X-Git-Url: https://git.lttng.org/?p=lttng-tools.git;a=blobdiff_plain;f=lttng-sessiond%2Fmain.c;h=dc43edb4d30a905e6c403c69b9fc3a35b1b7901c;hp=262f48b8ab3b0ffc717814e9ec80e3477ee2df40;hb=f56a39affe149956ac64b399859952e9586de930;hpb=48c4f28cde63c862229c41179e6fac606cdf41d4 diff --git a/lttng-sessiond/main.c b/lttng-sessiond/main.c index 262f48b8a..dc43edb4d 100644 --- a/lttng-sessiond/main.c +++ b/lttng-sessiond/main.c @@ -92,6 +92,7 @@ const char *progname; const char *opt_tracing_group; static int opt_sig_parent; static int opt_daemon; +static int opt_no_kernel; static int is_root; /* Set to 1 if the daemon is running as root */ static pid_t ppid; /* Parent PID for --sig-parent option */ static char *rundir; @@ -457,10 +458,9 @@ static void cleanup(void) pthread_mutex_destroy(&kconsumer_data.pid_mutex); - DBG("Closing kernel fd"); - close(kernel_tracer_fd); - - if (is_root) { + if (is_root && !opt_no_kernel) { + DBG2("Closing kernel fd"); + close(kernel_tracer_fd); DBG("Unloading kernel modules"); modprobe_remove_kernel_modules(); } @@ -469,7 +469,7 @@ static void cleanup(void) close(thread_quit_pipe[1]); /* */ - MSG("%c[%d;%dm*** assert failed :-) *** ==> %c[%dm%c[%d;%dm" + DBG("%c[%d;%dm*** assert failed :-) *** ==> %c[%dm%c[%d;%dm" "Matthew, BEET driven development works!%c[%dm", 27, 1, 31, 27, 0, 27, 1, 33, 27, 0); /* */ @@ -1871,10 +1871,11 @@ error: * Create an UST session and add it to the session ust list. */ static int create_ust_session(struct ltt_session *session, - struct lttng_domain *domain) + struct lttng_domain *domain, struct ucred *creds) { int ret; - unsigned int uid; + unsigned int sess_uid; + gid_t gid; struct ltt_ust_session *lus = NULL; switch (domain->type) { @@ -1887,15 +1888,23 @@ static int create_ust_session(struct ltt_session *session, DBG("Creating UST session"); - uid = session->uid; - lus = trace_ust_create_session(session->path, uid, domain); + sess_uid = session->uid; + lus = trace_ust_create_session(session->path, sess_uid, domain); if (lus == NULL) { ret = LTTCOMM_UST_SESS_FAIL; goto error; } - ret = mkdir_recursive(lus->pathname, S_IRWXU | S_IRWXG, - geteuid(), allowed_group()); + /* + * Get the right group ID. To use the tracing group, the daemon must be + * running with root credentials or else it's the user GID used. + */ + gid = allowed_group(); + if (gid < 0 || !is_root) { + gid = creds->gid; + } + + ret = mkdir_recursive(lus->pathname, S_IRWXU | S_IRWXG, creds->uid, gid); if (ret < 0) { if (ret != -EEXIST) { ERR("Trace directory creation error"); @@ -1925,9 +1934,11 @@ error: /* * Create a kernel tracer session then create the default channel. */ -static int create_kernel_session(struct ltt_session *session) +static int create_kernel_session(struct ltt_session *session, + struct ucred *creds) { int ret; + gid_t gid; DBG("Creating kernel session"); @@ -1942,8 +1953,17 @@ static int create_kernel_session(struct ltt_session *session) session->kernel_session->consumer_fd = kconsumer_data.cmd_sock; } + gid = allowed_group(); + if (gid < 0) { + /* + * Use GID 0 has a fallback since kernel session is only allowed under + * root or the gid of the calling user + */ + is_root ? (gid = 0) : (gid = creds->gid); + } + ret = mkdir_recursive(session->kernel_session->trace_path, - S_IRWXU | S_IRWXG, geteuid(), allowed_group()); + S_IRWXU | S_IRWXG, creds->uid, gid); if (ret < 0) { if (ret != -EEXIST) { ERR("Trace directory creation error"); @@ -3162,6 +3182,11 @@ static int process_client_msg(struct command_ctx *cmd_ctx) DBG("Processing client command %d", cmd_ctx->lsm->cmd_type); + if (opt_no_kernel && cmd_ctx->lsm->domain.type == LTTNG_DOMAIN_KERNEL) { + ret = LTTCOMM_KERN_NA; + goto error; + } + /* * Check for command that don't needs to allocate a returned payload. We do * this here so we don't have to make the call for no payload at each @@ -3229,7 +3254,7 @@ static int process_client_msg(struct command_ctx *cmd_ctx) /* Need a session for kernel command */ if (need_tracing_session) { if (cmd_ctx->session->kernel_session == NULL) { - ret = create_kernel_session(cmd_ctx->session); + ret = create_kernel_session(cmd_ctx->session, &cmd_ctx->creds); if (ret < 0) { ret = LTTCOMM_KERN_SESS_FAIL; goto error; @@ -3256,7 +3281,7 @@ static int process_client_msg(struct command_ctx *cmd_ctx) if (need_tracing_session) { if (cmd_ctx->session->ust_session == NULL) { ret = create_ust_session(cmd_ctx->session, - &cmd_ctx->lsm->domain); + &cmd_ctx->lsm->domain, &cmd_ctx->creds); if (ret != LTTCOMM_OK) { goto error; } @@ -3623,6 +3648,12 @@ static void *thread_manage_clients(void *data) goto error; } + /* Set socket option for credentials retrieval */ + ret = lttcomm_setsockopt_creds_unix_sock(sock); + if (ret < 0) { + goto error; + } + /* Allocate context command to process the client request */ cmd_ctx = zmalloc(sizeof(struct command_ctx)); if (cmd_ctx == NULL) { @@ -3646,8 +3677,8 @@ static void *thread_manage_clients(void *data) * the client. */ DBG("Receiving data from client ..."); - ret = lttcomm_recv_unix_sock(sock, cmd_ctx->lsm, - sizeof(struct lttcomm_session_msg)); + ret = lttcomm_recv_creds_unix_sock(sock, cmd_ctx->lsm, + sizeof(struct lttcomm_session_msg), &cmd_ctx->creds); if (ret <= 0) { DBG("Nothing recv() from client... continuing"); close(sock); @@ -3685,10 +3716,10 @@ static void *thread_manage_clients(void *data) ERR("Failed to send data back to client"); } - clean_command_ctx(&cmd_ctx); - /* End of transmission */ close(sock); + + clean_command_ctx(&cmd_ctx); } error: @@ -3731,6 +3762,7 @@ static void usage(void) fprintf(stderr, " -q, --quiet No output at all.\n"); fprintf(stderr, " -v, --verbose Verbose mode. Activate DBG() macro.\n"); fprintf(stderr, " --verbose-consumer Verbose mode for consumer. Activate DBG() macro.\n"); + fprintf(stderr, " --no-kernel Disable kernel tracer\n"); } /* @@ -3761,12 +3793,13 @@ static int parse_args(int argc, char **argv) { "quiet", 0, 0, 'q' }, { "verbose", 0, 0, 'v' }, { "verbose-consumer", 0, 0, 'Z' }, + { "no-kernel", 0, 0, 'N' }, { NULL, 0, 0, 0 } }; while (1) { int option_index = 0; - c = getopt_long(argc, argv, "dhqvVS" "a:c:g:s:C:E:D:F:Z:u:t", + c = getopt_long(argc, argv, "dhqvVSN" "a:c:g:s:C:E:D:F:Z:u:t", long_options, &option_index); if (c == -1) { break; @@ -3818,6 +3851,9 @@ static int parse_args(int argc, char **argv) case 'G': snprintf(ustconsumer32_data.cmd_unix_sock_path, PATH_MAX, "%s", optarg); break; + case 'N': + opt_no_kernel = 1; + break; case 'q': opt_quiet = 1; break; @@ -3925,27 +3961,22 @@ static int check_existing_daemon(void) * Race window between mkdir and chown is OK because we are going from more * permissive (root.root) to les permissive (root.tracing). */ -static int set_permissions(void) +static int set_permissions(char *rundir) { int ret; gid_t gid; gid = allowed_group(); if (gid < 0) { - if (is_root) { - WARN("No tracing group detected"); - ret = 0; - } else { - ERR("Missing tracing group. Aborting execution."); - ret = -1; - } + WARN("No tracing group detected"); + ret = 0; goto end; } /* Set lttng run dir */ - ret = chown(LTTNG_RUNDIR, 0, gid); + ret = chown(rundir, 0, gid); if (ret < 0) { - ERR("Unable to set group on " LTTNG_RUNDIR); + ERR("Unable to set group on %s", rundir); perror("chown"); } @@ -4329,7 +4360,9 @@ int main(int argc, char **argv) } /* Setup kernel tracer */ - init_kernel_tracer(); + if (!opt_no_kernel) { + init_kernel_tracer(); + } /* Set ulimit for open files */ set_ulimit(); @@ -4355,7 +4388,7 @@ int main(int argc, char **argv) } /* Set credentials to socket */ - if (is_root && ((ret = set_permissions()) < 0)) { + if (is_root && ((ret = set_permissions(rundir)) < 0)) { goto exit; }