rpms/linux-sgx
7
0
Fork 0
Code Issues Pull Requests Releases Activity
109f4bc2ff
linux-sgx/0117-qgs-add-m-MODE-parameter-for-UNIX-socket-mode.patch
Daniel P. Berrangé 109f4bc2ff Port to pycryptography and pyasn1 and make keyring optional 
pyOpenSSL 24.0.0 removed several APIs required by pccsadmin, so
porting to pycryptography is required on Fedora. Since RHEL does
not ship pyOpenSSL, the port is useful here too.

Using pyasn1 instead of asn1 gives stronger validation during
parsing and brings compatibility with RHEL that lacks python3-asn1

The keyring package needs to be optional on RHEL which lacks this
module (currently).

Also drop the inappropriate pccs port number change

Related: https://issues.redhat.com/browse/RHEL-127046
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-12-10 11:22:41 +00:00

104 lines
4.7 KiB
Diff
Raw Blame History

From d7299915f42cd068744ce02e358865085f2f12bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Fri, 2 May 2025 14:48:24 +0100
Subject: [PATCH 117/126] qgs: add -m=MODE parameter for UNIX socket mode
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The UNIX socket mode default is controlled by the process umask, but it
can be desirable to override this to open up the socket mode, while
keeping the umask restrictive.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
.../quote_wrapper/qgs/server_main.cpp | 35 +++++++++++++++++--
1 file changed, 32 insertions(+), 3 deletions(-)
diff --git a/QuoteGeneration/quote_wrapper/qgs/server_main.cpp b/QuoteGeneration/quote_wrapper/qgs/server_main.cpp
index 47f6c26..4628b18 100644
--- a/QuoteGeneration/quote_wrapper/qgs/server_main.cpp
+++ b/QuoteGeneration/quote_wrapper/qgs/server_main.cpp
@@ -73,9 +73,10 @@ int main(int argc, const char* argv[])
bool no_daemon = false;
unsigned long int port = 0;
unsigned long int num_threads = 0;
+ unsigned long int mode = 0;
char *endptr = NULL;
if (argc > 4) {
- cout << "Usage: " << argv[0] << " [--no-daemon] [-p=port_number] [-n=number_threads] [--verbose] [--debug]"
+ cout << "Usage: " << argv[0] << " [--no-daemon] [-p=port_number] [-m=unix_socket_mode] [-n=number_threads] [--verbose] [--debug]"
<< endl;
exit(1);
}
@@ -106,6 +107,19 @@ int main(int argc, const char* argv[])
}
cout << "port number [" << port << "] found in cmdline" << endl;
continue;
+ } else if (strncmp(argv[i], "-m=", 3 ) == 0) {
+ if (strspn(argv[i] + 3, "0123456789") != strlen(argv[i] + 3)) {
+ cout << "Please input valid socket mode" << endl;
+ exit(1);
+ }
+ errno = 0;
+ mode = strtoul(argv[i] + 3, &endptr, 8);
+ if (errno || strlen(endptr) || (mode > UINT_MAX) ) {
+ cout << "Please input valid socket mode" << endl;
+ exit(1);
+ }
+ cout << "socket mode [" << oct << mode << dec << "] found in cmdline" << endl;
+ continue;
} else if (strncmp(argv[i], "-n=", 3) == 0) {
if (strspn(argv[i] + 3, "0123456789") != strlen(argv[i] + 3)) {
cout << "Please input valid thread number" << endl;
@@ -120,7 +134,7 @@ int main(int argc, const char* argv[])
cout << "thread number [" << num_threads << "] found in cmdline" << endl;
continue;
} else {
- cout << "Usage: " << argv[0] << " [--no-daemon] [-p=port_number] [-n=number_threads] [--verbose] [--debug]"
+ cout << "Usage: " << argv[0] << " [--no-daemon] [-p=port_number] [-m=unix_socket_mode] [-n=number_threads] [--verbose] [--debug]"
<< endl;
exit(1);
}
@@ -129,7 +143,7 @@ int main(int argc, const char* argv[])
// Use the port number in QGS_CONFIG_FILE if no valid port number on
// command line
- if (port == 0 || num_threads == 0) {
+ if (port == 0 || num_threads == 0 || mode == 0) {
ifstream config_file(QGS_CONFIG_FILE);
if (config_file.is_open()) {
string line;
@@ -161,6 +175,15 @@ int main(int argc, const char* argv[])
<< QGS_CONFIG_FILE << endl;
exit(1);
}
+ } else if (!mode && name.compare("socket_mode") == 0) {
+ errno = 0;
+ endptr = NULL;
+ mode = strtoul(value, &endptr, 8);
+ if (errno || strlen(endptr) || (mode > UINT_MAX)) {
+ cout << "Please input valid socket mode in "
+ << QGS_CONFIG_FILE << endl;
+ exit(1);
+ }
} else if (!num_threads && name.compare("number_threads") == 0) {
errno = 0;
endptr = NULL;
@@ -212,6 +235,12 @@ int main(int argc, const char* argv[])
}
QGS_LOG_INFO("About to create QgsServer with num_thread = %d\n", (uint8_t)num_threads);
server = new QgsServer(io_service, ep, (uint8_t)num_threads);
+ /* Allow mode to be determined by umask by default,
+ * overriding only if an explicit mode is requested
+ */
+ if (!port && mode != 0) {
+ chmod(QGS_UNIX_SOCKET_FILE, mode);
+ }
QGS_LOG_INFO("About to start main loop\n");
io_service.run();
QGS_LOG_INFO("Quit main loop\n");
--
2.51.1
Reference in New Issue View Git Blame Copy Permalink