Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/librestart/common/librestart.h
+++ new/usr/src/lib/librestart/common/librestart.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
23 23 */
24 24
|
↓ open down ↓ |
24 lines elided |
↑ open up ↑ |
25 25 #ifndef _LIBRESTART_H
26 26 #define _LIBRESTART_H
27 27
28 28 #include <libsysevent.h>
29 29 #include <libcontract.h>
30 30 #include <libscf.h>
31 31 #include <limits.h>
32 32 #include <priv.h>
33 33 #include <pwd.h>
34 34 #include <sys/types.h>
35 +#include <sys/secflags.h>
35 36
36 37 #ifdef __cplusplus
37 38 extern "C" {
38 39 #endif
39 40
40 41 /*
41 42 * There are 3 parts to librestart.
42 43 * 1) The event protocol from the master restarter to its delegates.
43 44 * 2) A functional interface for updating the repository.
44 45 * 3) Convenience functions for common restarter tasks.
45 46 *
46 47 * Event protocol
47 48 * We need a reliable event protocol, as there's no way to define
48 49 * restarter events as idempotent.
49 50 *
50 51 * Currently using sysevent channels as the reliable event implementation.
51 52 * This could change if the implementation proves unsuitable, but
52 53 * the API defined here should abstract anything but a change in
53 54 * the fundamental event model.
54 55 *
55 56 * We offer functions to tease apart the event rather than generic
56 57 * nvpair interfaces. This is because each event type has a well-
57 58 * defined set of fields.
58 59 */
59 60
60 61 /*
61 62 * Some of the functions have external contracted consumers, review contracts
62 63 * when making incompatible changes.
63 64 */
64 65
65 66 typedef struct restarter_event_handle restarter_event_handle_t;
66 67 typedef struct restarter_event restarter_event_t;
67 68
68 69 typedef uint32_t restarter_event_type_t;
69 70
70 71 /*
71 72 * Define an event protocol version. In theory, we could use this in
72 73 * the future to support delegated restarters which use an older
73 74 * protocol. In practice, increment RESTARTER_EVENT_VERSION whenever the
74 75 * protocol might have changed.
75 76 */
76 77 #define RESTARTER_EVENT_VERSION 5
77 78
78 79 #define RESTARTER_FLAG_DEBUG 1
79 80
80 81 #define RESTARTER_ERRMSGSZ 1024
81 82
82 83 /*
83 84 * Event types
84 85 * RESTARTER_EVENT_TYPE_ADD_INSTANCE
85 86 * responsible for a new (stopped) instance
86 87 * RESTARTER_EVENT_TYPE_REMOVE_INSTANCE
87 88 * no longer responsible for this instance; stop it and return
88 89 * RESTARTER_EVENT_TYPE_ENABLE
89 90 * no guarantee that dependencies are met; see
90 91 * RESTARTER_EVENT_TYPE_START
91 92 * RESTARTER_EVENT_TYPE_DISABLE
92 93 * no guarantee that instance was running
93 94 * RESTARTER_EVENT_TYPE_ADMIN_DEGRADED
94 95 * RESTARTER_EVENT_TYPE_ADMIN_REFRESH
95 96 * RESTARTER_EVENT_TYPE_ADMIN_RESTART
96 97 * RESTARTER_EVENT_TYPE_ADMIN_MAINT_OFF
97 98 * RESTARTER_EVENT_TYPE_ADMIN_MAINT_ON
98 99 * RESTARTER_EVENT_TYPE_ADMIN_MAINT_ON_IMMEDIATE
99 100 * RESTARTER_EVENT_TYPE_ADMIN_MAINT_OFF
100 101 * RESTARTER_EVENT_TYPE_STOP
101 102 * dependencies are, or are becoming, unsatisfied
102 103 * RESTARTER_EVENT_TYPE_START
103 104 * dependencies have become satisfied
104 105 * RESTARTER_EVENT_TYPE_DEPENDENCY_CYCLE
105 106 * instance caused a dependency cycle
106 107 * RESTARTER_EVENT_TYPE_INVALID_DEPENDENCY
107 108 * instance has an invalid dependency
108 109 */
109 110
110 111 #define RESTARTER_EVENT_TYPE_INVALID 0
111 112 #define RESTARTER_EVENT_TYPE_ADD_INSTANCE 1
112 113 #define RESTARTER_EVENT_TYPE_REMOVE_INSTANCE 2
113 114 #define RESTARTER_EVENT_TYPE_ENABLE 3
114 115 #define RESTARTER_EVENT_TYPE_DISABLE 4
115 116 #define RESTARTER_EVENT_TYPE_ADMIN_DEGRADED 5
116 117 #define RESTARTER_EVENT_TYPE_ADMIN_REFRESH 6
117 118 #define RESTARTER_EVENT_TYPE_ADMIN_RESTART 7
118 119 #define RESTARTER_EVENT_TYPE_ADMIN_MAINT_OFF 8
119 120 #define RESTARTER_EVENT_TYPE_ADMIN_MAINT_ON 9
120 121 #define RESTARTER_EVENT_TYPE_ADMIN_MAINT_ON_IMMEDIATE 10
121 122 #define RESTARTER_EVENT_TYPE_STOP 11
122 123 #define RESTARTER_EVENT_TYPE_START 12
123 124 #define RESTARTER_EVENT_TYPE_DEPENDENCY_CYCLE 13
124 125 #define RESTARTER_EVENT_TYPE_INVALID_DEPENDENCY 14
125 126 #define RESTARTER_EVENT_TYPE_ADMIN_DISABLE 15
126 127 #define RESTARTER_EVENT_TYPE_STOP_RESET 16
127 128
128 129 #define RESTARTER_EVENT_ERROR -1
129 130
130 131 #define RESTARTER_EVENT_INSTANCE_DISABLED 0
131 132 #define RESTARTER_EVENT_INSTANCE_ENABLED 1
132 133
133 134 typedef enum {
134 135 RESTARTER_STATE_NONE,
135 136 RESTARTER_STATE_UNINIT,
136 137 RESTARTER_STATE_MAINT,
137 138 RESTARTER_STATE_OFFLINE,
138 139 RESTARTER_STATE_DISABLED,
139 140 RESTARTER_STATE_ONLINE,
140 141 RESTARTER_STATE_DEGRADED
141 142 } restarter_instance_state_t;
142 143
143 144 /*
144 145 * These values are ordered by severity of required restart, as we use
145 146 * integer comparisons to determine error flow.
146 147 */
147 148 typedef enum {
148 149 RERR_UNSUPPORTED = -1,
149 150 RERR_NONE = 0, /* no error, restart, refresh */
150 151 RERR_FAULT, /* fault occurred */
151 152 RERR_RESTART, /* transition due to restart */
152 153 RERR_REFRESH /* transition due to refresh */
153 154 } restarter_error_t;
154 155 /*
155 156 * restarter_store_contract() and restarter_remove_contract() types
156 157 */
157 158 typedef enum {
158 159 RESTARTER_CONTRACT_PRIMARY,
159 160 RESTARTER_CONTRACT_TRANSIENT
160 161 } restarter_contract_type_t;
161 162
162 163 /*
163 164 * restarter_bind_handle() registers a delegate with svc.startd to
164 165 * begin consuming events.
165 166 *
166 167 * On initial bind, the delgated restarter receives an event for each
167 168 * instance it is responsible for, as if that instance was new.
168 169 *
169 170 * callers must have superuser privileges
170 171 *
171 172 * The event handler can return 0 for success, or EAGAIN to request
172 173 * retry of event delivery. EAGAIN may be returned 3 times before the
173 174 * event is discarded.
174 175 */
175 176 int restarter_bind_handle(uint32_t, const char *,
176 177 int (*event_handler)(restarter_event_t *), int,
177 178 restarter_event_handle_t **);
178 179
179 180 restarter_event_type_t restarter_event_get_type(restarter_event_t *);
180 181 uint64_t restarter_event_get_seq(restarter_event_t *);
181 182 void restarter_event_get_time(restarter_event_t *, hrtime_t *);
182 183 ssize_t restarter_event_get_instance(restarter_event_t *, char *, size_t);
183 184 restarter_event_handle_t *restarter_event_get_handle(restarter_event_t *);
184 185
185 186 /*
186 187 * The following functions work only on certain types of events.
187 188 * They fail with a return of -1 if they're called on an inappropriate event.
188 189 */
189 190 int restarter_event_get_enabled(restarter_event_t *);
190 191 int restarter_event_get_current_states(restarter_event_t *,
191 192 restarter_instance_state_t *, restarter_instance_state_t *);
192 193
193 194 /*
194 195 * State transition reasons
195 196 */
196 197
197 198 typedef enum {
198 199 restarter_str_none,
199 200 restarter_str_administrative_request,
200 201 restarter_str_bad_repo_state,
201 202 restarter_str_clear_request,
202 203 restarter_str_ct_ev_core,
203 204 restarter_str_ct_ev_exit,
204 205 restarter_str_ct_ev_hwerr,
205 206 restarter_str_ct_ev_signal,
206 207 restarter_str_dependencies_satisfied,
207 208 restarter_str_dependency_activity,
208 209 restarter_str_dependency_cycle,
209 210 restarter_str_disable_request,
210 211 restarter_str_enable_request,
211 212 restarter_str_fault_threshold_reached,
212 213 restarter_str_insert_in_graph,
213 214 restarter_str_invalid_dependency,
214 215 restarter_str_invalid_restarter,
215 216 restarter_str_method_failed,
216 217 restarter_str_per_configuration,
217 218 restarter_str_refresh,
218 219 restarter_str_restart_request,
219 220 restarter_str_restarting_too_quickly,
220 221 restarter_str_service_request,
221 222 restarter_str_startd_restart
222 223 } restarter_str_t;
223 224
224 225 struct restarter_state_transition_reason {
225 226 restarter_str_t str_key;
226 227 const char *str_short;
227 228 const char *str_long;
228 229 };
229 230
230 231 /*
231 232 * Functions for updating the repository.
232 233 */
233 234
234 235 /*
235 236 * When setting state to "maintenance", callers of restarter_set_states() can
236 237 * set aux_state to "service_request" to communicate that another service has
237 238 * requested maintenance state for the target service.
238 239 *
239 240 * Callers should use restarter_inst_validate_aux_fmri() to validate the fmri
240 241 * of the requested service and pass "service_request" for aux_state when
241 242 * calling restarter_set_states(). See inetd and startd for examples.
242 243 */
243 244 int restarter_set_states(restarter_event_handle_t *, const char *,
244 245 restarter_instance_state_t, restarter_instance_state_t,
245 246 restarter_instance_state_t, restarter_instance_state_t, restarter_error_t,
246 247 restarter_str_t);
247 248 int restarter_event_publish_retry(evchan_t *, const char *, const char *,
248 249 const char *, const char *, nvlist_t *, uint32_t);
249 250
250 251 /*
251 252 * functions for retrieving the state transition reason messages
252 253 */
253 254
254 255 #define RESTARTER_STRING_VERSION 1
255 256
256 257 uint32_t restarter_str_version(void);
257 258 const char *restarter_get_str_short(restarter_str_t);
|
↓ open down ↓ |
213 lines elided |
↑ open up ↑ |
258 259 const char *restarter_get_str_long(restarter_str_t);
259 260
260 261 int restarter_store_contract(scf_instance_t *, ctid_t,
261 262 restarter_contract_type_t);
262 263 int restarter_remove_contract(scf_instance_t *, ctid_t,
263 264 restarter_contract_type_t);
264 265
265 266 ssize_t restarter_state_to_string(restarter_instance_state_t, char *, size_t);
266 267 restarter_instance_state_t restarter_string_to_state(char *);
267 268
268 -#define RESTARTER_METHOD_CONTEXT_VERSION 7
269 +#define RESTARTER_METHOD_CONTEXT_VERSION 8
269 270
270 271 struct method_context {
271 272 /* Stable */
272 273 uid_t uid, euid;
273 274 gid_t gid, egid;
274 275 int ngroups; /* -1 means use initgroups(). */
275 276 gid_t groups[NGROUPS_MAX];
277 + psecflags_t def_secflags;
278 + secflagdelta_t secflag_delta;
276 279 priv_set_t *lpriv_set, *priv_set;
277 280 char *corefile_pattern; /* Optional. */
278 281 char *project; /* NULL for no change */
279 282 char *resource_pool; /* NULL for project default */
280 283 char *working_dir; /* NULL for :default */
281 284 char **env; /* NULL for no env */
282 285 size_t env_sz; /* size of env array */
283 286
284 287 /* Private */
285 288 char *vbuf;
286 289 ssize_t vbuf_sz;
287 290 struct passwd pwd;
288 291 char *pwbuf;
289 292 ssize_t pwbufsz;
290 293 };
291 294
292 295 /*
293 296 * An error structure that contains a message string, and a type
294 297 * that can be used to determine course of action by the reciever
295 298 * of the error structure.
296 299 *
297 300 * type - usually will be an errno equivalent but could contain
298 301 * defined error types for exampe SCF_ERROR_XXX
299 302 * msg - must be at the end of the structure as if the message is
300 303 * longer than EMSGSIZE we will reallocate the structure to
301 304 * handle the overflow
302 305 */
303 306 typedef struct mc_error {
304 307 int destroy; /* Flag to indicate destruction steps */
305 308 int type; /* Type of error for decision making */
306 309 int size; /* The size of the error message string */
307 310 char msg[RESTARTER_ERRMSGSZ];
308 311 } mc_error_t;
309 312
310 313 int restarter_rm_libs_loadable(void);
311 314 /* instance, restarter name, method name, command line, structure pointer */
312 315 mc_error_t *restarter_get_method_context(uint_t, scf_instance_t *,
313 316 scf_snapshot_t *, const char *, const char *, struct method_context **);
314 317 void restarter_mc_error_destroy(mc_error_t *);
315 318 int restarter_set_method_context(struct method_context *, const char **);
316 319 void restarter_free_method_context(struct method_context *);
317 320
318 321
319 322 int restarter_is_null_method(const char *);
320 323 int restarter_is_kill_method(const char *);
321 324 int restarter_is_kill_proc_method(const char *);
322 325
323 326 /* Validate the inst fmri specified in restarter_actions/auxiliary_fmri */
324 327 int restarter_inst_validate_ractions_aux_fmri(scf_instance_t *);
325 328
326 329 /* Delete instance's restarter_actions/auxiliary_fmri property */
327 330 int restarter_inst_reset_ractions_aux_fmri(scf_instance_t *);
328 331
329 332 /* Get boolean value from instance's restarter_actions/auxiliary_tty */
330 333 int restarter_inst_ractions_from_tty(scf_instance_t *);
331 334
332 335 /* Delete instance's restarter/auxiliary_fmri property */
333 336 int restarter_inst_reset_aux_fmri(scf_instance_t *);
334 337
335 338 /* Get boolean value from instance's restarter_actions/do_dump */
336 339 int restarter_inst_dump(scf_instance_t *);
337 340
338 341 /*
339 342 * Set instance's restarter/auxiliary_fmri, value come from
340 343 * restarter_actions/auxliary_fmri
341 344 */
342 345 int restarter_inst_set_aux_fmri(scf_instance_t *);
343 346
344 347 #ifdef __cplusplus
345 348 }
346 349 #endif
347 350
348 351 #endif /* _LIBRESTART_H */
|
↓ open down ↓ |
63 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX