/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

* mandos (Client.runtime_expansions): Add "expires" and (bug fix)
                                      "last_approval_request".
  (main): Don't ignore SIGINT.
* mandos-clients.conf.xml (RUNTIME EXPANSION): Added "expires".

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2011-11-27">
 
5
<!ENTITY TIMESTAMP "2012-01-01">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
33
33
    <copyright>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
36
 
      <year>2011</year>
 
36
      <year>2012</year>
37
37
      <holder>Teddy Hogeborn</holder>
38
38
      <holder>Björn Påhlsson</holder>
39
39
    </copyright>
468
468
      <para>
469
469
        A network hook must be an executable file, and its name must
470
470
        consist entirely of upper and lower case letters, digits,
471
 
        underscores, and hyphens.
 
471
        underscores, periods, and hyphens.
472
472
      </para>
473
473
      <para>
474
474
        A network hook will receive one argument, which can be one of
497
497
          <term><literal>files</literal></term>
498
498
          <listitem>
499
499
            <para>
500
 
              This should make the network hook print, <emphasis>on
501
 
              separate lines</emphasis>, all the files needed for it
502
 
              to run.  (These files will be copied into the initial
503
 
              RAM filesystem.)  Intended use is for a network hook
504
 
              which is a shell script to print its needed binaries.
 
500
              This should make the network hook print, <emphasis>one
 
501
              file per line</emphasis>, all the files needed for it to
 
502
              run.  (These files will be copied into the initial RAM
 
503
              filesystem.)  Typical use is for a network hook which is
 
504
              a shell script to print its needed binaries.
505
505
            </para>
506
506
            <para>
507
507
              It is not necessary to print any non-executable files
511
511
            </para>
512
512
          </listitem>
513
513
        </varlistentry>
 
514
        <varlistentry>
 
515
          <term><literal>modules</literal></term>
 
516
          <listitem>
 
517
            <para>
 
518
              This should make the network hook print, <emphasis>on
 
519
              separate lines</emphasis>, all the kernel modules needed
 
520
              for it to run.  (These modules will be copied into the
 
521
              initial RAM filesystem.)  For instance, a tunnel
 
522
              interface needs the
 
523
              <quote><literal>tun</literal></quote> module.
 
524
            </para>
 
525
          </listitem>
 
526
        </varlistentry>
514
527
      </variablelist>
515
528
      <para>
516
529
        The network hook will be provided with a number of environment
525
538
              <command>&COMMANDNAME;</command> by the
526
539
              <option>--network-hook-dir</option> option.  Note: this
527
540
              should <emphasis>always</emphasis> be used by the
528
 
              network hook to refer to itself or any files it may
529
 
              require.
 
541
              network hook to refer to itself or any files in the hook
 
542
              directory it may require.
530
543
            </para>
531
544
          </listitem>
532
545
        </varlistentry>
548
561
            <para>
549
562
              This will be the same as the first argument;
550
563
              i.e. <quote><literal>start</literal></quote>,
551
 
              <quote><literal>stop</literal></quote>, or
552
 
              <quote><literal>files</literal></quote>.
 
564
              <quote><literal>stop</literal></quote>,
 
565
              <quote><literal>files</literal></quote>, or
 
566
              <quote><literal>modules</literal></quote>.
553
567
            </para>
554
568
          </listitem>
555
569
        </varlistentry>
569
583
          <listitem>
570
584
            <para>
571
585
              This will be the same as the <option>--delay</option>
572
 
              option passed to <command>&COMMANDNAME;</command>.
 
586
              option passed to <command>&COMMANDNAME;</command>.  Is
 
587
              only set if <envar>MODE</envar> is
 
588
              <quote><literal>start</literal></quote> or
 
589
              <quote><literal>stop</literal></quote>.
 
590
            </para>
 
591
          </listitem>
 
592
        </varlistentry>
 
593
        <varlistentry>
 
594
          <term><envar>CONNECT</envar></term>
 
595
          <listitem>
 
596
            <para>
 
597
              This will be the same as the <option>--connect</option>
 
598
              option passed to <command>&COMMANDNAME;</command>.  Is
 
599
              only set if <option>--connect</option> is passed and
 
600
              <envar>MODE</envar> is
 
601
              <quote><literal>start</literal></quote> or
 
602
              <quote><literal>stop</literal></quote>.
573
603
            </para>
574
604
          </listitem>
575
605
        </varlistentry>