• Leigh Stoller's avatar
    A doosy! I added two new modes of operation in support of jails. Only · 01234f97
    Leigh Stoller authored
    for BSD of course. First is a "proxy" mode that is used outside of a
    jail, to forward tmcc requests from inside the jail to boss over the
    normal ssl channel (when a remote node). We remove the pem files from
    inside the jail so it has no way to form a secure connection to tmcd
    on its own, and tmcd rejects non-ssl connections from remote nodes (it
    should probably reject them from local jails too). Second change is a
    "unix socket" mode that is the compliment to the proxy; tmcc inside of
    a jail connects to the tmcc proxy outside the jail via a unix domain
    socket that can be shared between the two because the outer
    environment can see inside the jailed filesystems (the jail sees a
    chroot environment). When the jail is started, the initial root shell
    gets an environment variable called TMCCUNIXPATH which holds the path
    to the socket. This makes it easy for anything started from that shell
    of course, but its still a minor pain when invoking tmcc from
    elsehwere, but that does not really happen, except when running it by
    hand. Anyway, tmcc forms a unix socket to the proxy and does its
    thing. The proxy filters out VNODE= and PRIVKEY= arguments, and
    inserts its own into the command string.  This prevents a jail from
    trying to impersonate another vnode.
    01234f97
Name
Last commit
Last update
account Loading commit data...
apache Loading commit data...
assign Loading commit data...
autoconf Loading commit data...
capture Loading commit data...
cdrom Loading commit data...
db Loading commit data...
dhcpd Loading commit data...
discvr Loading commit data...
doc Loading commit data...
event Loading commit data...
hw_config Loading commit data...
ipod Loading commit data...
lib Loading commit data...
os Loading commit data...
patches Loading commit data...
pxe Loading commit data...
rc.d Loading commit data...
rpms Loading commit data...
security Loading commit data...
sensors Loading commit data...
sql Loading commit data...
ssl Loading commit data...
sysadmin Loading commit data...
tbsetup Loading commit data...
testsuite Loading commit data...
tip Loading commit data...
tmcd Loading commit data...
tools Loading commit data...
utils Loading commit data...
vis Loading commit data...
www Loading commit data...
xmlrpc Loading commit data...
BUGS Loading commit data...
GNUmakefile.in Loading commit data...
GNUmakerules Loading commit data...
Makeconf.in Loading commit data...
PROJECTS Loading commit data...
README Loading commit data...
RESTRICTED-RIGHTS Loading commit data...
TODO Loading commit data...
config.h.in Loading commit data...
configure Loading commit data...
configure.in Loading commit data...
defs-barb-emulab Loading commit data...
defs-barb-mini Loading commit data...
defs-calfeld-emulab Loading commit data...
defs-default Loading commit data...
defs-kwebb-emulab Loading commit data...
defs-mini Loading commit data...
defs-neo-paper Loading commit data...
defs-newbold-emulab Loading commit data...
defs-newbold-macdb Loading commit data...
defs-newbold-mini Loading commit data...
defs-rchriste-emulab Loading commit data...
defs-ricci-emulab Loading commit data...
defs-ricci-mini Loading commit data...
defs-ricci-neo-paper Loading commit data...
defs-shash-emulab Loading commit data...
defs-shash-mini Loading commit data...
defs-stoller-emulab Loading commit data...
defs-stoller-home Loading commit data...
defs-stoller-mini Loading commit data...
defs-wide Loading commit data...