirent.h>
+/*
+ * Created directories permissions are controled by umask values and
+ * they should be set by api user before calling this function.
+ * Changing directory owners is also left on caller.
+ */
static int _create_dir_recursive(const char *dir)
{
char *orig, *s;
diff -r 8251d7509326 -r 7ad7c34e60f3 external/gpl2/lvm2/dist/tools/lvmcmdline.c
--- a/external/gpl2/lvm2/dist/tools/lvmcmdline.c Wed Jan 05 14:55:10 2011 +0000
+++ b/external/gpl2/lvm2/dist/tools/lvmcmdline.c Wed Jan 05 14:57:27 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: lvmcmdline.c,v 1.1.1.3 2009/12/02 00:25:52 haad Exp $ */
+/* $NetBSD: lvmcmdline.c,v 1.2 2011/01/05 14:57:28 haad Exp $ */
/*
* Copyright (C) 2001-2004 Sistina Software, Inc. All rights reserved.
@@ -1296,8 +1296,32 @@
static void _nonroot_warning(void)
{
+#ifdef __NetBSD__
+ gid_t groups_list[NGROUPS_MAX];
+ int i, group_num, is_operator = 0;
+
+ /* Operator group in NetBSD should be able to see lvm status. */
+ if (getuid() || geteuid()) {
+ group_num = getgroups(NGROUPS_MAX, groups_list);
+
+ for (i = 0; i < group_num; i++) {
+ if (groups_list[i] == DM_DEVICE_GID) {
+ is_operator = 1;
+ init_operator(is_operator);
+ break;
+ }
+ }
+
+ if (is_operator)
+ log_warn("WARNING: Using LVM as operator you have only read access.");
+ else
+ log_warn("WARNING: Running as a non-root user and without "
+ "operator group. Functionality may be unavailable.");
+ }
+#else
if (getuid() || geteuid())
log_warn("WARNING: Running as a non-root user. Functionality may be unavailable.");
+#endif
}
int lvm2_main(int argc, char **argv)
diff -r 8251d7509326 -r 7ad7c34e60f3 external/gpl2/lvm2/lvm2tools.mk
--- a/external/gpl2/lvm2/lvm2tools.mk Wed Jan 05 14:55:10 2011 +0000
+++ b/external/gpl2/lvm2/lvm2tools.mk Wed Jan 05 14:57:27 2011 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: lvm2tools.mk,v 1.2 2010/12/23 17:46:54 christos Exp $
+# $NetBSD: lvm2tools.mk,v 1.3 2011/01/05 14:57:27 haad Exp $
.include <bsd.own.mk>
@@ -10,7 +10,8 @@
LIBDM_INCLUDE= ${NETBSDSRCDIR}/external/gpl2/lvm2/dist/include
# root:operator [cb]rw-r-----
-CPPFLAGS+=-DDM_DEVICE_UID=0 -DDM_DEVICE_GID=5 -DDM_DEVICE_MODE=0640
+CPPFLAGS+=-DDM_DEVICE_UID=0 -DDM_DEVICE_GID=5 -DDM_DEVICE_MODE=0640 \
+ -DDM_CONTROL_DEVICE_MODE=0660 -DLVM_LOCKDIR_MODE=0770
#
#LIBDM_OBJDIR.libdevmapper=${LIBDM_SRCDIR}/lib/libdevmapper/
Home |
Main Index |
Thread Index |
Old Index