GNU bug report logs -
#63562
[PATCH 2/2] services: rsync: Use least authority wrapper.
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 63562 in the body.
You can then email your comments to 63562 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#63562; Package
guix-patches.
(Thu, 18 May 2023 01:57:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Thu, 18 May 2023 01:57:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/services/rsync.scm (rsync-shepherd-service) Wrap rsync command in a
least-authority-wrapper.
---
gnu/services/rsync.scm | 97 ++++++++++++++++++++++++++++--------------
1 file changed, 65 insertions(+), 32 deletions(-)
diff --git a/gnu/services/rsync.scm b/gnu/services/rsync.scm
index 826b757b1c..42e4d0247e 100644
--- a/gnu/services/rsync.scm
+++ b/gnu/services/rsync.scm
@@ -19,16 +19,20 @@
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu services rsync)
+ #:use-module ((gnu build linux-container) #:select (%namespaces))
#:use-module (gnu services)
#:use-module (gnu services base)
#:use-module (gnu services shepherd)
+ #:autoload (gnu system file-systems) (file-system-mapping)
#:use-module (gnu system shadow)
- #:use-module (gnu packages rsync)
#:use-module (gnu packages admin)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu packages rsync)
#:use-module (guix records)
#:use-module (guix gexp)
#:use-module (guix diagnostics)
#:use-module (guix i18n)
+ #:use-module (guix least-authority)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:use-module (ice-9 match)
@@ -236,37 +240,66 @@ (define (rsync-shepherd-service config)
#t))
(const #f)))
- (let* ((rsync (rsync-configuration-package config))
- (pid-file (rsync-configuration-pid-file config))
- (port-number (rsync-configuration-port-number config))
- (user (rsync-configuration-user config))
- (group (rsync-configuration-group config))
- (config-file (rsync-config-file config))
- (rsync-command #~(list (string-append #$rsync "/bin/rsync")
- "--config" #$config-file "--daemon")))
- (list (shepherd-service
- (provision '(rsync))
- (documentation "Run rsync daemon.")
- (actions (list (shepherd-configuration-action config-file)))
- (start #~(if #$inetd-style?
- (make-inetd-constructor
- #$rsync-command
- (cons (endpoint
- (make-socket-address AF_INET INADDR_ANY
- #$port-number))
- (if #$ipv6-support?
- (list
- (endpoint
- (make-socket-address AF_INET6 IN6ADDR_ANY
- #$port-number)))
- '()))
- #:user #$user
- #:group #$group)
- (make-forkexec-constructor #$rsync-command
- #:pid-file #$pid-file
- #:user #$user
- #:group #$group)))
- (stop #~(make-kill-destructor))))))
+ (define (module->file-system-mapping module)
+ "Return the <file-system-mapping> record corresponding to MODULE, an
+<rsync-module> object."
+ (match-record module <rsync-module>
+ (file-name read-only?)
+ (file-system-mapping
+ (source file-name)
+ (target source)
+ (writable? (not read-only?)))))
+
+ (match-record config <rsync-configuration>
+ (package log-file modules pid-file port-number user group)
+ ;; Run the rsync daemon in its own 'mnt' namespace, to guard against
+ ;; change to mount points it may be serving.
+ (let* ((config-file (rsync-config-file config))
+ (rsync-command #~(list #$(least-authority-wrapper
+ (file-append rsync "/bin/rsync")
+ #:name "rsync"
+ #:namespaces (fold delq %namespaces
+ '(net user))
+ #:mappings
+ (append (list (file-system-mapping
+ (source "/var/run/rsyncd")
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source (dirname log-file))
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source config-file)
+ (target source)))
+ (map module->file-system-mapping
+ modules)))
+ "--config" #$config-file "--daemon")))
+ (list (shepherd-service
+ (provision '(rsync))
+ (documentation "Run rsync daemon.")
+ (actions (list (shepherd-configuration-action config-file)))
+ (start #~(if #$inetd-style?
+ (make-inetd-constructor
+ #$rsync-command
+ (cons (endpoint
+ (make-socket-address AF_INET INADDR_ANY
+ #$port-number))
+ (if #$ipv6-support?
+ (list
+ (endpoint
+ (make-socket-address AF_INET6 IN6ADDR_ANY
+ #$port-number)))
+ '()))
+ #:user #$user
+ #:group #$group)
+ (make-forkexec-constructor #$rsync-command
+ #:pid-file #$pid-file
+ #:user #$user
+ #:group #$group)))
+ (stop #~(if #$inetd-style?
+ (make-inetd-destructor)
+ (make-kill-destructor))))))))
(define rsync-service-type
(service-type
--
2.39.2
Forcibly Merged 63561 63562.
Request was from
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
to
control <at> debbugs.gnu.org.
(Thu, 18 May 2023 02:02:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#63562; Package
guix-patches.
(Thu, 18 May 2023 16:59:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 63562 <at> debbugs.gnu.org (full text, mbox):
Hi,
Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis:
> + (make-inetd-constructor
> + #$rsync-command
> + (cons (endpoint
> + (make-socket-address AF_INET INADDR_ANY
> + #$port-number))
> + (if #$ipv6-support?
> + (list
> + (endpoint
> + (make-socket-address AF_INET6 IN6ADDR_ANY
> + #$port-number)))
> + '()))
> + #:user #$user
> + #:group #$group)
> + (make-forkexec-constructor #$rsync-command
I found it fishy that the same command could be used both in inetd mode
and in “regular” daemon mode. Turns out that rsync does something…
surprising, as noted in rsync(1):
If standard input is a socket then rsync will assume that it is being
run via inetd, otherwise it will detach from the current terminal and
become a background daemon.
So I guess this is fine, and a welcome change!
Ludo’.
Information forwarded
to
guix-patches <at> gnu.org:
bug#63562; Package
guix-patches.
(Thu, 18 May 2023 17:01:02 GMT)
Full text and
rfc822 format available.
Message #13 received at 63562 <at> debbugs.gnu.org (full text, mbox):
Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis:
> * gnu/services/rsync.scm (rsync-shepherd-service) Wrap rsync command in a
> least-authority-wrapper.
Nice, LGTM!
Since berlin relies on it for backups, we’ll have to double-check that
it all goes well, in case we overlooked something.
Ludo’.
Reply sent
to
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
You have taken responsibility.
(Fri, 19 May 2023 03:21:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
bug acknowledged by developer.
(Fri, 19 May 2023 03:21:02 GMT)
Full text and
rfc822 format available.
Message #18 received at 63562-done <at> debbugs.gnu.org (full text, mbox):
Hi Ludo,
Ludovic Courtès <ludo <at> gnu.org> writes:
> Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis:
>
>> * gnu/services/rsync.scm (rsync-shepherd-service) Wrap rsync command in a
>> least-authority-wrapper.
>
> Nice, LGTM!
>
> Since berlin relies on it for backups, we’ll have to double-check that
> it all goes well, in case we overlooked something.
Thanks for the review! I've installed the change.
--
Thanks,
Maxim
Reply sent
to
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
You have taken responsibility.
(Fri, 19 May 2023 03:21:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
bug acknowledged by developer.
(Fri, 19 May 2023 03:21:02 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Fri, 16 Jun 2023 11:24:11 GMT)
Full text and
rfc822 format available.
This bug report was last modified 315 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.