Page MenuHomeFreeBSD
Differential D41464

syslogd: Refresh configuration using libcasper
Needs ReviewPublic
Actions

Authored by jfree on Aug 15 2023, 4:07 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Apr 20, 1:48 PM
Unknown Object (File)
Apr 13 2024, 11:00 AM
Unknown Object (File)
Apr 12 2024, 12:12 PM
Unknown Object (File)
Apr 10 2024, 12:21 AM
Unknown Object (File)
Apr 9 2024, 6:49 AM
Unknown Object (File)
Apr 9 2024, 1:15 AM
Unknown Object (File)
Apr 8 2024, 6:48 PM
Unknown Object (File)
Mar 27 2024, 10:14 PM
View All 36 Files
Subscribers
guest-patmaddox
imp

Details

Reviewers
markj
Summary
When a SIGHUP signal is sent to syslogd, the configuration is reparsed,
leading to new resource acquisition.

If syslogd is running in capability mode and a SIGHUP is received, new
resources cannot be acquired. To mitigate this issue, libcasper is used
to parse the configuration.

The libcasper process runs outside of capability mode and is capable of
parsing syslogd's configuration and obtaining new resources. These
resources are then sent to the syslogd process via nvlist.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

jfree created this revision.Aug 15 2023, 4:07 AM
Herald added a subscriber: imp. · View Herald TranscriptAug 15 2023, 4:07 AM
jfree requested review of this revision.Aug 15 2023, 4:07 AM
jfree added a parent revision: D41463: syslogd: Create syslogd libcasper service.Aug 15 2023, 4:09 AM
jfree added a child revision: D41465: syslogd: Log messages using libcasper.
jfree updated this revision to Diff 126344.Aug 21 2023, 10:49 PM

Use logerror() to log errors instead of exiting. This makes debugging significantly easier when something goes wrong during configuration parsing.

jfree updated this revision to Diff 126390.Aug 22 2023, 6:52 PM

Update to avoid rebase conflicts

markj added inline comments.Aug 24 2023, 2:37 PM
usr.sbin/syslogd/syslogd_cap_config.c
74

What's the point of having filed_count as an nvlist element? Doesn't nvlist_get_nvlist_array() return the size of the array in filed_count?

130

Per my comment in D41463, we should continue factoring this code out to make it less confusing. In an ideal design, IMO, readconfigfile() would return the nvlist instead of mucking with global variables.

That doesn't need to happen in this revision, it's just a comment about the direction I think we should go.

jfree updated this revision to Diff 126468.Aug 24 2023, 3:56 PM

Don't manually add the filed count to the nvlist. The filed count is fetched when getting the nvlist filed array.

jfree updated this revision to Diff 126532.Aug 25 2023, 10:10 PM

Fix minor mistyping in populate_config(). filed_count should be declared as size_t, not uint64_t.

markj added inline comments.Aug 31 2023, 2:24 PM
usr.sbin/syslogd/syslogd_cap_config.c
82

Does the casper service do any validation of the config file path? Doesn't this interface allow syslogd to parse any file as a syslogd configuration file and derive capabilities from it?

Most likely we should handle this by making the configuration service take a limit, set by cap_limit_set(). During initialization, syslogd would limit the service to only /etc/syslog.conf (or whatever is specified by -f). An attempt to parse any other file should be rejected by the casper service.

jfree updated this revision to Diff 126825.Sep 3 2023, 3:17 AM
jfree edited parent revisions, added: D41703: syslogd: Use anonymous union in struct filed; removed: D41463: syslogd: Create syslogd libcasper service.

Create filed nvlist directly from readconfigfile() and address Mark's comments.

jfree added inline comments.Sep 3 2023, 3:20 AM
usr.sbin/syslogd/syslogd_cap_config.c
82

Does the casper service do any validation of the config file path? Doesn't this interface allow syslogd to parse any file as a syslogd configuration file and derive capabilities from it?

Most likely we should handle this by making the configuration service take a limit, set by cap_limit_set(). During initialization, syslogd would limit the service to only /etc/syslog.conf (or whatever is specified by -f). An attempt to parse any other file should be rejected by the casper service.

I made ConfFile a global variable and did a strcmp() to verify that the passed-in path matched libcasper's original copy.

guest-patmaddox added a subscriber: guest-patmaddox.Dec 13 2023, 9:55 PM

Revision Contents
Changeset List

PathSize
usr.sbin/
syslogd/
3 lines
15 lines
234 lines
14 lines
9 lines
296 lines

Diff 126825

View Options

usr.sbin/syslogd/Makefile

Loading...
View Options

usr.sbin/syslogd/syslogd.h

Loading...
View Options

usr.sbin/syslogd/syslogd.c

Loading...
View Options

usr.sbin/syslogd/syslogd_cap.h

Loading...
View Options

usr.sbin/syslogd/syslogd_cap.c

Loading...
View Options

usr.sbin/syslogd/syslogd_cap_config.c

Loading...