BIND 10 trac213, updated. c75108b70a9d560034949a75dc52ecfb59fa0b3f [213] Comment
BIND 10 source code commits
bind10-changes at lists.isc.org
Tue Oct 25 14:11:49 UTC 2011
The branch, trac213 has been updated
via c75108b70a9d560034949a75dc52ecfb59fa0b3f (commit)
via 6266a0dd4e0537335e22c2941940636fe220c202 (commit)
via 14f9cfa80194d2d391ea6657ad0205e6223e2d25 (commit)
from 5e3d007b0b08f340e646a2df9073b31cd3c76476 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c75108b70a9d560034949a75dc52ecfb59fa0b3f
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date: Tue Oct 25 16:11:38 2011 +0200
[213] Comment
commit 6266a0dd4e0537335e22c2941940636fe220c202
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date: Tue Oct 25 16:02:44 2011 +0200
[213] Report switch to user doesn't do expected
commit 14f9cfa80194d2d391ea6657ad0205e6223e2d25
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date: Tue Oct 25 15:34:24 2011 +0200
[213] Don't have two defaults
-----------------------------------------------------------------------
Summary of changes:
src/bin/bind10/bind10_messages.mes | 12 +++++++-----
src/bin/bind10/bind10_src.py.in | 5 +++++
src/bin/bind10/bob.spec | 20 ++++++++++++++------
src/lib/python/isc/bind10/component.py | 7 +++----
src/lib/python/isc/bind10/tests/component_test.py | 7 +++++--
5 files changed, 34 insertions(+), 17 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/bin/bind10/bind10_messages.mes b/src/bin/bind10/bind10_messages.mes
index b04e191..b638710 100644
--- a/src/bin/bind10/bind10_messages.mes
+++ b/src/bin/bind10/bind10_messages.mes
@@ -216,12 +216,14 @@ All modules have been successfully started, and BIND 10 is now running.
There was a fatal error when BIND10 was trying to start. The error is
shown, and BIND10 will now shut down.
-% BIND10_START_AS_NON_ROOT starting %1 as a user, not root. This might fail.
-The given module is being started or restarted without root privileges.
-If the module needs these privileges, it may have problems starting.
-Note that this issue should be resolved by the pending 'socket-creator'
+% BIND10_START_DROP_ROOT Dropping root privileges now, changing to uid %1
+The boss of bind is switching to a user. That means all processes started
+or restarted from now on will be started as that user. Also, all the processes
+started before now are started as root, which might be something else than
+expected. This should be resolved by the pending 'socket-creator'
process; once that has been implemented, modules should not need root
-privileges anymore. See tickets #800 and #801 for more information.
+privileges anymore and we will switch sooner. See tickets #800 and #801 for
+more information.
% BIND10_STOP_PROCESS asking %1 to shut down
The boss module is sending a shutdown command to the given module over
diff --git a/src/bin/bind10/bind10_src.py.in b/src/bin/bind10/bind10_src.py.in
index 7df7df4..4f3458c 100755
--- a/src/bin/bind10/bind10_src.py.in
+++ b/src/bin/bind10/bind10_src.py.in
@@ -245,6 +245,10 @@ class BoB:
self.brittle = brittle
self._component_configurator = isc.bind10.component.Configurator(self,
isc.bind10.special_component.get_specials())
+ # The priorities here make them start in the correct order. First
+ # the socket creator (which would drop root privileges by then),
+ # then message queue and after that the config manager (which uses
+ # the config manager)
self.__core_components = {
'sockcreator': {
'kind': 'core',
@@ -572,6 +576,7 @@ class BoB:
# directly to the function starting socket creator.
if self.uid is not None:
posix.setuid(self.uid)
+ logger.warn(BIND10_START_DROP_ROOT, self.uid)
def startup(self):
"""
diff --git a/src/bin/bind10/bob.spec b/src/bin/bind10/bob.spec
index bc4b4e3..babca95 100644
--- a/src/bin/bind10/bob.spec
+++ b/src/bin/bind10/bob.spec
@@ -8,12 +8,15 @@
"item_type": "named_set",
"item_optional": false,
"item_default": {
- "b10-xfrin": { "address": "Xfrin" },
- "b10-xfrout": { "address": "Xfrout" },
+ "b10-xfrin": { "address": "Xfrin", "kind": "dispensable" },
+ "b10-xfrout": { "address": "Xfrout", "kind": "dispensable" },
"b10-auth": { "special": "auth", "kind": "needed" },
- "b10-zonemgr": { "address": "Zonemgr" },
- "b10-stats": { "address": "Stats" },
- "b10-stats-httpd": { "address": "StatsHttpd" },
+ "b10-zonemgr": { "address": "Zonemgr", "kind": "dispensable" },
+ "b10-stats": { "address": "Stats", "kind": "dispensable" },
+ "b10-stats-httpd": {
+ "address": "StatsHttpd",
+ "kind": "dispensable"
+ },
"b10-cmdctl": { "special": "cmdctl", "kind": "needed" }
},
"named_set_item_spec": {
@@ -34,7 +37,7 @@
},
{
"item_name": "kind",
- "item_optional": true,
+ "item_optional": false,
"item_type": "string",
"item_default": "dispensable"
},
@@ -53,6 +56,11 @@
"item_type": "string",
"item_default": ""
}
+ },
+ {
+ "item_name": "priority",
+ "item_optional": true,
+ "item_type": "integer"
}
]
}
diff --git a/src/lib/python/isc/bind10/component.py b/src/lib/python/isc/bind10/component.py
index 7add835..1c2a75a 100644
--- a/src/lib/python/isc/bind10/component.py
+++ b/src/lib/python/isc/bind10/component.py
@@ -311,7 +311,7 @@ class Configurator:
dictionary, each item represents one component that should be running.
The key is an unique identifier used to reference the component. The
value is a dictionary describing the component. All items in the
- description is optional and they are as follows:
+ description is optional unless told otherwise and they are as follows:
* `special` - Some components are started in a special way. If it is
present, it specifies which class from the specials parameter should
be used to create the component. In that case, some of the following
@@ -321,7 +321,7 @@ class Configurator:
it defaults to the identifier of the component.
* `kind` - The kind of component, either of 'core', 'needed' and
'dispensable'. This specifies what happens if the component fails.
- Defaults to despensable.
+ This one is required.
* `address` - The address of the component on message bus. It is used
to shut down the component. All special components currently either
know their own address or don't need one and ignore it. The common
@@ -435,8 +435,7 @@ class Configurator:
# TODO: Better error handling
creator = self.__specials[component_spec['special']]
component = creator(component_spec.get('process', cname),
- self.__boss,
- component_spec.get('kind', 'dispensable'),
+ self.__boss, component_spec['kind'],
component_spec.get('address'),
component_spec.get('params'))
priority = component_spec.get('priority', 0)
diff --git a/src/lib/python/isc/bind10/tests/component_test.py b/src/lib/python/isc/bind10/tests/component_test.py
index 1ac28cf..797b835 100644
--- a/src/lib/python/isc/bind10/tests/component_test.py
+++ b/src/lib/python/isc/bind10/tests/component_test.py
@@ -693,7 +693,7 @@ class ConfiguratorTest(BossUtils, unittest.TestCase):
# We don't use isinstance on purpose, it would allow a descendant
self.assertTrue(type(component) is Component)
plan = configurator._build_plan({}, {
- 'component': { }
+ 'component': { 'kind': 'dispensable' }
})
self.assertEqual(1, len(plan))
self.assertEqual('start', plan[0]['command'])
@@ -818,7 +818,10 @@ class ConfiguratorTest(BossUtils, unittest.TestCase):
there. This tests it doesn't crash.
"""
configurator = Configurator(self, self.__specials)
- configurator._build_plan({}, {"c1": {}, "c2": {}})
+ configurator._build_plan({}, {
+ "c1": { 'kind': 'dispensable'},
+ "c2": { 'kind': 'dispensable'}
+ })
if __name__ == '__main__':
isc.log.init("bind10") # FIXME Should this be needed?
More information about the bind10-changes
mailing list