Commit 01234f97 authored by Leigh B. Stoller's avatar Leigh B. Stoller

A doosy! I added two new modes of operation in support of jails. Only

for BSD of course. First is a "proxy" mode that is used outside of a
jail, to forward tmcc requests from inside the jail to boss over the
normal ssl channel (when a remote node). We remove the pem files from
inside the jail so it has no way to form a secure connection to tmcd
on its own, and tmcd rejects non-ssl connections from remote nodes (it
should probably reject them from local jails too). Second change is a
"unix socket" mode that is the compliment to the proxy; tmcc inside of
a jail connects to the tmcc proxy outside the jail via a unix domain
socket that can be shared between the two because the outer
environment can see inside the jailed filesystems (the jail sees a
chroot environment). When the jail is started, the initial root shell
gets an environment variable called TMCCUNIXPATH which holds the path
to the socket. This makes it easy for anything started from that shell
of course, but its still a minor pain when invoking tmcc from
elsehwere, but that does not really happen, except when running it by
hand. Anyway, tmcc forms a unix socket to the proxy and does its
thing. The proxy filters out VNODE= and PRIVKEY= arguments, and
inserts its own into the command string.  This prevents a jail from
trying to impersonate another vnode.
parent 678a5a34
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment