From 2adacafe55fc9b72eba552055ff194bd17903a39 Mon Sep 17 00:00:00 2001 From: Jiwoong Im Date: Mon, 22 Aug 2016 17:18:11 +0900 Subject: [PATCH] move base db data file path to R/O Change-Id: I85ddc7c4ade851ca0e4657c0ae2da528400ecb3c Signed-off-by: Jiwoong Im --- CMakeLists.txt | 3 +++ backend/gdbm.c | 19 ++++++++++--------- common/backend.h | 5 +++-- common/common.h | 5 +++++ common/direct.c | 49 +++++++++++++++++++++++++++++++++++++++---------- packaging/buxton2.spec | 12 ++++++++++-- 6 files changed, 70 insertions(+), 23 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 19c9ba6..8ca9b31 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -34,6 +34,9 @@ ENDIF() IF(NOT "${MODULE_DIR}" STREQUAL "") ADD_DEFINITIONS(-DMODULE_DIR="${MODULE_DIR}") ENDIF() +IF(NOT "${BASE_DB_DIR}" STREQUAL "") + ADD_DEFINITIONS(-DBASE_DB_DIR="${BASE_DB_DIR}") +ENDIF() IF(NOT "${DB_DIR}" STREQUAL "") ADD_DEFINITIONS(-DDB_DIR="${DB_DIR}") ENDIF() diff --git a/backend/gdbm.c b/backend/gdbm.c index 1c9a698..e4f104c 100644 --- a/backend/gdbm.c +++ b/backend/gdbm.c @@ -39,7 +39,7 @@ static void free_db(GDBM_FILE db) gdbm_close(db); } -static GDBM_FILE open_gdbm(const char *dbpath) +static GDBM_FILE open_gdbm(const char *dbpath, bool readonly) { GDBM_FILE db; char *nm; @@ -63,7 +63,8 @@ static GDBM_FILE open_gdbm(const char *dbpath) return NULL; } - db = gdbm_open(nm, 0, GDBM_WRCREAT, S_IRUSR | S_IWUSR, NULL); + db = gdbm_open(nm, 0, readonly ? GDBM_READER : GDBM_WRCREAT, + S_IRUSR | S_IWUSR, NULL); if (!db) { bxt_err("Open '%s' failed: %s", dbpath, gdbm_strerror(gdbm_errno)); @@ -84,7 +85,7 @@ static GDBM_FILE open_gdbm(const char *dbpath) return db; } -static int open_db(const char *dbpath) +static int open_db(const char *dbpath, bool readonly) { GDBM_FILE db; @@ -93,7 +94,7 @@ static int open_db(const char *dbpath) return -1; } - db = open_gdbm(dbpath); + db = open_gdbm(dbpath, readonly); if (!db) return -1; @@ -143,7 +144,7 @@ static int set_value(const char *dbpath, const char *key, const void *data, return -1; } - db = open_gdbm(dbpath); + db = open_gdbm(dbpath, false); if (!db) return -1; @@ -172,7 +173,7 @@ static int set_value(const char *dbpath, const char *key, const void *data, } static int get_value(const char *dbpath, const char *key, void **data, - int *dlen) + int *dlen, bool readonly) { GDBM_FILE db; datum d_key; @@ -183,7 +184,7 @@ static int get_value(const char *dbpath, const char *key, void **data, return -1; } - db = open_gdbm(dbpath); + db = open_gdbm(dbpath, readonly); if (!db) return -1; @@ -215,7 +216,7 @@ static int unset_value(const char *dbpath, const char *key) return -1; } - db = open_gdbm(dbpath); + db = open_gdbm(dbpath, false); if (!db) return -1; @@ -261,7 +262,7 @@ static int list_keys(const char *dbpath, char ***keys, unsigned int *klen) return -1; } - db = open_gdbm(dbpath); + db = open_gdbm(dbpath, true); if (!db) return -1; diff --git a/common/backend.h b/common/backend.h index 7e04922..6bca0cb 100644 --- a/common/backend.h +++ b/common/backend.h @@ -19,6 +19,7 @@ #pragma once #include +#include #ifndef EXPORT # define EXPORT __attribute__((visibility("default"))) @@ -27,12 +28,12 @@ typedef int (*backend_module_init)(void); typedef void (*backend_module_exit)(void); -typedef int (*backend_open_db)(const char *dbpath); +typedef int (*backend_open_db)(const char *dbpath, bool readonly); typedef int (*backend_remove_db)(const char *dbpath); typedef int (*backend_set_value)(const char *dbpath, const char *key, const void *data, int dlen); typedef int (*backend_get_value)(const char *dbpath, - const char *key, void **data, int *dlen); + const char *key, void **data, int *dlen, bool readonly); typedef int (*backend_unset_value)(const char *dbpath, const char *key); typedef int (*backend_list_keys)(const char *dbpath, char ***keys, unsigned int *klen); diff --git a/common/common.h b/common/common.h index 5009f0b..0f437aa 100644 --- a/common/common.h +++ b/common/common.h @@ -35,6 +35,11 @@ # define MODULE_DIR "/usr/lib/buxton" #endif +#ifndef BASE_DB_DIR +# warning "BASE_DB_DIR is not set. default value is used" +# define BASE_DB_DIR "/var/lib/buxton" +#endif + #ifndef DB_DIR # warning "DB_DIR is not set. default value is used" # define DB_DIR "/var/lib/buxton" diff --git a/common/direct.c b/common/direct.c index d073589..4bca441 100644 --- a/common/direct.c +++ b/common/direct.c @@ -46,10 +46,10 @@ static int get_path(uid_t uid, enum buxton_layer_type type, return -1; } - if (type == BUXTON_LAYER_NORMAL && ly->storage == STORAGE_VOLATILE) - prefix = TMPFS_DIR; + if (type == BUXTON_LAYER_NORMAL) + prefix = (ly->storage == STORAGE_VOLATILE) ? TMPFS_DIR : DB_DIR; else - prefix = DB_DIR; + prefix = BASE_DB_DIR; if (type == BUXTON_LAYER_NORMAL && ly->type == LAYER_USER) snprintf(suffix, sizeof(suffix), "-%u", uid); @@ -86,7 +86,8 @@ static int get_raw(const struct layer *ly, uid_t uid, if (r == -1) return -1; - r = backend->get_value(path, key, (void **)data, len); + r = backend->get_value(path, key, (void **)data, len, + (type == BUXTON_LAYER_BASE) ? true : false); if (r == -1) { if (errno != ENOENT) bxt_err("Get: get_value: %d", errno); @@ -149,12 +150,6 @@ int direct_get(const struct buxton_layer *layer, return 0; } - /* DB backend System layer has no normal db */ - if (ly->type == LAYER_SYSTEM && ly->storage == STORAGE_PERSISTENT) { - *val = base_val; - return 0; - } - r = get_val(ly, layer->uid, BUXTON_LAYER_NORMAL, key, NULL, NULL, &db_val); if (r == -1) { @@ -286,6 +281,36 @@ int direct_set(const struct buxton_layer *layer, return 0; } +static int _open_db(const struct layer *ly, uid_t uid, + enum buxton_layer_type type, bool readonly) +{ + int r; + const struct backend *backend; + char path[FILENAME_MAX]; + + assert(ly); + + backend = backend_get(ly->backend); + assert(backend); + + if (!backend->open_db) { + bxt_err("Get: backend '%s' has no open_db func", backend->name); + return -1; + } + + r = get_path(uid, type, ly, path, sizeof(path)); + if (r == -1) + return -1; + + r = backend->open_db(path, readonly); + if (r == -1) { + bxt_err("Fail to open db %d", errno); + return -1; + } + + return 0; +} + int direct_create(const struct buxton_layer *layer, const char *key, const char *rpriv, const char *wpriv, const struct buxton_value *val) @@ -306,6 +331,10 @@ int direct_create(const struct buxton_layer *layer, const char *key, if (!ly) return -1; + r = _open_db(ly, layer->uid, BUXTON_LAYER_BASE, false); + if (r == -1) + return -1; + r = get_val(ly, layer->uid, BUXTON_LAYER_BASE, key, NULL, NULL, NULL); if (r == -1 && errno != ENOENT) return -1; diff --git a/packaging/buxton2.spec b/packaging/buxton2.spec index 13ce621..8440c9b 100644 --- a/packaging/buxton2.spec +++ b/packaging/buxton2.spec @@ -1,4 +1,5 @@ %define dbdir %{_localstatedir}/lib/%{name} +%define basedbdir %{_sysconfdir}/%{name} Name: buxton2 Version: 1.1 @@ -102,6 +103,7 @@ export LDFLAGS="$LDFLAGS -pie" %cmake -DVERSION=%{version} \ -DCONFPATH:PATH=%{_sysconfdir}/%{name}.conf \ -DMODULE_DIR:PATH=%{_libdir}/%{name} \ + -DBASE_DB_DIR:PATH=%{basedbdir} \ -DDB_DIR:PATH=%{_localstatedir}/lib/%{name} \ -DTMPFS_DIR:PATH=/run/%{name} \ -DSOCKPATH:PATH=/run/%{name}-0 \ @@ -115,6 +117,7 @@ export LDFLAGS="$LDFLAGS -pie" %make_install # create the database directory +install -m 700 -d %{buildroot}%{basedbdir} install -m 700 -d %{buildroot}%{_localstatedir}/lib/%{name} # install config file @@ -143,13 +146,17 @@ getent passwd buxton > /dev/null || useradd -r -g buxton -d "%{dbdir}" buxton # The initial DBs will not have the correct labels and # permissions when created in postinstall during image # creation, so we set these file attributes here. +chown -R buxton:buxton "%{basedbdir}" +chsmack -a System "%{basedbdir}" +chsmack -t "%{basedbdir}" + chown -R buxton:buxton "%{dbdir}" chsmack -a System "%{dbdir}" chsmack -t "%{dbdir}" %posttrans -chmod 0600 %{dbdir}/* -chsmack -a System %{dbdir}/* +chmod 0600 %{basedbdir}/* +chsmack -a System %{basedbdir}/* %postun -p /sbin/ldconfig @@ -170,6 +177,7 @@ chsmack -a System %{dbdir}/* %{_tmpfilesdir}/%{name}.conf %{_unitdir}/sockets.target.wants/%{name}.socket %attr(0700,buxton,buxton) %dir %{_localstatedir}/lib/%{name} +%attr(0700,buxton,buxton) %dir %{basedbdir} %files devel %manifest %{name}.manifest -- 2.7.4