ip/tftpd: add -n namespace-file flag (thanks sam-d)
tftpd currently unconditionally sets its namespace via /lib/namespace
(newns("none", nil)), which stymied my attempts to pxe boot the
openbsd installer without creating a real /etc dir on 9front, which
would've been gross.
I tried working around this with -h (and -r for good measure), but
again hit issues because the namespace is rebuilt from scratch -- any
binds of /386, /amd64, /cfg/pxe, etc. into the tftp-specific directory
disappeared from tftpd's namespace and rendered my *9front* boxes
unable to boot. I could maintain copies of the needed files in the
tftp-specific directory, but that'd be kind of a drag.
The following patch adds a -n flag to allow the specification of a
namespace file in place of /lib/namespace; similar to ip/ftpd.
I thought about setting up a /lib/namespace.tftp to act as a default
rather than continuing to use /lib/namespace by default (which
security-wise is about the same as allowing 9p mounts by user none,
which I also have disabled), but I had trouble coming up with a sane
default. Maybe someone more experienced would like to try that out.
- sam-d
This commit is contained in:
cinap_lenrek
parent
a96cf495fa
commit
27ad886c95
2 changed files with 10 additions and 1 deletions
|
|
@ -42,6 +42,8 @@ dhcpd, dhcp6d, dhcpleases, rarpd, tftpd \- Internet booting
|
|||
.IR homedir ]
|
||||
.RB [ -x
|
||||
.IR netmtpt ]
|
||||
.RB [ -n
|
||||
.IR namespace-file ]
|
||||
.SH DESCRIPTION
|
||||
These programs support booting over the Internet.
|
||||
They should all be run on the same server to
|
||||
|
|
@ -318,6 +320,9 @@ supports only octet mode.
|
|||
.B r
|
||||
Restricts access to only those files rooted in the
|
||||
.IR homedir .
|
||||
.TP
|
||||
.B n
|
||||
Sets the namespace file (default /lib/namespace).
|
||||
.PD
|
||||
.SH FILES
|
||||
.BR /lib/ndb/dhcp " directory of dynamic address files
|
||||
|
|
|
|||
|
|
@ -93,6 +93,7 @@ char raddr[64];
|
|||
char *dirsl;
|
||||
int dirsllen;
|
||||
char *homedir = "/";
|
||||
char *nsfile = nil;
|
||||
char flog[] = "ipboot";
|
||||
char net[Maxpath];
|
||||
|
||||
|
|
@ -138,6 +139,9 @@ main(int argc, char **argv)
|
|||
case 'x':
|
||||
setnetmtpt(net, sizeof net, EARGF(usage()));
|
||||
break;
|
||||
case 'n':
|
||||
nsfile = EARGF(usage());
|
||||
break;
|
||||
default:
|
||||
usage();
|
||||
}ARGEND
|
||||
|
|
@ -740,7 +744,7 @@ setuser(void)
|
|||
{
|
||||
if(procsetuser("none") < 0)
|
||||
sysfatal("can't become none: %r");
|
||||
if(newns("none", nil) < 0)
|
||||
if(newns("none", nsfile) < 0)
|
||||
sysfatal("can't build namespace: %r");
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue