From daecef104cd2a6ac3e4436306e96ed48aea8271d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jos=C3=A9=20Bollo?= Date: Tue, 9 Jul 2019 17:56:55 +0200 Subject: [PATCH] supervisor: Setup services for local API use MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The supervisor only allowed external accesses. This was wrong, it must also allow local access through standard API. This commit fix it. Bug-AGL: SPEC-2660 Signed-off-by: José Bollo Change-Id: Ifa1119a6b2f22c87b1dbe087206d9f51c4005a57 --- CMakeLists.txt | 2 ++ afm-api-supervisor.service | 12 ++++++++ afm-api-supervisor.socket | 21 ++++++++++++++ afs-supervisor.service.in | 2 +- src/afs-supervisor.c | 69 ++++------------------------------------------ 5 files changed, 42 insertions(+), 64 deletions(-) create mode 100644 afm-api-supervisor.service create mode 100644 afm-api-supervisor.socket diff --git a/CMakeLists.txt b/CMakeLists.txt index 54f03b3f..75a50dcf 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -198,6 +198,8 @@ ENDIF() IF(INCLUDE_SUPERVISOR) CONFIGURE_FILE(afs-supervisor.service.in afs-supervisor.service @ONLY) INSTALL(FILES + ${CMAKE_CURRENT_SOURCE_DIR}/afm-api-supervisor.service + ${CMAKE_CURRENT_SOURCE_DIR}/afm-api-supervisor.socket ${CMAKE_CURRENT_BINARY_DIR}/afs-supervisor.service DESTINATION ${UNITDIR_SYSTEM} diff --git a/afm-api-supervisor.service b/afm-api-supervisor.service new file mode 100644 index 00000000..9c7f58b9 --- /dev/null +++ b/afm-api-supervisor.service @@ -0,0 +1,12 @@ +# afm-api-supervisor.service + +[Unit] +Description=Service to start the API 'supervisor' + +Requires=afm-api-supervisor.socket +After=afm-api-supervisor.socket + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/bin/true diff --git a/afm-api-supervisor.socket b/afm-api-supervisor.socket new file mode 100644 index 00000000..e55a267a --- /dev/null +++ b/afm-api-supervisor.socket @@ -0,0 +1,21 @@ +# afm-api-supervisor.socket.in + +[Unit] +Description=Service to start the API 'supervisor' + +DefaultDependencies=no + +Requires=afm-system-setup.service +After=afm-system-setup.service + +[Socket] +SmackLabel=* +SmackLabelIPIn=System +SmackLabelIPOut=System +ListenStream=/run/platform/apis/ws/supervisor +FileDescriptorName=supervisor +Service=afs-supervisor.service + +[Install] +WantedBy=sockets.target + diff --git a/afs-supervisor.service.in b/afs-supervisor.service.in index 60b2a313..fad4302d 100644 --- a/afs-supervisor.service.in +++ b/afs-supervisor.service.in @@ -2,7 +2,7 @@ Description=Application Framework Supervisor [Service] -ExecStart=/usr/bin/afs-supervisor --port @AFS_SUPERVISOR_PORT@ --token @AFS_SUPERVISOR_TOKEN@ +ExecStart=/usr/bin/afs-supervisor --port @AFS_SUPERVISOR_PORT@ --token @AFS_SUPERVISOR_TOKEN@ --ws-server=sd:supervisor [Install] WantedBy=multi-user.target diff --git a/src/afs-supervisor.c b/src/afs-supervisor.c index 31b8b7c3..2afbf53a 100644 --- a/src/afs-supervisor.c +++ b/src/afs-supervisor.c @@ -39,6 +39,7 @@ #include "afb-api-v3.h" #include "afb-apiset.h" #include "afb-fdev.h" +#include "afb-socket.h" #include "fdev.h" #include "verbose.h" @@ -87,50 +88,6 @@ static afb_event_t event_del_pid; /*************************************************************************************/ -/** - * Creates the supervisor socket for 'path' and return it - * return -1 in case of failure - */ -static int create_supervision_socket(const char *path) -{ - int fd, rc; - struct sockaddr_un addr; - size_t length; - - /* check the path's length */ - length = strlen(path); - if (length >= 108) { - ERROR("Path name of supervision socket too long: %d", (int)length); - errno = ENAMETOOLONG; - return -1; - } - - /* create a socket */ - fd = socket(AF_UNIX, SOCK_STREAM, 0); - if (fd < 0) { - ERROR("Can't create socket: %m"); - return fd; - } - - /* setup the bind to a path */ - memset(&addr, 0, sizeof addr); - addr.sun_family = AF_UNIX; - strcpy(addr.sun_path, path); - if (addr.sun_path[0] == '@') - addr.sun_path[0] = 0; /* abstract sockets */ - else - unlink(path); - - /* binds the socket to the path */ - rc = bind(fd, (struct sockaddr *) &addr, (socklen_t)(sizeof addr)); - if (rc < 0) { - ERROR("can't bind socket to %s", path); - close(fd); - return rc; - } - return fd; -} - /** * send on 'fd' an initiator with 'command' * return 0 on success or -1 on failure @@ -451,8 +408,6 @@ static void f_debug_break(afb_req_t req) */ static int init_supervisor(afb_api_t api) { - int rc, fd; - event_add_pid = afb_api_make_event(api, "add-pid"); if (!afb_event_is_valid(event_add_pid)) { ERROR("Can't create added event"); @@ -473,25 +428,13 @@ static int init_supervisor(afb_api_t api) } /* create the supervision socket */ - fd = create_supervision_socket(supervision_socket_path); - if (fd < 0) - return fd; - - /* listen the socket */ - rc = listen(fd, 5); - if (rc < 0) { - ERROR("refused to listen on socket"); - return rc; - } + supervision_fdev = afb_socket_open_fdev(supervision_socket_path, 1); + if (!supervision_fdev) + return -1; - /* integrate the socket to the loop */ - supervision_fdev = afb_fdev_create(fd); - if (rc < 0) { - ERROR("handling socket event isn't possible"); - return rc; - } fdev_set_events(supervision_fdev, EPOLLIN); - fdev_set_callback(supervision_fdev, listening, (void*)(intptr_t)fd); + fdev_set_callback(supervision_fdev, listening, + (void*)(intptr_t)fdev_fd(supervision_fdev)); return 0; } -- 2.16.6