From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_ADSP_CUSTOM_MED,
	DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM autolearn=no autolearn_force=no
	version=3.4.4
Received: (qmail 20592 invoked from network); 9 Feb 2021 05:05:00 -0000
Received: from 1ess.inri.net (216.126.196.35)
  by inbox.vuxu.org with ESMTPUTF8; 9 Feb 2021 05:05:00 -0000
Received: from mail-yb1-f181.google.com ([209.85.219.181]) by 1ess; Mon Feb  8 01:32:53 -0500 2021
Received: by mail-yb1-f181.google.com with SMTP id d184so2188154ybf.1
        for <9front@9front.org>; Sun, 07 Feb 2021 22:32:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:from:date:message-id:subject:to;
        bh=R72TBFNItugaBcp19nDid/UEiRbR+7ZO6SOlAOSpAJg=;
        b=qs4/HCg7bin0OozDTMhwcmajSKdg3BaZqtt+oqYmTZXwLdWAdrH3AhXmzJqK38awda
         AtIbNFIQCok4itdFzCIEo1suQza+IMt4jf8LNYw9veLh8XNBU5yIt8Uyl5mTwHYwnYf2
         o5PGwOxb6JMTGe6faFFzZrqSduF3kZUDnYMtkND2YTFRohSc2/IVtjZdWt/W6hO1Xgox
         T9QbFlwDOvYjiAxHRTwbGJ1CUqTuvyFfv5HzDRoCfI+EPYOrWEsDdjhCD/L8L9Z7ekyK
         IdnM6CDPoMWzWEAXZMV+gKp1moFAqStxEf4yWropr9G8Yc2lx+5T/TGda5PCdCINaqu+
         I2PA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=R72TBFNItugaBcp19nDid/UEiRbR+7ZO6SOlAOSpAJg=;
        b=UCPUIuP882W/4gT7uYEKBTrumEnSLXwHhE/bP4EVRmPQAIfMiRIS7W/xW+oMHhmV8i
         GVIupu7FhZRorSdb0OYWXQZNixDaHyG9U1YMVq9o8zN7kh4/VRUMUgiJ+IL2Z5IuVIVK
         ykxJuSRdQ9OKTLXty2UKrGotNVSQwiiaBNhe13w4AruR/RR93Sy+y7MYnRE3eHGPjuYt
         LQEHroy7lrIwT4WT5wICXpdLePm0MebwhnkLNNoW7j8aV2AaHVlk2JRt5wSmZi8b8x7g
         Mttub1pkJiuo5e1fPGWXCsBl0J03oivMTtOmkzUgpqvDkQ1AyVCJkh7REToOmfLhGv20
         pSRA==
X-Gm-Message-State: AOAM531dJ0KY/szWBEZMtUr5ijBzgBgp9HD7mwyBeqLQ2dQebubf1X+O
	3Osm5/9mZhv7R3SB+hmVzR5pskyAJsg+JOHIJ7aSfNC6JCw=
X-Google-Smtp-Source: ABdhPJyILGL72w08hlmnes+hDdipJbUElSUeQkJkhATVQgXsh+NXB0AKnFLk7EqrCrgBKi7cevZEsNo9pvSk8C09YA8=
X-Received: by 2002:a25:3184:: with SMTP id x126mr23002816ybx.9.1612765548004;
 Sun, 07 Feb 2021 22:25:48 -0800 (PST)
MIME-Version: 1.0
From: Silas McCroskey <inkswinc@gmail.com>
Date: Sun, 7 Feb 2021 22:25:37 -0800
Message-ID: <CAHjwAuzWsMNG4MzXXQ3U3X31DMovaU+AHMAhr_xvzd_KjTRcaw@mail.gmail.com>
To: 9front@9front.org
Content-Type: text/plain; charset="UTF-8"
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: injection event-scale scripting realtime-java manager 
Subject: [9front] add "-n namespace-file" flag to tftpd
Reply-To: 9front@9front.org
Precedence: bulk

tftpd currently unconditionally sets its namespace via /lib/namespace
(newns("none", nil)), which stymied my attempts to pxe boot the
openbsd installer without creating a real /etc dir on 9front, which
would've been gross.

I tried working around this with -h (and -r for good measure), but
again hit issues because the namespace is rebuilt from scratch -- any
binds of /386, /amd64, /cfg/pxe, etc. into the tftp-specific directory
disappeared from tftpd's namespace and rendered my *9front* boxes
unable to boot. I could maintain copies of the needed files in the
tftp-specific directory, but that'd be kind of a drag.

The following patch adds a -n flag to allow the specification of a
namespace file in place of /lib/namespace; similar to ip/ftpd.

I thought about setting up a /lib/namespace.tftp to act as a default
rather than continuing to use /lib/namespace by default (which
security-wise is about the same as allowing 9p mounts by user none,
which I also have disabled), but I had trouble coming up with a sane
default. Maybe someone more experienced would like to try that out.

- sam-d

---

diff -r 6f8455ea95e6 sys/man/8/dhcpd
--- a/sys/man/8/dhcpd    Sat Jan 23 04:21:08 2021 +0000
+++ b/sys/man/8/dhcpd    Mon Feb 08 06:21:48 2021 +0000
@@ -42,6 +42,8 @@
 .IR homedir ]
 .RB [ -x
 .IR netmtpt ]
+.RB [ -n
+.IR namespace-file ]
 .SH DESCRIPTION
 These programs support booting over the Internet.
 They should all be run on the same server to
@@ -318,6 +320,9 @@
 .B r
 Restricts access to only those files rooted in the
 .IR homedir .
+.TP
+.B n
+Sets the namespace file (default /lib/namespace).
 .PD
 .SH FILES
 .BR /lib/ndb/dhcp "    directory of dynamic address files
diff -r 6f8455ea95e6 sys/src/cmd/ip/tftpd.c
--- a/sys/src/cmd/ip/tftpd.c    Sat Jan 23 04:21:08 2021 +0000
+++ b/sys/src/cmd/ip/tftpd.c    Mon Feb 08 06:21:48 2021 +0000
@@ -93,6 +93,7 @@
 char    *dirsl;
 int    dirsllen;
 char    *homedir = "/";
+char    *nsfile = nil;
 char    flog[] = "ipboot";
 char    net[Maxpath];

@@ -138,6 +139,9 @@
     case 'x':
         setnetmtpt(net, sizeof net, EARGF(usage()));
         break;
+    case 'n':
+        nsfile = EARGF(usage());
+        break;
     default:
         usage();
     }ARGEND
@@ -744,7 +748,7 @@
     if(fd < 0 || write(fd, "none", strlen("none")) < 0)
         sysfatal("can't become none: %r");
     close(fd);
-    if(newns("none", nil) < 0)
+    if(newns("none", nsfile) < 0)
         sysfatal("can't build namespace: %r");
 }