ip/tftpd: add -n namespace-file flag (thanks sam-d)
tftpd currently unconditionally sets its namespace via /lib/namespace
(newns("none", nil)), which stymied my attempts to pxe boot the
openbsd installer without creating a real /etc dir on 9front, which
would've been gross.
I tried working around this with -h (and -r for good measure), but
again hit issues because the namespace is rebuilt from scratch -- any
binds of /386, /amd64, /cfg/pxe, etc. into the tftp-specific directory
disappeared from tftpd's namespace and rendered my *9front* boxes
unable to boot. I could maintain copies of the needed files in the
tftp-specific directory, but that'd be kind of a drag.
The following patch adds a -n flag to allow the specification of a
namespace file in place of /lib/namespace; similar to ip/ftpd.
I thought about setting up a /lib/namespace.tftp to act as a default
rather than continuing to use /lib/namespace by default (which
security-wise is about the same as allowing 9p mounts by user none,
which I also have disabled), but I had trouble coming up with a sane
default. Maybe someone more experienced would like to try that out.
- sam-d
This commit is contained in:
cinap_lenrek
parent
a96cf495fa
commit
27ad886c95
2 changed files with 10 additions and 1 deletions
|
|
@ -42,6 +42,8 @@ dhcpd, dhcp6d, dhcpleases, rarpd, tftpd \- Internet booting
|
||||||
.IR homedir ]
|
.IR homedir ]
|
||||||
.RB [ -x
|
.RB [ -x
|
||||||
.IR netmtpt ]
|
.IR netmtpt ]
|
||||||
|
.RB [ -n
|
||||||
|
.IR namespace-file ]
|
||||||
.SH DESCRIPTION
|
.SH DESCRIPTION
|
||||||
These programs support booting over the Internet.
|
These programs support booting over the Internet.
|
||||||
They should all be run on the same server to
|
They should all be run on the same server to
|
||||||
|
|
@ -318,6 +320,9 @@ supports only octet mode.
|
||||||
.B r
|
.B r
|
||||||
Restricts access to only those files rooted in the
|
Restricts access to only those files rooted in the
|
||||||
.IR homedir .
|
.IR homedir .
|
||||||
|
.TP
|
||||||
|
.B n
|
||||||
|
Sets the namespace file (default /lib/namespace).
|
||||||
.PD
|
.PD
|
||||||
.SH FILES
|
.SH FILES
|
||||||
.BR /lib/ndb/dhcp " directory of dynamic address files
|
.BR /lib/ndb/dhcp " directory of dynamic address files
|
||||||
|
|
|
||||||
|
|
@ -93,6 +93,7 @@ char raddr[64];
|
||||||
char *dirsl;
|
char *dirsl;
|
||||||
int dirsllen;
|
int dirsllen;
|
||||||
char *homedir = "/";
|
char *homedir = "/";
|
||||||
|
char *nsfile = nil;
|
||||||
char flog[] = "ipboot";
|
char flog[] = "ipboot";
|
||||||
char net[Maxpath];
|
char net[Maxpath];
|
||||||
|
|
||||||
|
|
@ -138,6 +139,9 @@ main(int argc, char **argv)
|
||||||
case 'x':
|
case 'x':
|
||||||
setnetmtpt(net, sizeof net, EARGF(usage()));
|
setnetmtpt(net, sizeof net, EARGF(usage()));
|
||||||
break;
|
break;
|
||||||
|
case 'n':
|
||||||
|
nsfile = EARGF(usage());
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
usage();
|
usage();
|
||||||
}ARGEND
|
}ARGEND
|
||||||
|
|
@ -740,7 +744,7 @@ setuser(void)
|
||||||
{
|
{
|
||||||
if(procsetuser("none") < 0)
|
if(procsetuser("none") < 0)
|
||||||
sysfatal("can't become none: %r");
|
sysfatal("can't become none: %r");
|
||||||
if(newns("none", nil) < 0)
|
if(newns("none", nsfile) < 0)
|
||||||
sysfatal("can't build namespace: %r");
|
sysfatal("can't build namespace: %r");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue