/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugin-runner.xml

  • Committer: Teddy Hogeborn
  • Date: 2016-03-19 03:19:04 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 341.
  • Revision ID: teddy@recompile.se-20160319031904-v76knawxxbef79xv
Client: Fix permissions on plugin helper directory.

The Makefile target "install-client-nokey" creates the plugin-helper
directory /usr/lib/<ARCH>/mandos/plugin-helpers as mode u=rwx,go=
(0700).  Make this also the case for the Debian package.  Also change
the Makefile so it does not install the plugin helper
"mandos-client-iprouteadddel" as setuid root; this is unnecessary and
was, due to dh_fixperms, never propagated to the Debian package
anyway.

* Makefile (install-client-nokey): Do not set setuid bit on
  "plugin-helpers/mandos-client-iprouteadddel".
* debian/mandos-client.postinst (configure): If older version, fix
  permissions on plugin helper directory.
* debian/rules (override_dh_fixperms-arch): Exclude plugin helper
  directory from dh_fixperms.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "plugin-runner">
5
 
<!ENTITY TIMESTAMP "2008-09-30">
 
5
<!ENTITY TIMESTAMP "2016-03-17">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2008</year>
 
35
      <year>2009</year>
 
36
      <year>2010</year>
 
37
      <year>2011</year>
 
38
      <year>2012</year>
 
39
      <year>2013</year>
 
40
      <year>2014</year>
 
41
      <year>2015</year>
 
42
      <year>2016</year>
35
43
      <holder>Teddy Hogeborn</holder>
36
44
      <holder>Björn Påhlsson</holder>
37
45
    </copyright>
112
120
      <arg><option>--plugin-dir=<replaceable
113
121
      >DIRECTORY</replaceable></option></arg>
114
122
      <sbr/>
 
123
      <arg><option>--plugin-helper-dir=<replaceable
 
124
      >DIRECTORY</replaceable></option></arg>
 
125
      <sbr/>
115
126
      <arg><option>--config-file=<replaceable
116
127
      >FILE</replaceable></option></arg>
117
128
      <sbr/>
259
270
            Disable the plugin named
260
271
            <replaceable>PLUGIN</replaceable>.  The plugin will not be
261
272
            started.
262
 
          </para>       
 
273
          </para>
263
274
        </listitem>
264
275
      </varlistentry>
265
276
      
318
329
      </varlistentry>
319
330
      
320
331
      <varlistentry>
 
332
        <term><option>--plugin-helper-dir
 
333
        <replaceable>DIRECTORY</replaceable></option></term>
 
334
        <listitem>
 
335
          <para>
 
336
            Specify a different plugin helper directory.  The default
 
337
            is <filename>/lib/mandos/plugin-helpers</filename>, which
 
338
            will exist in the initial <acronym>RAM</acronym> disk
 
339
            environment.  (This will simply be passed to all plugins
 
340
            via the <envar>MANDOSPLUGINHELPERDIR</envar> environment
 
341
            variable.  See <xref linkend="writing_plugins"/>)
 
342
          </para>
 
343
        </listitem>
 
344
      </varlistentry>
 
345
      
 
346
      <varlistentry>
321
347
        <term><option>--config-file
322
348
        <replaceable>FILE</replaceable></option></term>
323
349
        <listitem>
424
450
      <para>
425
451
        The plugin will run in the initial RAM disk environment, so
426
452
        care must be taken not to depend on any files or running
427
 
        services not available there.
 
453
        services not available there.  Any helper executables required
 
454
        by the plugin (which are not in the <envar>PATH</envar>) can
 
455
        be placed in the plugin helper directory, the name of which
 
456
        will be made available to the plugin via the
 
457
        <envar>MANDOSPLUGINHELPERDIR</envar> environment variable.
428
458
      </para>
429
459
      <para>
430
460
        The plugin must exit cleanly and free all allocated resources
473
503
      only passes on its environment to all the plugins.  The
474
504
      environment passed to plugins can be modified using the
475
505
      <option>--global-env</option> and <option>--env-for</option>
476
 
      options.
 
506
      options.  Also, the <option>--plugin-helper-dir</option> option
 
507
      will affect the environment variable
 
508
      <envar>MANDOSPLUGINHELPERDIR</envar> for the plugins.
477
509
    </para>
478
510
  </refsect1>
479
511
  
512
544
            </para>
513
545
          </listitem>
514
546
        </varlistentry>
 
547
        <varlistentry>
 
548
          <term><filename class="directory"
 
549
          >/lib/mandos/plugins.d</filename></term>
 
550
          <listitem>
 
551
            <para>
 
552
              The default plugin directory; can be changed by the
 
553
              <option>--plugin-dir</option> option.
 
554
            </para>
 
555
          </listitem>
 
556
        </varlistentry>
 
557
        <varlistentry>
 
558
          <term><filename class="directory"
 
559
          >/lib/mandos/plugin-helpers</filename></term>
 
560
          <listitem>
 
561
            <para>
 
562
              The default plugin helper directory; can be changed by
 
563
              the <option>--plugin-helper-dir</option> option.
 
564
            </para>
 
565
          </listitem>
 
566
        </varlistentry>
515
567
      </variablelist>
516
568
    </para>
517
569
  </refsect1>
522
574
      The <option>--config-file</option> option is ignored when
523
575
      specified from within a configuration file.
524
576
    </para>
 
577
    <xi:include href="bugs.xml"/>
525
578
  </refsect1>
526
579
  
527
580
  <refsect1 id="examples">
570
623
    </informalexample>
571
624
    <informalexample>
572
625
      <para>
573
 
        Run plugins from a different directory, read a different
574
 
        configuration file, and add two options to the
 
626
        Read a different configuration file, run plugins from a
 
627
        different directory, specify an alternate plugin helper
 
628
        directory and add two options to the
575
629
        <citerefentry><refentrytitle >mandos-client</refentrytitle>
576
630
        <manvolnum>8mandos</manvolnum></citerefentry> plugin:
577
631
      </para>
578
632
      <para>
579
633
 
580
634
<!-- do not wrap this line -->
581
 
<userinput>&COMMANDNAME;  --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/mandos/plugins.d --options-for=mandos-client:--pubkey=/etc/keys/mandos/pubkey.txt,--seckey=/etc/keys/mandos/seckey.txt</userinput>
 
635
<userinput>cd /etc/keys/mandos; &COMMANDNAME;  --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/x86_64-linux-gnu/mandos/plugins.d --plugin-helper-dir /usr/lib/x86_64-linux-gnu/mandos/plugin-helpers --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt</userinput>
582
636
 
583
637
      </para>
584
638
    </informalexample>
616
670
  <refsect1 id="see_also">
617
671
    <title>SEE ALSO</title>
618
672
    <para>
 
673
      <citerefentry><refentrytitle>intro</refentrytitle>
 
674
      <manvolnum>8mandos</manvolnum></citerefentry>,
619
675
      <citerefentry><refentrytitle>cryptsetup</refentrytitle>
620
676
      <manvolnum>8</manvolnum></citerefentry>,
621
677
      <citerefentry><refentrytitle>crypttab</refentrytitle>