proxmox-mirrors/pve-common
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-common synced 2025-07-26 01:22:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

defer some daemon setup routines

Browse Source 
A first step towards untangling some of the intermingled data and
functionality setup tasks for the daemons:

Daemon::new now only validates and untaints arguments, but doesn't
perform any actions such as setuid/setgid until the new Daemon::setup
method which is now executed from Daemon::start right before entering
Daemon::$server_run.

CLIHandler::handle_cmd now takes an optional $preparefunc which is
called after handling 'printmanpod' and 'verifyapi'.
This commit is contained in:
Wolfgang Bumiller 2015-05-28 16:54:16 +02:00 committed by Dietmar Maurer
parent 22d4efe612
commit 8e3e9929ac
2 changed files with 62 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/PVE/CLIHandler.pm
View File

@ -158,7 +158,7 @@ sub print_usage_short {
} }
sub handle_cmd { sub handle_cmd {
my ($def, $cmdname, $cmd, $args, $pwcallback, $podfn) = @_; my ($def, $cmdname, $cmd, $args, $pwcallback, $podfn, $preparefunc) = @_;
$cmddef = $def; $cmddef = $def;
$exename = $cmdname; $exename = $cmdname;
@ -176,6 +176,8 @@ sub handle_cmd {
return; return;
} }
&$preparefunc() if $preparefunc;
$cmd = &$expand_command_name($cmddef, $cmd); $cmd = &$expand_command_name($cmddef, $cmd);
my ($class, $name, $arg_param, $uri_param, $outsub) = @{$cmddef->{$cmd} || []}; my ($class, $name, $arg_param, $uri_param, $outsub) = @{$cmddef->{$cmd} || []};

116
src/PVE/Daemon.pm
View File

@ -247,6 +247,59 @@ my $terminate_server = sub {
} }
}; };
sub setup {
my ($self) = @_;
initlog($self->{name});
my $restart = $ENV{RESTART_PVE_DAEMON};
delete $ENV{RESTART_PVE_DAEMON};
$self->{env_restart_pve_daemon} = $restart;
my $lockfd = $ENV{PVE_DAEMON_LOCK_FD};
delete $ENV{PVE_DAEMON_LOCK_FD};
if (defined($lockfd)) {
die "unable to parse lock fd '$lockfd'\n"
if $lockfd !~ m/^(\d+)$/;
$lockfd = $1; # untaint
}
$self->{env_pve_lock_fd} = $lockfd;
die "please run as root\n" if !$restart && ($> != 0);
die "can't create more that one PVE::Daemon" if $daemon_initialized;
$daemon_initialized = 1;
PVE::INotify::inotify_init();
if (my $gidstr = $self->{setgid}) {
my $gid = getgrnam($gidstr) || die "getgrnam failed - $!\n";
POSIX::setgid($gid) || die "setgid $gid failed - $!\n";
$EGID = "$gid $gid"; # this calls setgroups
# just to be sure
die "detected strange gid\n" if !($GID eq "$gid $gid" && $EGID eq "$gid $gid");
}
if (my $uidstr = $self->{setuid}) {
my $uid = getpwnam($uidstr) || die "getpwnam failed - $!\n";
POSIX::setuid($uid) || die "setuid $uid failed - $!\n";
# just to be sure
die "detected strange uid\n" if !($UID == $uid && $EUID == $uid);
}
if ($restart && $self->{max_workers}) {
if (my $wpids = $ENV{PVE_DAEMON_WORKER_PIDS}) {
foreach my $pid (split(':', $wpids)) {
if ($pid =~ m/^(\d+)$/) {
$self->{old_workers}->{$1} = 1;
}
}
}
}
$self->{nodename} = PVE::INotify::nodename();
}
my $server_run = sub { my $server_run = sub {
my ($self, $debug) = @_; my ($self, $debug) = @_;
@ -382,38 +435,14 @@ sub new {
$name = 'daemon' if !$name; # should not happen $name = 'daemon' if !$name; # should not happen
initlog($name);
my $self; my $self;
eval { eval {
my $restart = $ENV{RESTART_PVE_DAEMON};
delete $ENV{RESTART_PVE_DAEMON};
my $lockfd = $ENV{PVE_DAEMON_LOCK_FD};
delete $ENV{PVE_DAEMON_LOCK_FD};
if (defined($lockfd)) {
die "unable to parse lock fd '$lockfd'\n"
if $lockfd !~ m/^(\d+)$/;
$lockfd = $1; # untaint
}
die "please run as root\n" if !$restart && ($> != 0);
die "can't create more that one PVE::Daemon" if $daemon_initialized;
$daemon_initialized = 1;
PVE::INotify::inotify_init();
my $class = ref($this) || $this; my $class = ref($this) || $this;
$self = bless { $self = bless {
name => $name, name => $name,
pidfile => "/var/run/${name}.pid", pidfile => "/var/run/${name}.pid",
env_restart_pve_daemon => $restart,
env_pve_lock_fd => $lockfd,
workers => {}, workers => {},
old_workers => {}, old_workers => {},
}, $class; }, $class;
@ -440,39 +469,9 @@ sub new {
} }
} }
if (my $gidstr = $self->{setgid}) {
my $gid = getgrnam($gidstr) || die "getgrnam failed - $!\n";
POSIX::setgid($gid) || die "setgid $gid failed - $!\n";
$EGID = "$gid $gid"; # this calls setgroups
# just to be sure
die "detected strange gid\n" if !($GID eq "$gid $gid" && $EGID eq "$gid $gid");
}
if (my $uidstr = $self->{setuid}) { # untaint
my $uid = getpwnam($uidstr) || die "getpwnam failed - $!\n"; $self->{cmdline} = [map { /^(.*)$/ } @$cmdline];
POSIX::setuid($uid) || die "setuid $uid failed - $!\n";
# just to be sure
die "detected strange uid\n" if !($UID == $uid && $EUID == $uid);
}
if ($restart && $self->{max_workers}) {
if (my $wpids = $ENV{PVE_DAEMON_WORKER_PIDS}) {
foreach my $pid (split(':', $wpids)) {
if ($pid =~ m/^(\d+)$/) {
$self->{old_workers}->{$1} = 1;
}
}
}
}
$self->{nodename} = PVE::INotify::nodename();
$self->{cmdline} = [];
foreach my $el (@$cmdline) {
$el =~ m/^(.*)$/; # untaint
push @{$self->{cmdline}}, $1;
}
$0 = $name; $0 = $name;
}; };
@ -555,7 +554,10 @@ sub run {
sub start { sub start {
my ($self, $debug) = @_; my ($self, $debug) = @_;
eval { &$server_run($self, $debug); }; eval {
$self->setup();
&$server_run($self, $debug);
};
if (my $err = $@) { if (my $err = $@) {
&$log_err("start failed - $err"); &$log_err("start failed - $err");
exit(-1); exit(-1);