| Message ID | 1453953196-29943-3-git-send-email-andrew@lunn.ch (mailing list archive) |
|---|---|
| State | Superseded, archived |
| Delegated to: | Simon Wunderlich |
| Headers |
Return-Path: <andrew@lunn.ch> Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=178.209.37.122; helo=vps0.lunn.ch; envelope-from=andrew@lunn.ch; receiver=b.a.t.m.a.n@lists.open-mesh.org Authentication-Results: open-mesh.org; dmarc=none header.from=lunn.ch Received: from vps0.lunn.ch (vps0.lunn.ch [178.209.37.122]) by open-mesh.org (Postfix) with ESMTPS id 9F5F481CC2 for <b.a.t.m.a.n@lists.open-mesh.org>; Thu, 28 Jan 2016 04:53:38 +0100 (CET) Received: from andrew by vps0.lunn.ch with local (Exim 4.80) (envelope-from <andrew@lunn.ch>) id 1aOde6-0007nf-1M; Thu, 28 Jan 2016 04:53:22 +0100 From: Andrew Lunn <andrew@lunn.ch> To: Antonio Quartulli <a@unstable.cc> Date: Thu, 28 Jan 2016 04:53:15 +0100 Message-Id: <1453953196-29943-3-git-send-email-andrew@lunn.ch> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1453953196-29943-1-git-send-email-andrew@lunn.ch> References: <1453953196-29943-1-git-send-email-andrew@lunn.ch> Cc: b.a.t.m.a.n@lists.open-mesh.org Subject: [B.A.T.M.A.N.] [PATCH 3/3] alfred: Mount debugfs before reducing capabilities X-BeenThere: b.a.t.m.a.n@lists.open-mesh.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: The list for a Better Approach To Mobile Ad-hoc Networking <b.a.t.m.a.n.lists.open-mesh.org> List-Unsubscribe: <https://lists.open-mesh.org/mm/options/b.a.t.m.a.n>, <mailto:b.a.t.m.a.n-request@lists.open-mesh.org?subject=unsubscribe> List-Archive: <http://lists.open-mesh.org/pipermail/b.a.t.m.a.n/> List-Post: <mailto:b.a.t.m.a.n@lists.open-mesh.org> List-Help: <mailto:b.a.t.m.a.n-request@lists.open-mesh.org?subject=help> List-Subscribe: <https://lists.open-mesh.org/mm/listinfo/b.a.t.m.a.n>, <mailto:b.a.t.m.a.n-request@lists.open-mesh.org?subject=subscribe> X-List-Received-Date: Thu, 28 Jan 2016 03:53:38 -0000 |
Commit Message
Andrew Lunn
Jan. 28, 2016, 3:53 a.m. UTC
The debugfs helper code has the ability to mount the debugfs file
system if it is not already mounted. However, it cannot do this
after the capabilities have been dropped. So perform the mount early.
This is especially important when using network name spaces. Each
namespace has its own /sys, so the mount of debugfs in the global
namespace is not visible in other namespaces.
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
---
main.c | 4 ++++
1 file changed, 4 insertions(+)
Comments
On Thursday 28 January 2016 04:53:15 Andrew Lunn wrote: > The debugfs helper code has the ability to mount the debugfs file > system if it is not already mounted. However, it cannot do this > after the capabilities have been dropped. So perform the mount early. > > This is especially important when using network name spaces. Each > namespace has its own /sys, so the mount of debugfs in the global > namespace is not visible in other namespaces. > > Signed-off-by: Andrew Lunn <andrew@lunn.ch> > --- > main.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/main.c b/main.c > index 452d9ae..b1c5ec5 100644 > --- a/main.c > +++ b/main.c > @@ -30,6 +30,7 @@ > #include <unistd.h> > #endif > #include "alfred.h" > +#include "debugfs.h" > #include "packet.h" > #include "list.h" > > @@ -160,6 +161,9 @@ static struct globals *alfred_init(int argc, char > *argv[]) {NULL, 0, NULL, 0}, > }; > > + /* We need full capabilities to mount debugfs, so do that now */ > + debugfs_mount(NULL); > + > ret = reduce_capabilities(); > if (ret < 0) > return NULL; Can't we remove the other calls to debugfs_mount() ? I see 3 more calls in alfred ... Cheers, Simon
On Fri, Jan 29, 2016 at 01:14:53PM +0100, Simon Wunderlich wrote: > On Thursday 28 January 2016 04:53:15 Andrew Lunn wrote: > > The debugfs helper code has the ability to mount the debugfs file > > system if it is not already mounted. However, it cannot do this > > after the capabilities have been dropped. So perform the mount early. > > > > This is especially important when using network name spaces. Each > > namespace has its own /sys, so the mount of debugfs in the global > > namespace is not visible in other namespaces. > > > > Signed-off-by: Andrew Lunn <andrew@lunn.ch> > > --- > > main.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/main.c b/main.c > > index 452d9ae..b1c5ec5 100644 > > --- a/main.c > > +++ b/main.c > > @@ -30,6 +30,7 @@ > > #include <unistd.h> > > #endif > > #include "alfred.h" > > +#include "debugfs.h" > > #include "packet.h" > > #include "list.h" > > > > @@ -160,6 +161,9 @@ static struct globals *alfred_init(int argc, char > > *argv[]) {NULL, 0, NULL, 0}, > > }; > > > > + /* We need full capabilities to mount debugfs, so do that now */ > > + debugfs_mount(NULL); > > + > > ret = reduce_capabilities(); > > if (ret < 0) > > return NULL; > > Can't we remove the other calls to debugfs_mount() ? I see 3 more calls in > alfred ... Yes, the other calls within this binary are probably failing, due to reduced capabilities. I can remove them in a v3 patch. Andrew
Hi Andrew, On Tuesday 02 February 2016 03:25:12 Andrew Lunn wrote: > On Fri, Jan 29, 2016 at 01:14:53PM +0100, Simon Wunderlich wrote: > > On Thursday 28 January 2016 04:53:15 Andrew Lunn wrote: > [...] > > > @@ -160,6 +161,9 @@ static struct globals *alfred_init(int argc, char > > > *argv[]) {NULL, 0, NULL, 0}, > > > > > > }; > > > > > > + /* We need full capabilities to mount debugfs, so do that now */ > > > + debugfs_mount(NULL); > > > + > > > > > > ret = reduce_capabilities(); > > > if (ret < 0) > > > > > > return NULL; > > > > Can't we remove the other calls to debugfs_mount() ? I see 3 more calls in > > alfred ... > > Yes, the other calls within this binary are probably failing, due to > reduced capabilities. I can remove them in a v3 patch. > > Andrew Are you still planning on sending a fixed patchset? :) Thanks! Simon
On Thu, Mar 10, 2016 at 04:09:18PM +0100, Simon Wunderlich wrote: > Hi Andrew, > > On Tuesday 02 February 2016 03:25:12 Andrew Lunn wrote: > > On Fri, Jan 29, 2016 at 01:14:53PM +0100, Simon Wunderlich wrote: > > > On Thursday 28 January 2016 04:53:15 Andrew Lunn wrote: > > [...] > > > > @@ -160,6 +161,9 @@ static struct globals *alfred_init(int argc, char > > > > *argv[]) {NULL, 0, NULL, 0}, > > > > > > > > }; > > > > > > > > + /* We need full capabilities to mount debugfs, so do that now */ > > > > + debugfs_mount(NULL); > > > > + > > > > > > > > ret = reduce_capabilities(); > > > > if (ret < 0) > > > > > > > > return NULL; > > > > > > Can't we remove the other calls to debugfs_mount() ? I see 3 more calls in > > > alfred ... > > > > Yes, the other calls within this binary are probably failing, due to > > reduced capabilities. I can remove them in a v3 patch. > > > > Andrew > > Are you still planning on sending a fixed patchset? :) Hi Simon I have a fixed up version. But at the moment, it is not clear what is happening with the kernel patches. Maybe we need to change the debugfs API in order to make it easier to build with older kernels? Andrew
diff --git a/main.c b/main.c index 452d9ae..b1c5ec5 100644 --- a/main.c +++ b/main.c @@ -30,6 +30,7 @@ #include <unistd.h> #endif #include "alfred.h" +#include "debugfs.h" #include "packet.h" #include "list.h" @@ -160,6 +161,9 @@ static struct globals *alfred_init(int argc, char *argv[]) {NULL, 0, NULL, 0}, }; + /* We need full capabilities to mount debugfs, so do that now */ + debugfs_mount(NULL); + ret = reduce_capabilities(); if (ret < 0) return NULL;