/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugin-runner.xml

  • Committer: Teddy Hogeborn
  • Date: 2016-03-19 03:19:04 UTC
  • Revision ID: teddy@recompile.se-20160319031904-v76knawxxbef79xv
Client: Fix permissions on plugin helper directory.

The Makefile target "install-client-nokey" creates the plugin-helper
directory /usr/lib/<ARCH>/mandos/plugin-helpers as mode u=rwx,go=
(0700).  Make this also the case for the Debian package.  Also change
the Makefile so it does not install the plugin helper
"mandos-client-iprouteadddel" as setuid root; this is unnecessary and
was, due to dh_fixperms, never propagated to the Debian package
anyway.

* Makefile (install-client-nokey): Do not set setuid bit on
  "plugin-helpers/mandos-client-iprouteadddel".
* debian/mandos-client.postinst (configure): If older version, fix
  permissions on plugin helper directory.
* debian/rules (override_dh_fixperms-arch): Exclude plugin helper
  directory from dh_fixperms.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "plugin-runner">
5
 
<!ENTITY TIMESTAMP "2009-01-04">
 
5
<!ENTITY TIMESTAMP "2016-03-17">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
 
36
      <year>2010</year>
 
37
      <year>2011</year>
 
38
      <year>2012</year>
 
39
      <year>2013</year>
 
40
      <year>2014</year>
 
41
      <year>2015</year>
 
42
      <year>2016</year>
36
43
      <holder>Teddy Hogeborn</holder>
37
44
      <holder>Björn Påhlsson</holder>
38
45
    </copyright>
113
120
      <arg><option>--plugin-dir=<replaceable
114
121
      >DIRECTORY</replaceable></option></arg>
115
122
      <sbr/>
 
123
      <arg><option>--plugin-helper-dir=<replaceable
 
124
      >DIRECTORY</replaceable></option></arg>
 
125
      <sbr/>
116
126
      <arg><option>--config-file=<replaceable
117
127
      >FILE</replaceable></option></arg>
118
128
      <sbr/>
260
270
            Disable the plugin named
261
271
            <replaceable>PLUGIN</replaceable>.  The plugin will not be
262
272
            started.
263
 
          </para>       
 
273
          </para>
264
274
        </listitem>
265
275
      </varlistentry>
266
276
      
319
329
      </varlistentry>
320
330
      
321
331
      <varlistentry>
 
332
        <term><option>--plugin-helper-dir
 
333
        <replaceable>DIRECTORY</replaceable></option></term>
 
334
        <listitem>
 
335
          <para>
 
336
            Specify a different plugin helper directory.  The default
 
337
            is <filename>/lib/mandos/plugin-helpers</filename>, which
 
338
            will exist in the initial <acronym>RAM</acronym> disk
 
339
            environment.  (This will simply be passed to all plugins
 
340
            via the <envar>MANDOSPLUGINHELPERDIR</envar> environment
 
341
            variable.  See <xref linkend="writing_plugins"/>)
 
342
          </para>
 
343
        </listitem>
 
344
      </varlistentry>
 
345
      
 
346
      <varlistentry>
322
347
        <term><option>--config-file
323
348
        <replaceable>FILE</replaceable></option></term>
324
349
        <listitem>
425
450
      <para>
426
451
        The plugin will run in the initial RAM disk environment, so
427
452
        care must be taken not to depend on any files or running
428
 
        services not available there.
 
453
        services not available there.  Any helper executables required
 
454
        by the plugin (which are not in the <envar>PATH</envar>) can
 
455
        be placed in the plugin helper directory, the name of which
 
456
        will be made available to the plugin via the
 
457
        <envar>MANDOSPLUGINHELPERDIR</envar> environment variable.
429
458
      </para>
430
459
      <para>
431
460
        The plugin must exit cleanly and free all allocated resources
474
503
      only passes on its environment to all the plugins.  The
475
504
      environment passed to plugins can be modified using the
476
505
      <option>--global-env</option> and <option>--env-for</option>
477
 
      options.
 
506
      options.  Also, the <option>--plugin-helper-dir</option> option
 
507
      will affect the environment variable
 
508
      <envar>MANDOSPLUGINHELPERDIR</envar> for the plugins.
478
509
    </para>
479
510
  </refsect1>
480
511
  
513
544
            </para>
514
545
          </listitem>
515
546
        </varlistentry>
 
547
        <varlistentry>
 
548
          <term><filename class="directory"
 
549
          >/lib/mandos/plugins.d</filename></term>
 
550
          <listitem>
 
551
            <para>
 
552
              The default plugin directory; can be changed by the
 
553
              <option>--plugin-dir</option> option.
 
554
            </para>
 
555
          </listitem>
 
556
        </varlistentry>
 
557
        <varlistentry>
 
558
          <term><filename class="directory"
 
559
          >/lib/mandos/plugin-helpers</filename></term>
 
560
          <listitem>
 
561
            <para>
 
562
              The default plugin helper directory; can be changed by
 
563
              the <option>--plugin-helper-dir</option> option.
 
564
            </para>
 
565
          </listitem>
 
566
        </varlistentry>
516
567
      </variablelist>
517
568
    </para>
518
569
  </refsect1>
523
574
      The <option>--config-file</option> option is ignored when
524
575
      specified from within a configuration file.
525
576
    </para>
 
577
    <xi:include href="bugs.xml"/>
526
578
  </refsect1>
527
579
  
528
580
  <refsect1 id="examples">
571
623
    </informalexample>
572
624
    <informalexample>
573
625
      <para>
574
 
        Run plugins from a different directory, read a different
575
 
        configuration file, and add two options to the
 
626
        Read a different configuration file, run plugins from a
 
627
        different directory, specify an alternate plugin helper
 
628
        directory and add two options to the
576
629
        <citerefentry><refentrytitle >mandos-client</refentrytitle>
577
630
        <manvolnum>8mandos</manvolnum></citerefentry> plugin:
578
631
      </para>
579
632
      <para>
580
633
 
581
634
<!-- do not wrap this line -->
582
 
<userinput>&COMMANDNAME;  --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/mandos/plugins.d --options-for=mandos-client:--pubkey=/etc/keys/mandos/pubkey.txt,--seckey=/etc/keys/mandos/seckey.txt</userinput>
 
635
<userinput>cd /etc/keys/mandos; &COMMANDNAME;  --config-file=/etc/mandos/plugin-runner.conf --plugin-dir /usr/lib/x86_64-linux-gnu/mandos/plugins.d --plugin-helper-dir /usr/lib/x86_64-linux-gnu/mandos/plugin-helpers --options-for=mandos-client:--pubkey=pubkey.txt,--seckey=seckey.txt</userinput>
583
636
 
584
637
      </para>
585
638
    </informalexample>
617
670
  <refsect1 id="see_also">
618
671
    <title>SEE ALSO</title>
619
672
    <para>
 
673
      <citerefentry><refentrytitle>intro</refentrytitle>
 
674
      <manvolnum>8mandos</manvolnum></citerefentry>,
620
675
      <citerefentry><refentrytitle>cryptsetup</refentrytitle>
621
676
      <manvolnum>8</manvolnum></citerefentry>,
622
677
      <citerefentry><refentrytitle>crypttab</refentrytitle>