| author | Olivier Brunel
<jjk@jjacky.com> 2015-10-16 13:01:08 UTC |
| committer | Olivier Brunel
<jjk@jjacky.com> 2015-10-16 13:01:08 UTC |
| parent | 93f5158b97a70c4e82774dc8248f1b25c981a8c2 |
| doc/aa-enable.pod | +18 | -2 |
| doc/anopa.pod | +4 | -0 |
| src/anopa/aa-enable.c | +11 | -0 |
| src/include/anopa/enable_service.h | +4 | -3 |
| src/libanopa/enable_service.c | +12 | -0 |
diff --git a/doc/aa-enable.pod b/doc/aa-enable.pod index c32bbb0..c9e2525 100644 --- a/doc/aa-enable.pod +++ b/doc/aa-enable.pod @@ -6,7 +6,7 @@ aa-enable - Enable services, i.e. copy servicedirs to repodir B<aa-enable> [B<-D>] [B<-r> I<REPODIR>] [B<-c> I<CRASH>] [B<-f> I<FINISH>] [B<-k> I<SERVICE>] [B<-S> I<SOURCEDIR>] [B<-s> I<SOURCEDIR>] [B<-l> I<LISTDIR>] -[B<-N>] [B<-W>] [B<-u>] [I<SERVICE...>] +[B<-N>] [B<-W>] [B<-u>] [B<--no-supervise>] [I<SERVICE...>] =head1 OPTIONS @@ -77,6 +77,20 @@ directories will be processed in the order they were added. Upgrade servicedirs instead of creating them. See below for implications. +=item B<--no-supervise> + +Disable creation of I<supervise> folders for longrun services. By default, +B<aa-enable>(1) will create a folder I<supervise> with permissions 0711 for +every longrun service (including loggers). + +This is meant to ensure one can read the s6 status file (which is +world-readable by default) without the need to be root. This allows for example +to use B<aa-status>(1) as a user properly. + +If you were to disable this, the I<supervise> folders would likely be created by +B<s6-supervise> with 0700 permissions, and when trying to read s6 status as a +user a "Permission denied" error would occur. + =item B<-V, --version> Show version information and exit. @@ -128,6 +142,8 @@ it already existed, or the service was specified to B<--skip-down>) to ensure the service won't be auto-started by B<s6-svscan>, and a symlink is added to the servicedir into the I<.scandir> sub-directory of I<REPODIR> (even if the service was specified to B<--skip-down>). +And, unless option B<--no-supervise> was specified, a folder I<supervise> is +created with 0711 permissions. - As last step, B<aa-enable>(1) will check if a regular file I<log/run-args> exists in the newly created servicedir, and if so its content will be appended @@ -219,7 +235,7 @@ When used, B<aa-enable>(1) will behave as usual with the following changes: content); - For longruns, no I<down> file will be created, nor will a symlink be added - into the scandir; + into the scandir or I<supervise> folder be created; - If used, options B<--set-finish> and B<--set-crash> are ignored. diff --git a/doc/anopa.pod b/doc/anopa.pod index 8d004c4..dc88b5a 100644 --- a/doc/anopa.pod +++ b/doc/anopa.pod @@ -146,6 +146,8 @@ For completeness, the following "internals" are also supported. It is automatically created by B<s6-supervise> if it does not exist. This is where B<s6-supervise> stores its information. The directory must be writable. +It is automatically created by B<aa-enable>(1) with permissions 0711, to allow +reading the status file as a user. =item A fifodir named I<event> @@ -156,6 +158,8 @@ used to send notifications when the service goes up/down. If such a file exists, the default state of the service is considered down, not up, and it isn't automatically started by B<s6-supervise>. +It is automatically created by B<aa-enable>(1), except for the service specified +with B<--skip-down>. =back diff --git a/src/anopa/aa-enable.c b/src/anopa/aa-enable.c index c82799d..4eb33b6 100644 --- a/src/anopa/aa-enable.c +++ b/src/anopa/aa-enable.c @@ -187,6 +187,7 @@ dieusage (int rc) " -c, --set-crash TARGET Create s6-svscan symlink crash to TARGET\n" " -N, --no-needs Don't auto-enable services from 'needs'\n" " -W, --no-wants Don't auto-enable services from 'wants'\n" + " --no-supervise Don't create supervise folders for longruns\n" " -h, --help Show this help screen and exit\n" " -V, --version Show version information and exit\n" ); @@ -210,6 +211,7 @@ main (int argc, char * const argv[]) for (;;) { + int extra = 0; struct option longopts[] = { { "set-crash", required_argument, NULL, 'c' }, { "double-output", no_argument, NULL, 'D' }, @@ -224,6 +226,7 @@ main (int argc, char * const argv[]) { "upgrade", no_argument, NULL, 'u' }, { "version", no_argument, NULL, 'V' }, { "no-wants", no_argument, NULL, 'W' }, + { "no-supervise", no_argument, &extra, 1 }, { NULL, 0, 0, 0 } }; int c; @@ -287,6 +290,14 @@ main (int argc, char * const argv[]) flags &= ~AA_FLAG_AUTO_ENABLE_WANTS; break; + case 0: + if (extra == 1) + flags |= AA_FLAG_NO_SUPERVISE; + else + aa_strerr_dief1x (1, "internal error processing options"); + extra = 0; + break; + default: dieusage (1); } diff --git a/src/include/anopa/enable_service.h b/src/include/anopa/enable_service.h index b994cf4..62c5d9a 100644 --- a/src/include/anopa/enable_service.h +++ b/src/include/anopa/enable_service.h @@ -32,10 +32,11 @@ typedef enum AA_FLAG_AUTO_ENABLE_WANTS = (1 << 1), AA_FLAG_SKIP_DOWN = (1 << 2), AA_FLAG_UPGRADE_SERVICEDIR = (1 << 3), + AA_FLAG_NO_SUPERVISE = (1 << 4), /* private */ - _AA_FLAG_IS_SERVICEDIR = (1 << 4), - _AA_FLAG_IS_CONFIGDIR = (1 << 5), - _AA_FLAG_IS_1OF4 = (1 << 6) + _AA_FLAG_IS_SERVICEDIR = (1 << 5), + _AA_FLAG_IS_CONFIGDIR = (1 << 6), + _AA_FLAG_IS_1OF4 = (1 << 7) } aa_enable_flags; extern stralloc aa_sa_sources; diff --git a/src/libanopa/enable_service.c b/src/libanopa/enable_service.c index daa82e1..35889d7 100644 --- a/src/libanopa/enable_service.c +++ b/src/libanopa/enable_service.c @@ -447,6 +447,18 @@ next: goto err; } } + + if (!(flags & AA_FLAG_NO_SUPERVISE)) + { + char buf[l_dst + 1 + strlen ("supervise") + 1]; + + byte_copy (buf, l_dst, dst); + buf[l_dst] = '/'; + byte_copy (buf + l_dst + 1, strlen ("supervise") + 1, "supervise"); + + if (mkdir (buf, 0711) < 0) + warn_fn (buf, errno); + } } }