-
-
Notifications
You must be signed in to change notification settings - Fork 14.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
setuid-wrapper activation: Approximate atomicity #18126
Conversation
@shlevy, thanks for your PR! By analyzing the annotation information on this pull request, we identified @edolstra, @MarcWeber and @peti to be potential reviewers |
@domenkozar please test, I don't have a working 16.09 system yet. |
@@ -17,6 +17,12 @@ let | |||
''; | |||
}; | |||
|
|||
setuid-swap - pkgs.runCommand "setuid-swap" {} '' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should be s/-/=/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Darn, too slow!
1ef9f95
to
be6f5d0
Compare
@@ -0,0 +1,36 @@ | |||
#define _GNU_SOURCE |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(nitpick) Missing header comment explaining what this source does
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, normally I'd agree, but IMO this is widespread enough not to need it. From https://www.gnu.org/software/libc/manual/html_node/Feature-Test-Macros.html#index-_005fGNU_005fSOURCE:
If you define this macro, everything is included: ISO C89, ISO C99, POSIX.1, POSIX.2, BSD, SVID, X/Open, LFS, and GNU extensions. In the cases where POSIX.1 conflicts with BSD, the POSIX definitions take precedence.
In other words, "this is non-portable, give me all the extensions"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, I meant for the whole file, would be nice to have a description what these 36 lines do :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, OK, incoming
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pushed
be6f5d0
to
612b1a6
Compare
I fear this will need a migration path also:
|
Oh |
612b1a6
to
d8f14b8
Compare
Fixed |
|
d8f14b8
to
21e5d51
Compare
Hmm I wonder if that's because you're running under sudo and so one of the files is open? Anyway, pushed a fix. |
This makes the replacement of the old wapper dir with the new one atomic if the kernel and FS support RENAME_EXCHANGE, and falls back to at least ensuring the old wrapper dir remains on the FS if interrupted during the (now smaller) inconsistent window. Fixes NixOS#18124
21e5d51
to
14e5cde
Compare
@shlevy I'm using what ever nixops is using. Next error:
|
Hmm, what behavior do we want here, when there's an old tmp hanging around? Just clear it unconditionally? Keep one backup if it exists? |
@shlevy so that would happen only in case of failure during the activationScript? I'd just error out and instruct to delete it manually since it's hard to know what happened. |
Why not make |
Originally I had the impression that setuid scripts living in a symlink dir was dangerous, but I misunderstood that issue. So will close this, go @edolstra's route |
Moved the discussion to #18124 |
This makes the replacement of the old wapper dir with the new one
atomic if the kernel and FS support RENAME_EXCHANGE, and falls back to
at least ensuring the old wrapper dir remains on the FS if interrupted
during the (now smaller) inconsistent window.
Fixes #18124