From: Silas McCroskey <inkswinc@gmail.com>
To: 9front@9front.org
Subject: [9front] add "-n namespace-file" flag to tftpd
Date: Sun, 7 Feb 2021 22:25:37 -0800 [thread overview]
Message-ID: <CAHjwAuzWsMNG4MzXXQ3U3X31DMovaU+AHMAhr_xvzd_KjTRcaw@mail.gmail.com> (raw)
tftpd currently unconditionally sets its namespace via /lib/namespace
(newns("none", nil)), which stymied my attempts to pxe boot the
openbsd installer without creating a real /etc dir on 9front, which
would've been gross.
I tried working around this with -h (and -r for good measure), but
again hit issues because the namespace is rebuilt from scratch -- any
binds of /386, /amd64, /cfg/pxe, etc. into the tftp-specific directory
disappeared from tftpd's namespace and rendered my *9front* boxes
unable to boot. I could maintain copies of the needed files in the
tftp-specific directory, but that'd be kind of a drag.
The following patch adds a -n flag to allow the specification of a
namespace file in place of /lib/namespace; similar to ip/ftpd.
I thought about setting up a /lib/namespace.tftp to act as a default
rather than continuing to use /lib/namespace by default (which
security-wise is about the same as allowing 9p mounts by user none,
which I also have disabled), but I had trouble coming up with a sane
default. Maybe someone more experienced would like to try that out.
- sam-d
---
diff -r 6f8455ea95e6 sys/man/8/dhcpd
--- a/sys/man/8/dhcpd Sat Jan 23 04:21:08 2021 +0000
+++ b/sys/man/8/dhcpd Mon Feb 08 06:21:48 2021 +0000
@@ -42,6 +42,8 @@
.IR homedir ]
.RB [ -x
.IR netmtpt ]
+.RB [ -n
+.IR namespace-file ]
.SH DESCRIPTION
These programs support booting over the Internet.
They should all be run on the same server to
@@ -318,6 +320,9 @@
.B r
Restricts access to only those files rooted in the
.IR homedir .
+.TP
+.B n
+Sets the namespace file (default /lib/namespace).
.PD
.SH FILES
.BR /lib/ndb/dhcp " directory of dynamic address files
diff -r 6f8455ea95e6 sys/src/cmd/ip/tftpd.c
--- a/sys/src/cmd/ip/tftpd.c Sat Jan 23 04:21:08 2021 +0000
+++ b/sys/src/cmd/ip/tftpd.c Mon Feb 08 06:21:48 2021 +0000
@@ -93,6 +93,7 @@
char *dirsl;
int dirsllen;
char *homedir = "/";
+char *nsfile = nil;
char flog[] = "ipboot";
char net[Maxpath];
@@ -138,6 +139,9 @@
case 'x':
setnetmtpt(net, sizeof net, EARGF(usage()));
break;
+ case 'n':
+ nsfile = EARGF(usage());
+ break;
default:
usage();
}ARGEND
@@ -744,7 +748,7 @@
if(fd < 0 || write(fd, "none", strlen("none")) < 0)
sysfatal("can't become none: %r");
close(fd);
- if(newns("none", nil) < 0)
+ if(newns("none", nsfile) < 0)
sysfatal("can't build namespace: %r");
}
next reply other threads:[~2021-02-09 5:05 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-08 6:25 Silas McCroskey [this message]
2021-02-08 6:28 ` [9front] " Silas McCroskey
2021-02-08 21:30 ` [9front] " kvik
2021-02-08 23:44 ` hiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHjwAuzWsMNG4MzXXQ3U3X31DMovaU+AHMAhr_xvzd_KjTRcaw@mail.gmail.com \
--to=inkswinc@gmail.com \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).