From patchwork Fri Jun 19 01:28:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Oleg Pykhalov X-Patchwork-Id: 22776 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 5D3BF27BBE3; Fri, 19 Jun 2020 02:30:11 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,T_DKIM_INVALID,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id AF54727BBE1 for ; Fri, 19 Jun 2020 02:30:10 +0100 (BST) Received: from localhost ([::1]:57518 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jm5r8-0005I2-2d for patchwork@mira.cbaines.net; Thu, 18 Jun 2020 21:30:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35684) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jm5r1-0005He-FY for guix-patches@gnu.org; Thu, 18 Jun 2020 21:30:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:43194) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jm5r1-0003fF-68 for guix-patches@gnu.org; Thu, 18 Jun 2020 21:30:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jm5r1-00016E-19 for guix-patches@gnu.org; Thu, 18 Jun 2020 21:30:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#41573] [PATCH Shepherd] shepherd: service: Add #:supplementary-groups. Resent-From: Oleg Pykhalov Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 19 Jun 2020 01:30:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 41573 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?utf-8?q?Court=C3=A8s?= Cc: 41573@debbugs.gnu.org Received: via spool by 41573-submit@debbugs.gnu.org id=B41573.15925301584142 (code B ref 41573); Fri, 19 Jun 2020 01:30:02 +0000 Received: (at 41573) by debbugs.gnu.org; 19 Jun 2020 01:29:18 +0000 Received: from localhost ([127.0.0.1]:54740 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jm5qH-00014j-EJ for submit@debbugs.gnu.org; Thu, 18 Jun 2020 21:29:17 -0400 Received: from mail-lf1-f50.google.com ([209.85.167.50]:38549) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jm5qE-00014Q-2c for 41573@debbugs.gnu.org; Thu, 18 Jun 2020 21:29:15 -0400 Received: by mail-lf1-f50.google.com with SMTP id d27so4599625lfq.5 for <41573@debbugs.gnu.org>; Thu, 18 Jun 2020 18:29:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=Yp/bOstr02hA5EuLdWSZzIuYDBQ4PR5MvToI06DU+hU=; b=rMnqVZMSiJnfb5YtvTAz9dD4vynVLlo70UNoqv2vEbzMD8cjUmiNsQ49JsatOyMYvD hqz7TR7+et62O4XEPfbBxz/we0DLC/0/kRbKoi4c+GhMX4eBgQPuVgHtoyMtQLH39G8r SOwQW4iY8PCpazpRHKreaB5IN6DNEDlduES6R9Ju6Ya8DSgZ/4PxD4gCIQeQna1dWJ1h kkiSOz17mJScODv1G1x/z1qR/GaiQdCE3qlxF7+LMYk60fmrIMf6tf37pmXxe+w9V/KN JqRaDzZKKkUEC0HAKHm2yYSsjaKz5dtJGBXuKZ7yCd9n08cQJJemsMQD86CAVHOyyPGK c3DQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=Yp/bOstr02hA5EuLdWSZzIuYDBQ4PR5MvToI06DU+hU=; b=tFfnOAVZqmewimlrfcDWUePbELZxHe2sLIJSnge2Lk8ZxJv252EU1klA31AJgU4SaZ m0//0IqX+DY5dSj+Z38gBorZNL01UlL5jVKqQPk9kCi+0dyCaYlfDlQqvFlVV5Wa5zGy d3Q2cH2RRVj/hIMACxBTHOusE5kIjWdTmNcWTZ2ZxFWiozesi4GgKVMFsoJ2/+z0hK5f VnUQh2KOljfULtp34wqJLDvuBGrZdnpqgoWWY81/pxaRtr7TKYCeoDWq3QDm+UiqKadz dnnA96gNWSPedJE4EpP5R+1L8hgFSkz6oddwG9ddRNbJ71LzJ/rOIyrK7TZlzyJmvE0o RosQ== X-Gm-Message-State: AOAM532GBh65fYn8i5d2ErRVEi66vkiZd2UB/3giwAymnfyDOh4G/Icg mDtO0pub0LWzUQIe5E+F8i3u7xbuyTA= X-Google-Smtp-Source: ABdhPJyRJI36fjwENdBCjg9m3t2tcBXhjsNhyIy9wn4omVEv1ZGsw2klRV3e5bW7NW0H9eFPdqvjjQ== X-Received: by 2002:a19:ca11:: with SMTP id a17mr544400lfg.120.1592530147397; Thu, 18 Jun 2020 18:29:07 -0700 (PDT) Received: from guixsd (ppp91-122-98-213.pppoe.avangarddsl.ru. [91.122.98.213]) by smtp.gmail.com with ESMTPSA id p2sm920565ljg.95.2020.06.18.18.29.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 18:29:05 -0700 (PDT) From: Oleg Pykhalov References: <87a71sbpr4.fsf@gmail.com> <87mu55s72d.fsf@gnu.org> Date: Fri, 19 Jun 2020 04:28:57 +0300 In-Reply-To: <87mu55s72d.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Sun, 14 Jun 2020 22:53:14 +0200") Message-ID: <871rmb4zdy.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches Hello, Ludovic Courtès writes: > Oleg Pykhalov skribis: > >> From 5718eb5f4130530b48df896d7f7e4a126e08428a Mon Sep 17 00:00:00 2001 >> From: Oleg Pykhalov >> Date: Sun, 24 May 2020 20:30:27 +0300 >> Subject: [PATCH] service: Add #:supplementary-groups. >> >> * modules/shepherd/service.scm (format-supplementary-groups): New procedure. >> (exec-command, fork+exec-command, make-forkexec-constructor): Add >> '#:supplementary-groups'. >> * doc/shepherd.texi (Service De- and Constructors): Document this. > > [...] > >> +(define (format-supplementary-groups supplementary-groups) >> + (if (vector? supplementary-groups) >> + supplementary-groups >> + (list->vector (map (lambda (group) (group:gid (getgr group))) >> + supplementary-groups)))) > > Perhaps we should remove the ‘vector?’ case, no? I find it clearer when > the interface accepts just one single data type. OK. > Apart from that, it LGTM! > > Note that for compatibility reasons we’ll have to wait before using it > in Guix System. No problem. I updated the patch and tested it again with make check and reconfiguring my system. From 20a08c750c4d6126d36835c64fed211299cb03e3 Mon Sep 17 00:00:00 2001 From: Oleg Pykhalov Date: Sun, 24 May 2020 20:30:27 +0300 Subject: [PATCH] service: Add #:supplementary-groups. * modules/shepherd/service.scm (format-supplementary-groups): New procedure. (exec-command, fork+exec-command, make-forkexec-constructor): Add '#:supplementary-groups'. * doc/shepherd.texi (Service De- and Constructors): Document this. --- doc/shepherd.texi | 39 +++++++++++++++++++++--------------- modules/shepherd/service.scm | 12 ++++++++++- 2 files changed, 34 insertions(+), 17 deletions(-) diff --git a/doc/shepherd.texi b/doc/shepherd.texi index 1de49af..18f1a4d 100644 --- a/doc/shepherd.texi +++ b/doc/shepherd.texi @@ -11,7 +11,8 @@ @copying Copyright @copyright{} @value{OLD-YEARS} Wolfgang J@"ahrling@* Copyright @copyright{} @value{NEW-YEARS} Ludovic Courtès@* -Copyright @copyright{} 2020 Brice Waegeneire +Copyright @copyright{} 2020 Brice Waegeneire@* +Copyright @copyright{} 2020 Oleg Pykhalov Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -893,21 +894,24 @@ execution of the @var{command} was successful, @code{#t} if not. @deffn {procedure} make-forkexec-constructor @var{command} @ [#:user #f] @ [#:group #f] @ + [#:supplementary-groups '()] @ [#:pid-file #f] [#:pid-file-timeout (default-pid-file-timeout)] @ [#:log-file #f] @ [#:directory (default-service-directory)] @ [#:file-creation-mask #f] @ [#:environment-variables (default-environment-variables)] Return a procedure that forks a child process, closes all file -descriptors except the standard output and standard error descriptors, sets -the current directory to @var{directory}, sets the umask to -@var{file-creation-mask} unless it is @code{#f}, changes the environment to -@var{environment-variables} (using the @code{environ} procedure), sets the -current user to @var{user} and the current group to @var{group} unless they -are @code{#f}, and executes @var{command} (a list of strings.) The result of -the procedure will be the PID of the child process. Note that this will -not work as expected if the process ``daemonizes'' (forks); in that -case, you will need to pass @code{#:pid-file}, as explained below. +descriptors except the standard output and standard error descriptors, +sets the current directory to @var{directory}, sets the umask to +@var{file-creation-mask} unless it is @code{#f}, changes the environment +to @var{environment-variables} (using the @code{environ} procedure), +sets the current user to @var{user} the current group to @var{group} +unless they are @code{#f} and supplementary groups to +@var{supplementary-groups} unless they are @code{'()}, and executes +@var{command} (a list of strings.) The result of the procedure will be +the PID of the child process. Note that this will not work as expected +if the process ``daemonizes'' (forks); in that case, you will need to +pass @code{#:pid-file}, as explained below. When @var{pid-file} is true, it must be the name of a PID file associated with the process being launched; the return value is the PID @@ -937,6 +941,7 @@ procedures. @deffn {procedure} exec-command @var{command} @ [#:user #f] @ [#:group #f] @ + [#:supplementary-groups '()] @ [#:log-file #f] @ [#:directory (default-service-directory)] @ [#:file-creation-mask #f] @ @@ -944,6 +949,7 @@ procedures. @deffnx {procedure} fork+exec-command @var{command} @ [#:user #f] @ [#:group #f] @ + [#:supplementary-groups '()] @ [#:directory (default-service-directory)] @ [#:file-creation-mask #f] @ [#:environment-variables (default-environment-variables)] @@ -955,12 +961,13 @@ if it's true, whereas file descriptor 0 (standard input) points to @file{/dev/null}; all other file descriptors are closed prior to yielding control to @var{command}. -By default, @var{command} is run as the current user. If the -@var{user} keyword argument is present and not false, change to -@var{user} immediately before invoking @var{command}. @var{user} may -be a string, indicating a user name, or a number, indicating a user -ID. Likewise, @var{command} will be run under the current group, -unless the @var{group} keyword argument is present and not false. +By default, @var{command} is run as the current user. If the @var{user} +keyword argument is present and not false, change to @var{user} +immediately before invoking @var{command}. @var{user} may be a string, +indicating a user name, or a number, indicating a user ID. Likewise, +@var{command} will be run under the current group, unless the +@var{group} keyword argument is present and not false, and +supplementary-groups is not '(). @code{fork+exec-command} does the same as @code{exec-command}, but in a separate process whose PID it returns. diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm index 347b8cc..587ff68 100644 --- a/modules/shepherd/service.scm +++ b/modules/shepherd/service.scm @@ -6,6 +6,7 @@ ;; Copyright (C) 2018 Carlo Zancanaro ;; Copyright (C) 2019 Ricardo Wurmus ;; Copyright (C) 2020 Mathieu Othacehe +;; Copyright (C) 2020 Oleg Pykhalov ;; ;; This file is part of the GNU Shepherd. ;; @@ -773,10 +774,15 @@ daemon writing FILE is running in a separate PID namespace." (try-again) (apply throw args))))))) +(define (format-supplementary-groups supplementary-groups) + (list->vector (map (lambda (group) (group:gid (getgr group))) + supplementary-groups))) + (define* (exec-command command #:key (user #f) (group #f) + (supplementary-groups '()) (log-file #f) (directory (default-service-directory)) (file-creation-mask #f) @@ -832,7 +838,7 @@ false." (catch #t (lambda () ;; Clear supplementary groups. - (setgroups #()) + (setgroups (format-supplementary-groups supplementary-groups)) (setgid (group:gid (getgr group)))) (lambda (key . args) (format (current-error-port) @@ -879,6 +885,7 @@ false." #:key (user #f) (group #f) + (supplementary-groups '()) (log-file #f) (directory (default-service-directory)) (file-creation-mask #f) @@ -909,6 +916,7 @@ its PID." (exec-command command #:user user #:group group + #:supplementary-groups supplementary-groups #:log-file log-file #:directory directory #:file-creation-mask file-creation-mask @@ -919,6 +927,7 @@ its PID." #:key (user #f) (group #f) + (supplementary-groups '()) (directory (default-service-directory)) (environment-variables (default-environment-variables)) @@ -956,6 +965,7 @@ start." (let ((pid (fork+exec-command command #:user user #:group group + #:supplementary-groups supplementary-groups #:log-file log-file #:directory directory #:file-creation-mask file-creation-mask -- 2.26.2