WIP

8 files changed, 71 insertions, 22 deletions

diff --git a/v3/glougloud/Makefile b/v3/glougloud/Makefile
index 202b96c..d1d88ca 100644
--- a/v3/glougloud/Makefile
+++ b/v3/glougloud/Makefile
@@ -5,20 +5,38 @@ CFLAGS+=-Wall -g
 LDFLAGS=-levent -ldnet -lglouglou -ldl -lhiredis
 USER_PROBES = _glougloud_probe
 USER_VIZ = _glougloud_viz
+USER_DEFAULT = _glougloud
+GLOUGLOUD_HOME = "/var/lib/glougloud"
+GLOUGLOUD_CHROOT = "$(GLOUGLOUD_HOME)/chroot"
 
 PREFIX=/usr/local
-BINDIR=$(PREFIX)/bin
+BINDIR=$(PREFIX)/sbin
 
 all:
 	make $(OBJECTS)
 	$(CC) $(OBJECTS) -o $(PROG) $(LDFLAGS)
 
 install: $(PROG)
-	@echo "creating users $(USER_PROBES) and $(USER_VIZ)"
-	cmdp="useradd -r -d /var/empty/ -s /sbin/nologin $(USER_PROBES)" ;\
+	@echo "creating glougloud home $(GLOUGLOUD_HOME)"
+	sudo mkdir -p $(GLOUGLOUD_HOME)
+	@echo "creating glougloud chroot $(GLOUGLOUD_CHROOT)"
+	sudo mkdir -p $(GLOUGLOUD_CHROOT)
+	sudo mkdir -p $(GLOUGLOUD_CHROOT)/socket
+	@echo "creating 3 users: $(USER_DEFAULT), $(USER_PROBES), $(USER_VIZ)"
+	cmdp="useradd -r -d $(GLOUGLOUD_CHROOT) -s /sbin/nologin $(USER_DEFAULT)" ;\
 	echo $$cmdp; $$($$cmdp) ;\
-	cmdp="useradd -r -d /var/empty/ -s /sbin/nologin $(USER_VIZ)" ;\
+	cmdp="useradd -r -d $(GLOUGLOUD_CHROOT) -s /sbin/nologin $(USER_PROBES)" ;\
 	echo $$cmdp; $$($$cmdp) ;\
+	cmdp="usermod -a -G $(USER_DEFAULT) $(USER_PROBES)" ;\
+	echo $$cmdp; $$($$cmdp) ;\
+	cmdp="useradd -r -d $(GLOUGLOUD_CHROOT) -s /sbin/nologin $(USER_VIZ)" ;\
+	echo $$cmdp; $$($$cmdp) ;\
+	cmdp="usermod -a -G $(USER_DEFAULT) $(USER_VIZ)" ;\
+	echo $$cmdp; $$($$cmdp) ;
+	@echo "setting ownership for glougloud chroot $(GLOUGLOUD_CHROOT)"
+	sudo chown -R root:$(USER_DEFAULT) $(GLOUGLOUD_HOME)
+	chmod -R 750 $(GLOUGLOUD_HOME)
+	chmod 770 $(GLOUGLOUD_CHROOT)/socket
 	echo done
 	@echo "installation of $(PROG)"
 	mkdir -p $(BINDIR)
diff --git a/v3/glougloud/glougloud.c b/v3/glougloud/glougloud.c
index 07628fb..8942d94 100644
--- a/v3/glougloud/glougloud.c
+++ b/v3/glougloud/glougloud.c
@@ -29,8 +29,12 @@ static void
 sig_handler(int sig, short why, void *data)
 {
 	log_info("got signal %d", sig);
-	if (sig == SIGINT || sig == SIGTERM)
+	if (sig == SIGINT || sig == SIGTERM) {
+		viz_shutdown();
+		probes_shutdown();
+		redis_shutdown();
 		event_base_loopexit(ev_base, NULL);
+	}
 }
 
 int
@@ -49,7 +53,8 @@ main(int argc, char **argv)
 	ggd->daemonize = 1;
 	ggd->logfile = GLOUGLOUD_LOGFILE;
 	ggd->loglevel = LOG_WARN;
-	ggd->redis.socket = "/tmp/glougloud_redis.sock";
+	ggd->redis.socket_chrooted = "/socket/redis.sock";
+	ggd->redis.socket = "/var/lib/glougloud/chroot/socket/redis.sock";
 
 	while ((op = getopt(argc, argv, "Dhl:L:p:P:v")) != -1) {
 		switch (op) {
@@ -88,6 +93,13 @@ main(int argc, char **argv)
 	log_init(ggd->logfile, ggd->loglevel);
 	log_warn("glougloud startup");
 
+	if (redis_init(ggd) < 0)
+		log_fatal("init redis failed");
+	if (probes_init(ggd) < 0)
+		log_fatal("init probes failed");
+	if (viz_init(ggd) < 0)
+		log_fatal("init viz failed");
+
 	ev_base = event_base_new();
 	ev_sigint = evsignal_new(ev_base, SIGINT, sig_handler, NULL);
 	ev_sigterm = evsignal_new(ev_base, SIGTERM, sig_handler, NULL);
@@ -99,13 +111,6 @@ main(int argc, char **argv)
 	evsignal_add(ev_sighup, NULL);
 	signal(SIGPIPE, SIG_IGN);
 
-	if (redis_init(ggd) < 0)
-		log_fatal("init redis failed");
-	if (probes_init(ggd) < 0)
-		log_fatal("init probes failed");
-	if (viz_init(ggd) < 0)
-		log_fatal("init viz failed");
-
 	if (ggd->daemonize) {
 		ggd->pid = fork();
 		log_info("daemonized, pid %d", ggd->pid);
diff --git a/v3/glougloud/glougloud.h b/v3/glougloud/glougloud.h
index dfc84e9..3f59603 100644
--- a/v3/glougloud/glougloud.h
+++ b/v3/glougloud/glougloud.h
@@ -5,6 +5,7 @@
 #include <hiredis/hiredis.h>
 #include <hiredis/async.h>
 
+#define GLOUGLOUD_USER_DEFAULT "_glougloud"
 #define GLOUGLOUD_USER_PROBES "_glougloud_probe"
 #define GLOUGLOUD_USER_VIZ "_glougloud_viz"
 #define GLOUGLOUD_LOGFILE "/var/log/glougloud.log"
@@ -17,6 +18,7 @@ struct glougloud {
 	int pid;
 	struct {
 		char *socket;
+		char *socket_chrooted;
 	} redis;
 	struct {
 		struct addr serv_ip;
diff --git a/v3/glougloud/probes.c b/v3/glougloud/probes.c
index 93cc0d4..3e7d657 100644
--- a/v3/glougloud/probes.c
+++ b/v3/glougloud/probes.c
@@ -57,6 +57,7 @@ probes_init(struct glougloud *ggd) {
 	if (_probes->pid > 0)
 		return 0;
 	droppriv(GLOUGLOUD_USER_PROBES, 1, NULL);
+	setprocname("probes");
 
 	_probes->evb = event_base_new();
 	_probes->mods = modules_load(GLOUGLOUD_MOD_PATH, NULL);
diff --git a/v3/glougloud/redis.c b/v3/glougloud/redis.c
index 8589326..6fca983 100644
--- a/v3/glougloud/redis.c
+++ b/v3/glougloud/redis.c
@@ -21,7 +21,7 @@ int
 redis_init(struct glougloud *ggd) {
 	char redis_conf[4096];
 	char *echo_args[] = {"echo", redis_conf, NULL};
-	char *redis_args[] = {"redis-server", "-", NULL};
+	char *redis_args[] = {"glougloud: redis", "-", NULL};
 	char newpath[4096];
 	char *path;
 
@@ -30,7 +30,7 @@ redis_init(struct glougloud *ggd) {
 	_redis->pid = fork();
 	if (_redis->pid > 0)
 		return 0;
-	droppriv(GLOUGLOUD_USER_PROBES, 0, NULL);
+	droppriv(GLOUGLOUD_USER_DEFAULT, 0, NULL);
 	path = getenv("PATH");
 	snprintf(newpath, sizeof(newpath),
 		"%s:/sbin:/usr/sbin:/usr/local/sbin", path);
@@ -41,7 +41,7 @@ redis_init(struct glougloud *ggd) {
 		"pidfile /var/run/glougloud/redis.pid\n"
 		"port 0\n"
 		"unixsocket %s\n"
-		"unixsocketperm 750\n"
+		"unixsocketperm 770\n"
 		"timeout 0\n"
 		"loglevel notice\n"
 		/* XXX for the moment we log in glougloud log
@@ -76,11 +76,13 @@ redis_connect(struct event_base *evb,
 {
 	redisAsyncContext *rc;
 
-	rc = redisAsyncConnectUnix(_ggd->redis.socket);
-	if (rc->err) {
-		log_warn("redis connect: %s\n", rc->errstr);
-		return NULL;
-	}
+	do {
+		rc = redisAsyncConnectUnix(_ggd->redis.socket_chrooted);
+		if (rc->err) {
+			log_warn("redis connect: %s\n", rc->errstr);
+			sleep(1);
+		}
+	} while (rc->err);
 	redisLibeventAttach(rc, evb);
 	redisAsyncSetConnectCallback(rc, cb_connect);
 	redisAsyncSetDisconnectCallback(rc, cb_disconnect);
diff --git a/v3/glougloud/viz.c b/v3/glougloud/viz.c
index 730ccf1..46f3f77 100644
--- a/v3/glougloud/viz.c
+++ b/v3/glougloud/viz.c
@@ -54,13 +54,15 @@ cb_srv_conn(evutil_socket_t listener, short event, void *arg)
 }
 
 int
-viz_init(struct glougloud *ggd) {
+viz_init(struct glougloud *ggd)
+{
 	_ggd = ggd;
 	_viz = xcalloc(1, sizeof(struct glougloud_viz));
 	_viz->pid = fork();
 	if (_viz->pid > 0)
 		return 0;
 	droppriv(GLOUGLOUD_USER_VIZ, 1, NULL);
+	setprocname("viz");
 
 	_viz->evb = event_base_new();
 	_viz->mods = modules_load(GLOUGLOUD_MOD_PATH, NULL);
diff --git a/v3/libglouglou/libglouglou.h b/v3/libglouglou/libglouglou.h
index 8944d59..cd85c5f 100644
--- a/v3/libglouglou/libglouglou.h
+++ b/v3/libglouglou/libglouglou.h
@@ -131,5 +131,6 @@ int	exec_pipe(char *, char **, char *, char **);
 void	kill_wait(pid_t, int);
 struct event *tcp_server_create(struct event_base *, struct addr *, int, event_callback_fn, void *);
 struct event *udp_server_create(struct event_base *, struct addr *, int, event_callback_fn, void *);
+void	setprocname(const char *);
 
 #endif /* _LIBGLOUGLOU_H_ */
diff --git a/v3/libglouglou/utils.c b/v3/libglouglou/utils.c
index 1136869..723cfdc 100644
--- a/v3/libglouglou/utils.c
+++ b/v3/libglouglou/utils.c
@@ -21,6 +21,10 @@
 #include <sys/wait.h>
 #include <sys/socket.h>
 
+#if !defined(__OpenBSD__)
+#include <sys/prctl.h>
+#endif
+
 #include "libglouglou.h"
 
 /*
@@ -256,3 +260,17 @@ err:
 	return NULL;
 }
 
+void
+setprocname(const char *name)
+{
+#if defined(__OpenBSD__)
+	setproctitle(name);
+#else
+	char basename[16];
+	char newname[64];
+
+	prctl(PR_GET_NAME, (unsigned long) basename, 0, 0, 0);
+	snprintf(newname, sizeof(newname), "%s: %s", basename, name);
+	prctl(PR_SET_NAME, newname, 0, 0, 0);
+#endif
+}