[9fans] interaction of net.alt and factotum

[9fans] interaction of net.alt and factotum

[Steve Simon]

For complex reasons I no longer have a direct internet connection
from one of my plan9 machines, however I can import a /net from
another machine.

I have modified my /lib/ndb/local on my net-crippled machine so it
references authentication servers net.alt, e.g.

	auth=/net.alt/tcp!sources.cs.bell-labs.com	authdom=outside.plan9.bell-labs.com

Unfortunately, because factotum is started by the boot process of this terminal
I cannot use the plumber to put net.alt in its namespace so I have to import net.alt
and then run another instance of auth/factotum in the same window to be able to
connect to sources and do a pull.

I can add net.alt to normal apps using the plumber to run '9fs net.alt' but
the plumber is outside factotums namespace.

In the olden days (I have read) people used to import the internet via datakit
and everything would just work, but that was pre-factotum and its namespace which I
cannot see how to reach.

Am I missing a trick here or is this just how it is?

Is there a way to hook into the napespace of factotum (I beleive there was a kernel
patch to make /proc/??/ns writable which should do it but I was hoping for a solution
that just used "a clever plan9 trick"

-Steve

Re: [9fans] interaction of net.alt and factotum

[erik quanstrom]

> Am I missing a trick here or is this just how it is?

what about building /net.alt in /lib/namespace or /lib/namespace.$machine?

- erik

Re: [9fans] interaction of net.alt and factotum

[Steve Simon]

[60 files]

> what about building /net.alt in /lib/namespace or /lib/namespace.$machine?

I think there is another wrinkle I forgot to mention, when I import my /net.alt I
do this over an authenticated connection to another plan9 machine. This needs
my key which is held in factotum, so factotum must be already running.

Factotum doesn't get its keys until I manualy extract them from secstore
and write them to /mnt/factotum/ctl, it would be at this point I would
have to inject a namespace change to factotum.

I suspose I could add /mnt/factotum/ns file which I could write to after loading the keys.

All feels a bit clunky.

-Steve

Re: [9fans] interaction of net.alt and factotum

[Nathaniel W Filardo]

[-- Attachment #1: Type: text/plain, Size: 613 bytes --]

On Tue, Dec 14, 2010 at 01:00:33PM +0000, Steve Simon wrote:
> Is there a way to hook into the napespace of factotum (I beleive there was a kernel
> patch to make /proc/??/ns writable which should do it but I was hoping for a solution
> that just used "a clever plan9 trick"

I needed read access to this namespace and so bound an exportfs in /srv as
one of the last lines of cpurc.  You could spawn an agent which was prepared
to receive, over a /srv pipe, the name of a /srv pipe and mount it over
/net.alt.  Note that this trick clutters /srv fast, but if you only need to
apply it once...

--nwf;

[-- Attachment #2: Type: application/pgp-signature, Size: 205 bytes --]

Re: [9fans] interaction of net.alt and factotum

[erik quanstrom]

> On Tue, Dec 14, 2010 at 01:00:33PM +0000, Steve Simon wrote:
> > Is there a way to hook into the napespace of factotum (I beleive there was a kernel
> > patch to make /proc/??/ns writable which should do it but I was hoping for a solution
> > that just used "a clever plan9 trick"
>
> I needed read access to this namespace and so bound an exportfs in /srv as
> one of the last lines of cpurc.  You could spawn an agent which was prepared
> to receive, over a /srv pipe, the name of a /srv pipe and mount it over
> /net.alt.  Note that this trick clutters /srv fast, but if you only need to
> apply it once...

factotum is started by the boot process before
cpurc.

- erik