Create the statedir under /run/rpcbind by systemd-tmpfiles.

Signed-off-by: Steve Dickson <steved@redhat.com>
2016-11-28 11:36:02 -05:00 · 2016-11-28 11:36:02 -05:00 · 55ba833a77
commit 55ba833a77
parent bbf9314062
3 changed files with 210 additions and 5 deletions
--- a/rpcbind-0.2.3-create-statdir.patch
+++ b/rpcbind-0.2.3-create-statdir.patch
@ -0,0 +1,138 @@
+commit 1805cdb116bd076dc5746beeb6dc79067a79d094
+Author: NeilBrown <neilb@suse.com>
+Date:   Wed Nov 16 10:53:07 2016 -0500
+
+    Move default state-dir to a subdirectory of /var/run
+    
+    rpcbind can save state in a file to allow restart without forgetting
+    about running services.
+    
+    The default location is currently "/tmp" which is
+    not ideal for system files.  It is particularly unpleasant
+    to put simple files there rather than creating a directory
+    to contain them.
+    
+    On a modern Linux system it is preferable to use /run, and there it is
+    even more consistent with practice to use a subdirectory.
+    
+    This directory needs to be create one each boot, and while there are
+    tools (e.g. systemd-tmpfiles) which can do that it is cleaner to keep
+    rpcbind self-contained and have it create the directory.
+    
+    So change the default location to /var/run/rpcbind, and create that
+    directory.  If a different user-id is used, we need to create
+    and chown the directory before dropping privileges.  We do this
+    with care so avoid chowning the wrong thing by mistake.
+    
+    Signed-off-by: NeilBrown <neilb@suse.com>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/configure.ac b/configure.ac
+index f84921e..acc6914 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -22,8 +22,8 @@ AC_ARG_ENABLE([warmstarts],
+ AM_CONDITIONAL(WARMSTART, test x$enable_warmstarts = xyes)
+ 
+ AC_ARG_WITH([statedir],
+-  AS_HELP_STRING([--with-statedir=ARG], [use ARG as state dir @<:@default=/tmp@:>@])
+-  ,, [with_statedir=/tmp])
+  AS_HELP_STRING([--with-statedir=ARG], [use ARG as state dir @<:@default=/var/run/rpcbind@:>@])
+  ,, [with_statedir=/var/run/rpcbind])
+ AC_SUBST([statedir], [$with_statedir])
+ 
+ AC_ARG_WITH([rpcuser],
+diff --git a/src/rpcbind.c b/src/rpcbind.c
+index 87ccdc2..8db8dfc 100644
+--- a/src/rpcbind.c
+++ b/src/rpcbind.c
+@@ -263,6 +263,11 @@ main(int argc, char *argv[])
+ 			syslog(LOG_ERR, "cannot get uid of '%s': %m", id);
+ 			exit(1);
+ 		}
+#ifdef WARMSTART
+		if (warmstart) {
+			mkdir_warmstart(p->pw_uid);
+		}
+#endif
+                 if (setgid(p->pw_gid) == -1) {
+                         syslog(LOG_ERR, "setgid to '%s' (%d) failed: %m", id, p->pw_gid);
+                         exit(1);
+diff --git a/src/rpcbind.h b/src/rpcbind.h
+index 74f9591..5b1a9bb 100644
+--- a/src/rpcbind.h
+++ b/src/rpcbind.h
+@@ -129,6 +129,7 @@ int is_localroot(struct netbuf *);
+ extern void pmap_service(struct svc_req *, SVCXPRT *);
+ #endif
+ 
+void mkdir_warmstart(int uid);
+ void write_warmstart(void);
+ void read_warmstart(void);
+ 
+diff --git a/src/warmstart.c b/src/warmstart.c
+index 122a058..aafcb61 100644
+--- a/src/warmstart.c
+++ b/src/warmstart.c
+@@ -45,19 +45,23 @@
+ #include <syslog.h>
+ #include <unistd.h>
+ #include <errno.h>
+#include <fcntl.h>
+ 
+ #include "rpcbind.h"
+ 
+-#ifndef RPCBIND_STATEDIR
+-#define RPCBIND_STATEDIR "/tmp"
+-#endif
+-
+ /* These files keep the pmap_list and rpcb_list in XDR format */
+ #define	RPCBFILE	RPCBIND_STATEDIR "/rpcbind.xdr"
+ #ifdef PORTMAP
+ #define	PMAPFILE	RPCBIND_STATEDIR "/portmap.xdr"
+ #endif
+ 
+#ifndef O_DIRECTORY
+#define O_DIRECTORY 0
+#endif
+#ifndef O_NOFOLLOW
+#define O_NOFOLLOW 0
+#endif
+
+ static bool_t write_struct(char *, xdrproc_t, void *);
+ static bool_t read_struct(char *, xdrproc_t, void *);
+ 
+@@ -139,8 +143,33 @@ error:
+ }
+ 
+ void
+mkdir_warmstart(int uid)
+{
+	/* Already exists? */
+	if (access(RPCBIND_STATEDIR, X_OK) == 0)
+		return;
+
+	if (mkdir(RPCBIND_STATEDIR, 0770) == 0) {
+		int fd = open(RPCBIND_STATEDIR, O_RDONLY | O_DIRECTORY | O_NOFOLLOW);
+		if (fd >= 0) {
+			if (fchown(fd, uid, -1) < 0) {
+				syslog(LOG_ERR, 
+					"mkdir_warmstart: open failed '%s', errno %d (%s)", 
+					RPCBIND_STATEDIR, errno, strerror(errno));
+			}
+			close(fd);
+		} else
+			syslog(LOG_ERR, "mkdir_warmstart: open failed '%s', errno %d (%s)", 
+				RPCBIND_STATEDIR, errno, strerror(errno));
+	} else
+		syslog(LOG_ERR, "mkdir_warmstart: mkdir failed '%s', errno %d (%s)", 
+			RPCBIND_STATEDIR, errno, strerror(errno));
+}
+
+void
+ write_warmstart()
+ {
+	(void) mkdir(RPCBIND_STATEDIR, 0770);
+ 	(void) write_struct(RPCBFILE, (xdrproc_t)xdr_rpcblist_ptr, &list_rbl);
+ #ifdef PORTMAP
+ 	(void) write_struct(PMAPFILE, (xdrproc_t)xdr_pmaplist_ptr, &list_pml);
--- a/rpcbind-0.2.3-systemd-tmpfiles.patch
+++ b/rpcbind-0.2.3-systemd-tmpfiles.patch
@ -0,0 +1,57 @@
+commit b47e0f12cfa005bb120e018257410663efbd7254
+Author: Steve Dickson <steved@redhat.com>
+Date:   Tue Nov 15 13:32:40 2016 -0500
+
+    Use systemd-tmpfiles to create the warmstart directory
+    
+    When systemd is available have it create the /run/rpcbind
+    warmstart directory. Note, the new rpcbind.conf file
+    expects 'rpc' user and group since that those will be
+    the id/gid that will own the directory.
+    
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/Makefile.am b/Makefile.am
+index 43c2710..d7ca426 100644
+--- a/Makefile.am
+++ b/Makefile.am
+@@ -54,6 +54,9 @@ rpcbind_LDADD += $(SYSTEMD_LIBS)
+ systemdsystemunit_DATA = \
+ 	systemd/rpcbind.service \
+ 	systemd/rpcbind.socket
+
+systemdtmpfiles_DATA = \
+	systemd/rpcbind.conf
+ endif
+ 
+ rpcinfo_SOURCES =       src/rpcinfo.c
+diff --git a/configure.ac b/configure.ac
+index acc6914..81adafc 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -52,6 +52,17 @@ AC_ARG_WITH([systemdsystemunitdir],
+   fi
+ AM_CONDITIONAL(SYSTEMD, [test -n "$with_systemdsystemunitdir" -a "x$with_systemdsystemunitdir" != xno ])
+ 
+AC_ARG_WITH([systemdtmpfilesdir],
+  AS_HELP_STRING([--with-systemdtmpfilesdir=DIR], [Directory for systemd tmp files]),
+  [], [with_systemdtmpfilesdir=$($PKG_CONFIG --variable=tmpfilesdir systemd)])
+  if test "x$with_systemdtmpfilesdir" != xno; then
+    AC_SUBST([systemdtmpfilesdir], [$with_systemdtmpfilesdir])
+     PKG_CHECK_MODULES([SYSTEMD], [libsystemd], [],
+	   [PKG_CHECK_MODULES([SYSTEMD], [libsystemd-daemon], [],
+	   AC_MSG_ERROR([libsystemd support requested but found]))])
+  fi
+AM_CONDITIONAL(SYSTEMD, [test -n "$with_systemdtmpfilesdir" -a "x$with_systemdtmpfilesdir" != xno ])
+
+ AS_IF([test x$enable_libwrap = xyes], [
+ 	AC_CHECK_LIB([wrap], [hosts_access], ,
+ 		AC_MSG_ERROR([libwrap support requested but unable to find libwrap]))
+diff --git a/systemd/rpcbind.conf b/systemd/rpcbind.conf
+new file mode 100644
+index 0000000..2f8af45
+--- /dev/null
+++ b/systemd/rpcbind.conf
+@@ -0,0 +1,2 @@
+#Type Path         Mode  UID  GID Age Argument
+D     /run/rpcbind 0700  rpc  rpc  -  -
--- a/rpcbind.spec
+++ b/rpcbind.spec
@ -1,6 +1,6 @@
 Name:           rpcbind
 Version:        0.2.3
-Release:        12.rc2%{?dist}
+Release:        13.rc2%{?dist}
 Summary:        Universal Addresses to RPC Program Number Mapper
 Group:          System Environment/Daemons
 License:        BSD
@ -8,7 +8,7 @@ URL:            http://nfsv4.bullopensource.org

 BuildRoot:      %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
 Source0:        http://downloads.sourceforge.net/rpcbind/%{name}-%{version}.tar.bz2
-Source1: rpcbind.sysconfig
+Source1: %{name}.sysconfig

 Requires: glibc-common setup
 Conflicts: man-pages < 2.43-12
@ -20,8 +20,10 @@ Requires(preun): systemd
 Requires(postun): systemd coreutils

 Patch001: rpcbind-0.2.4-rc2.patch
+Patch002: rpcbind-0.2.3-create-statdir.patch

 Patch100: rpcbind-0.2.3-systemd-envfile.patch
+Patch101: rpcbind-0.2.3-systemd-tmpfiles.patch

 Provides: portmap = %{version}-%{release}
 Obsoletes: portmap <= 4.0-65.3
@ -35,8 +37,10 @@ RPC calls on a server on that machine.
 %setup -q

 %patch001 -p1
+%patch002 -p1

 %patch100 -p1
+%patch101 -p1
 %build
 %ifarch s390 s390x
 PIE="-fPIE"
@ -46,7 +50,7 @@ PIE="-fpie"
 export PIE

 RPCBUSR=rpc
-RPCBDIR=/tmp
+RPCBDIR=/run/rpcbind
 CFLAGS="`echo $RPM_OPT_FLAGS $ARCH_OPT_FLAGS $PIE`"

 autoreconf -fisv
@ -64,6 +68,7 @@ make all
 rm -rf %{buildroot}
 mkdir -p %{buildroot}{/sbin,/usr/sbin,/etc/sysconfig}
 mkdir -p %{buildroot}%{_unitdir}
+mkdir -p %{buildroot}%{_tmpfilesdir}
 mkdir -p %{buildroot}%{_mandir}/man8
 make DESTDIR=$RPM_BUILD_ROOT install

@ -71,6 +76,7 @@ mv -f ${RPM_BUILD_ROOT}%{_bindir}/rpcbind ${RPM_BUILD_ROOT}/sbin
 mv -f ${RPM_BUILD_ROOT}%{_bindir}/rpcinfo ${RPM_BUILD_ROOT}%{_sbindir}
 install -m644 %{SOURCE1} %{buildroot}/etc/sysconfig/rpcbind

+
 %clean
 rm -rf %{buildroot}

@ -117,10 +123,14 @@ fi
 /sbin/rpcbind
 %{_sbindir}/rpcinfo
 %{_mandir}/man8/*
-%{_unitdir}/rpcbind.service
-%{_unitdir}/rpcbind.socket
+%{_unitdir}/%{name}.service
+%{_unitdir}/%{name}.socket
+%{_tmpfilesdir}/%{name}.conf

 %changelog
+* Sat Nov 19 2016 Steve Dickson <steved@redhat.com> - 0.2.3-13.rc2
+- Create the statedir under /run/rpcbind by systemd-tmpfiles.
+
 * Sat Nov 12 2016 Steve Dickson <steved@redhat.com> - 0.2.3-12.rc2
 - Stop enable rpcbind.socket with every update (bz 1393721)