| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Without the hints we could end up creating a non-stream socket which
would cause qarsh to hang reading the packet in set_remote_user().
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| |
| | |
Conflicts:
qarsh.c
sockutil.c
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
This way we don't try to bind to ports we already checked
|
| |
| |
| |
| |
| |
| | |
The user specified time for holding a connection only.
If the user uses too small a time, like if they are
rebooting a node, the initial connection may fail.
|
| |
| |
| |
| |
| | |
These files need to be instaled before %post so
mark the requirements as such.
|
| |
| |
| |
| |
| | |
We need these on the install system since we're building
the SELinux policy at install time.
|
|/ |
|
| |
|
|
|
|
|
| |
These are not going to be used at all since the
post-install rebuild puts it all in /etc/selinux/...
|
|
|
|
|
|
| |
The policy is dynamic so should be built on the system after
install since we can't guarantee that the build chroot includes the
latest selinux-policy package.
|
|
|
|
| |
The file is gone is recent RHEL6 trees
|
|
|
|
|
|
| |
qarshd_t sockets end up as stdin, stdout, and stderr.
Some programs will fstat them to determine what they
are or change flags on the file descriptor, this is ok.
|
|
|
|
| |
Make is needed to rebuild the qarshd selinux policy.
|
|
|
|
| |
This is mostly for clarity while debugging qarshd.
|
|
|
|
|
|
| |
Running things in parallel with pthreads in perl can
lead to file descriptor leaks which may cause hangs
in qarsh.
|
|
|
|
|
| |
There were a lot of bad things to include in the system layer.
Exclude anything with "spec" in the name.
|
|
|
|
|
| |
This allows qarshd to make any system interface transition.
Tested against selinux-policy-3.6.32-41.fc12.noarch.
|
|
|
|
|
| |
- Switch to tabs on all fields
- Change to valid groups
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This isn't completely possible because some interfaces cause
syntax or load errors. We need to keep a list of interfaces
to filter out to get something that loads.
This adds gxpp as a requirement to build qarsh.
|
|
|
|
| |
This will prevent temp files from being packaged
|
|
|
|
| |
We generate the policy based on which services we want to test.
|
|
|
|
|
|
| |
In rare cases the getpwuid() call will fail because of a YP
or LDAP timeout. If we're not using the local username we
shouldn't even bother looking it up.
|
| |
|
|
|
|
|
|
| |
Cache the results from the rstat packet and use that file size
during the following sendfile so we don't send more than qacp
is expecting. This should allow us to qacp root@host:/var/log/messages
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
If qarshd is broken enough that it can't load libxml2.so, it
won't return an XML packet which we can parse. set_remote_user()
really needs to error out of we didn't get a packet back.
|
|
|
|
|
| |
A quarter of a second may be too short for some connections.
Increasing it to half a second should make it more reliable.
|
|
|
|
| |
Make btimec return proper exit codes so it is more useful in scripts.
|
|
|
|
|
| |
Freeing from the middle of an allocated string is not right.
Keep a pointer to the strdup so we can free it correctly.
|
|
|
|
|
|
|
|
|
| |
I don't know how, but I found one instance of qarsh looping
through the pselect loop with a one second timeout. If the command has
exited and the output file descriptors are all closed, we fall onto
this continue which prevents us from getting to the break at the end of
the loop. The only thing the continue skips over is that check which we
really should check, so remove the continue.
|
| |
|
|
|
|
|
| |
When we tried it out on Fedora 10, it was sending responses to IPv6
addresses and returning ENETUNREACH (Network is unreachable).
|
| |
|
|
|
|
|
|
| |
All the actions which need to be done before we exit are done after the
pselect. Waiting until after the next pselect can cause us to sit for
a second before we exit, which slows down things which use qarsh.
|
|
|
|
| |
Interactive logins are definitely NOT supported by qarsh.
|