| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | |
|
| | |
|
| |
| |
| |
| | |
This way we don't try to bind to ports we already checked
|
| |
| |
| |
| |
| |
| | |
The user specified time for holding a connection only.
If the user uses too small a time, like if they are
rebooting a node, the initial connection may fail.
|
| |
| |
| |
| |
| | |
These files need to be instaled before %post so
mark the requirements as such.
|
| |
| |
| |
| |
| | |
We need these on the install system since we're building
the SELinux policy at install time.
|
|/ |
|
| |
|
|
|
|
|
| |
These are not going to be used at all since the
post-install rebuild puts it all in /etc/selinux/...
|
|
|
|
|
|
| |
The policy is dynamic so should be built on the system after
install since we can't guarantee that the build chroot includes the
latest selinux-policy package.
|
|
|
|
| |
The file is gone is recent RHEL6 trees
|
|
|
|
|
|
| |
qarshd_t sockets end up as stdin, stdout, and stderr.
Some programs will fstat them to determine what they
are or change flags on the file descriptor, this is ok.
|
|
|
|
| |
Make is needed to rebuild the qarshd selinux policy.
|
|
|
|
| |
This is mostly for clarity while debugging qarshd.
|
|
|
|
|
|
| |
Running things in parallel with pthreads in perl can
lead to file descriptor leaks which may cause hangs
in qarsh.
|
|
|
|
|
| |
There were a lot of bad things to include in the system layer.
Exclude anything with "spec" in the name.
|
|
|
|
|
| |
This allows qarshd to make any system interface transition.
Tested against selinux-policy-3.6.32-41.fc12.noarch.
|
|
|
|
|
| |
- Switch to tabs on all fields
- Change to valid groups
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This isn't completely possible because some interfaces cause
syntax or load errors. We need to keep a list of interfaces
to filter out to get something that loads.
This adds gxpp as a requirement to build qarsh.
|
|
|
|
| |
This will prevent temp files from being packaged
|
|
|
|
| |
We generate the policy based on which services we want to test.
|
|
|
|
|
|
| |
In rare cases the getpwuid() call will fail because of a YP
or LDAP timeout. If we're not using the local username we
shouldn't even bother looking it up.
|
| |
|
|
|
|
|
|
| |
Cache the results from the rstat packet and use that file size
during the following sendfile so we don't send more than qacp
is expecting. This should allow us to qacp root@host:/var/log/messages
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
If qarshd is broken enough that it can't load libxml2.so, it
won't return an XML packet which we can parse. set_remote_user()
really needs to error out of we didn't get a packet back.
|
|
|
|
|
| |
A quarter of a second may be too short for some connections.
Increasing it to half a second should make it more reliable.
|
|
|
|
| |
Make btimec return proper exit codes so it is more useful in scripts.
|
|
|
|
|
| |
Freeing from the middle of an allocated string is not right.
Keep a pointer to the strdup so we can free it correctly.
|
|
|
|
|
|
|
|
|
| |
I don't know how, but I found one instance of qarsh looping
through the pselect loop with a one second timeout. If the command has
exited and the output file descriptors are all closed, we fall onto
this continue which prevents us from getting to the break at the end of
the loop. The only thing the continue skips over is that check which we
really should check, so remove the continue.
|
| |
|
|
|
|
|
| |
When we tried it out on Fedora 10, it was sending responses to IPv6
addresses and returning ENETUNREACH (Network is unreachable).
|
| |
|
|
|
|
|
|
| |
All the actions which need to be done before we exit are done after the
pselect. Waiting until after the next pselect can cause us to sit for
a second before we exit, which slows down things which use qarsh.
|
|
|
|
| |
Interactive logins are definitely NOT supported by qarsh.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need to test all exit conditions at once so we fall back into the
hbeat code. I was falling into a case when running "reboot -fin &"
where the command would exit, but the sockets would not close and we
weren't getting to hbeat() to detect the reboot.
In another case which I can't completely explain, we were getting a
double-free error from glibc in the qpfree() at the end of
run_remote_cmd(). Instead of waiting until the very end to read the
exit status, save it off as soon as we get the packet and use
cmd_exitted to determine if we have an exit code or if something went
horribly wrong.
|
| |
|
|
|
|
|
| |
A previous commit added tmprstatp, which wasn't being checked just after
it was assigned.
|
|
|
|
|
|
|
| |
It turns out the boot time being returned to btimec is has not been
correct for quite a while. There was probably a change to HZ which
isn't reflected properly in _SC_CLK_TCK. This needs some more error
checking, but it works for now.
|
| |
|
|
|
|
|
|
| |
sendfiles should be re-written and broken into single file and multi-file cases to make this cleaner.
Signed-off-by: Dean Jansa <djansa@redhat.com>
|
| |
|
| |
|
| |
|
| |
|