diff options
| -rw-r--r-- | initscript/stap-server.in | 9 | ||||
| -rwxr-xr-x | stap-env | 2 | ||||
| -rwxr-xr-x | stap-serverd | 25 | ||||
| -rw-r--r-- | systemtap.spec | 9 |
4 files changed, 30 insertions, 15 deletions
diff --git a/initscript/stap-server.in b/initscript/stap-server.in index a7721a12..72059130 100644 --- a/initscript/stap-server.in +++ b/initscript/stap-server.in @@ -36,6 +36,9 @@ STAT_PATH=/var/run/stap-server TEMP_PATH=/tmp LOG_FILE=/var/log/stap-server.log +# Default Settings +STAP_USER=stap-server + # Default option settings # Target architecture OPT_KERNEL_ARCH=`stap_get_arch` @@ -316,9 +319,9 @@ start () { # release arch continue fi - # Start the server here. Use sudo for now to start it as root. + # Start the server here. local server_status=`stat_file $spec` - sudo $STAP_START_SERVER -r $release -a $arch > $server_status + runuser -s /bin/bash - $STAP_USER -c "$STAP_START_SERVER -r $release -a $arch --log=$LOG_FILE > $server_status" if [ $? != 0 ]; then rm -f $server_status do_failure $"$prog start: unable to start stap-server for $release $arch" @@ -353,7 +356,7 @@ stop () { if check_server_running $server_status; then local server_status_file=`stat_file $server_status` local pid=`cat $server_status_file` - sudo $STAP_STOP_SERVER $pid + runuser -s /bin/bash - $STAP_USER -c "$STAP_STOP_SERVER $pid" fi rm -f $server_status_file @@ -41,8 +41,6 @@ stap_signing_db=$stap_sysconfdir/systemtap/staprun stap_certfile=stap.cert stap_old_certfile=stap-server.cert -stap_server_logfile=/tmp/stap-server.log # for now - function stap_get_arch { # PR4186: Copy logic from coreutils uname (uname -i) to squash # i?86->i386. Actually, copy logic from linux top-level Makefile diff --git a/stap-serverd b/stap-serverd index f89a5f02..ad28a98d 100755 --- a/stap-serverd +++ b/stap-serverd @@ -30,6 +30,7 @@ function initialization { stap_options= uname_r="`uname -r`" arch="`stap_get_arch`" + logfile=/dev/null # Parse the arguments parse_options "$@" @@ -39,7 +40,7 @@ function initialization { while netstat -atn | awk '{print $4}' | cut -f2 -d: | egrep -q "^$port\$"; do # Whoops, the port is busy; try another one. - echo "$0: Port $port is busy" >> $stap_server_logfile + echo "$0: Port $port is busy" >> $logfile port=$((1024+($port + $RANDOM)%64000)) done @@ -57,11 +58,11 @@ function initialization { # If no certificate/key database has been specified, then find/create # a local one. if ! test -f $ssl_db/$stap_certfile; then - ${stap_exec_prefix}stap-gen-cert $ssl_db >> $stap_server_logfile 2>&1 || exit 1 + ${stap_exec_prefix}stap-gen-cert $ssl_db >> $logfile 2>&1 || exit 1 # Now add the server's certificate to the client's database, # making it a trusted peer. Do this only if the client has been installed. - if test -f `which ${stap_exec_prefix}stap-client` -a \ - -x `which ${stap_exec_prefix}stap-client`; then + if test -f `which ${stap_exec_prefix}stap-client 2>/dev/null` -a \ + -x `which ${stap_exec_prefix}stap-client 2>/dev/null`; then ${stap_exec_prefix}stap-authorize-server-cert $ssl_db/$stap_certfile fi elif ! test -f $stap_ssl_db/client/cert8.db; then @@ -115,6 +116,10 @@ function parse_options { get_long_arg $first_token $2 ssl_db=$stap_arg ;; + log) + get_long_arg $first_token $2 + logfile=$stap_arg + ;; *) warning "Option '$first_token' ignored" advance_p=$(($advance_p + 1)) @@ -310,9 +315,9 @@ function advertise_presence { # Call avahi-publish-service to advertise our presence. avahi-publish-service "$service_name" \ - $stap_avahi_service_tag $port "$txt" >> $stap_server_logfile 2>&1 & + $stap_avahi_service_tag $port "$txt" >> $logfile 2>&1 & - echo "$service_name listening on port $port" >> $stap_server_logfile + echo "$service_name listening on port $port" >> $logfile } # function: listen @@ -324,7 +329,7 @@ function listen { ${stap_exec_prefix}stap-server-connect \ -p $port -n $nss_cert -d $ssl_db -w $nss_pw \ -s "$stap_options" \ - >> $stap_server_logfile 2>&1 & + >> $logfile 2>&1 & wait '%${stap_exec_prefix}stap-server-connect' >/dev/null 2>&1 } @@ -539,7 +544,7 @@ function check_cert_file { # Warning error # Prints its arguments to stderr function warning { - echo "$0: WARNING:" "$@" >> $stap_server_logfile + echo "$0: WARNING:" "$@" >> $logfile } # function: fatal [ MESSAGE ] @@ -547,7 +552,7 @@ function warning { # Fatal error # Prints its arguments to stderr and exits function fatal { - echo "$0: ERROR:" "$@" >> $stap_server_logfile + echo "$0: ERROR:" "$@" >> $logfile terminate exit 1 } @@ -556,7 +561,7 @@ function fatal { # # Terminate gracefully. function terminate { - echo "$0: Exiting" >> $stap_server_logfile + echo "$0: Exiting" >> $logfile # Kill the running 'avahi-publish-service' job kill -s SIGTERM '%avahi-publish-service' 2> /dev/null diff --git a/systemtap.spec b/systemtap.spec index d5a4cbf2..427b38bb 100644 --- a/systemtap.spec +++ b/systemtap.spec @@ -280,6 +280,10 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/systemtap install -m 755 initscript/stap-server $RPM_BUILD_ROOT%{_sysconfdir}/init.d/ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/stap-server mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/stap-server/conf.d +touch $RPM_BUILD_ROOT%{_localstatedir}/log/stap-server.log +chmod 664 $RPM_BUILD_ROOT%{_localstatedir}/log/stap-server.log +chown stap-server $RPM_BUILD_ROOT%{_localstatedir}/log/stap-server.log +chgrp stap-server $RPM_BUILD_ROOT%{_localstatedir}/log/stap-server.log %clean rm -rf ${RPM_BUILD_ROOT} @@ -289,6 +293,11 @@ getent group stapdev >/dev/null || groupadd -r stapdev getent group stapusr >/dev/null || groupadd -r stapusr exit 0 +%pre server +getent group stap-server >/dev/null || groupadd -r stap-server +getent passwd stap-server >/dev/null || useradd -c "Systemtap Compile Server" -d /var/lib/stap-server -m -r -s /sbin/nologin stap-server +exit 0 + %post server chkconfig --add stap-server exit 0 |