9front - general discussion about 9front
 help / color / mirror / Atom feed
* [9front] add "-n namespace-file" flag to tftpd
@ 2021-02-08  6:25 Silas McCroskey
  2021-02-08  6:28 ` [9front] " Silas McCroskey
  2021-02-08 21:30 ` [9front] " kvik
  0 siblings, 2 replies; 4+ messages in thread
From: Silas McCroskey @ 2021-02-08  6:25 UTC (permalink / raw)
  To: 9front

tftpd currently unconditionally sets its namespace via /lib/namespace
(newns("none", nil)), which stymied my attempts to pxe boot the
openbsd installer without creating a real /etc dir on 9front, which
would've been gross.

I tried working around this with -h (and -r for good measure), but
again hit issues because the namespace is rebuilt from scratch -- any
binds of /386, /amd64, /cfg/pxe, etc. into the tftp-specific directory
disappeared from tftpd's namespace and rendered my *9front* boxes
unable to boot. I could maintain copies of the needed files in the
tftp-specific directory, but that'd be kind of a drag.

The following patch adds a -n flag to allow the specification of a
namespace file in place of /lib/namespace; similar to ip/ftpd.

I thought about setting up a /lib/namespace.tftp to act as a default
rather than continuing to use /lib/namespace by default (which
security-wise is about the same as allowing 9p mounts by user none,
which I also have disabled), but I had trouble coming up with a sane
default. Maybe someone more experienced would like to try that out.

- sam-d

---

diff -r 6f8455ea95e6 sys/man/8/dhcpd
--- a/sys/man/8/dhcpd    Sat Jan 23 04:21:08 2021 +0000
+++ b/sys/man/8/dhcpd    Mon Feb 08 06:21:48 2021 +0000
@@ -42,6 +42,8 @@
 .IR homedir ]
 .RB [ -x
 .IR netmtpt ]
+.RB [ -n
+.IR namespace-file ]
 .SH DESCRIPTION
 These programs support booting over the Internet.
 They should all be run on the same server to
@@ -318,6 +320,9 @@
 .B r
 Restricts access to only those files rooted in the
 .IR homedir .
+.TP
+.B n
+Sets the namespace file (default /lib/namespace).
 .PD
 .SH FILES
 .BR /lib/ndb/dhcp "    directory of dynamic address files
diff -r 6f8455ea95e6 sys/src/cmd/ip/tftpd.c
--- a/sys/src/cmd/ip/tftpd.c    Sat Jan 23 04:21:08 2021 +0000
+++ b/sys/src/cmd/ip/tftpd.c    Mon Feb 08 06:21:48 2021 +0000
@@ -93,6 +93,7 @@
 char    *dirsl;
 int    dirsllen;
 char    *homedir = "/";
+char    *nsfile = nil;
 char    flog[] = "ipboot";
 char    net[Maxpath];

@@ -138,6 +139,9 @@
     case 'x':
         setnetmtpt(net, sizeof net, EARGF(usage()));
         break;
+    case 'n':
+        nsfile = EARGF(usage());
+        break;
     default:
         usage();
     }ARGEND
@@ -744,7 +748,7 @@
     if(fd < 0 || write(fd, "none", strlen("none")) < 0)
         sysfatal("can't become none: %r");
     close(fd);
-    if(newns("none", nil) < 0)
+    if(newns("none", nsfile) < 0)
         sysfatal("can't build namespace: %r");
 }

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [9front] Re: add "-n namespace-file" flag to tftpd
  2021-02-08  6:25 [9front] add "-n namespace-file" flag to tftpd Silas McCroskey
@ 2021-02-08  6:28 ` Silas McCroskey
  2021-02-08 21:30 ` [9front] " kvik
  1 sibling, 0 replies; 4+ messages in thread
From: Silas McCroskey @ 2021-02-08  6:28 UTC (permalink / raw)
  To: 9front

[-- Attachment #1: Type: text/plain, Size: 135 bytes --]

wow, I never realized gmail's plaintext mode suckage extended to
converting tabs to spaces as well. Attaching separately too.

- sam-d

[-- Attachment #2.1: Type: text/plain, Size: 383 bytes --]

from postmaster@1ess:
The following attachment had content that we can't
prove to be harmless.  To avoid possible automatic
execution, we changed the content headers.
The original header was:

	Content-Type: text/x-patch; charset="US-ASCII"; name="tftpd-n.patch"
	Content-Disposition: attachment; filename="tftpd-n.patch"
	Content-Transfer-Encoding: base64
	Content-ID: <f_kkw723og0>

[-- Attachment #2.2: tftpd-n.patch.suspect --]
[-- Type: application/octet-stream, Size: 1284 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [9front] add "-n namespace-file" flag to tftpd
  2021-02-08  6:25 [9front] add "-n namespace-file" flag to tftpd Silas McCroskey
  2021-02-08  6:28 ` [9front] " Silas McCroskey
@ 2021-02-08 21:30 ` kvik
  2021-02-08 23:44   ` hiro
  1 sibling, 1 reply; 4+ messages in thread
From: kvik @ 2021-02-08 21:30 UTC (permalink / raw)
  To: 9front

Quoth Silas McCroskey <inkswinc@gmail.com>:
> The following patch adds a -n flag to allow the specification of a
> namespace file in place of /lib/namespace; similar to ip/ftpd.

You could bind your namespace file over /lib/namespace.
Probably something like:

	@{rfork n; bind /lib/namespace.tftpd /lib/namespace; ip/tftpd}


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [9front] add "-n namespace-file" flag to tftpd
  2021-02-08 21:30 ` [9front] " kvik
@ 2021-02-08 23:44   ` hiro
  0 siblings, 0 replies; 4+ messages in thread
From: hiro @ 2021-02-08 23:44 UTC (permalink / raw)
  To: 9front

> You could bind your namespace file over /lib/namespace.

hahahahahahaha how deep is that rabbit hole
this made my day.

On 2/8/21, kvik@a-b.xyz <kvik@a-b.xyz> wrote:
> Quoth Silas McCroskey <inkswinc@gmail.com>:
>> The following patch adds a -n flag to allow the specification of a
>> namespace file in place of /lib/namespace; similar to ip/ftpd.
>
> You could bind your namespace file over /lib/namespace.
> Probably something like:
>
> 	@{rfork n; bind /lib/namespace.tftpd /lib/namespace; ip/tftpd}
>
>

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-02-09  5:05 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-08  6:25 [9front] add "-n namespace-file" flag to tftpd Silas McCroskey
2021-02-08  6:28 ` [9front] " Silas McCroskey
2021-02-08 21:30 ` [9front] " kvik
2021-02-08 23:44   ` hiro

9front - general discussion about 9front

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.vuxu.org/9front

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 9front 9front/ http://inbox.vuxu.org/9front \
		9front@9front.org
	public-inbox-index 9front

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.9front


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git