diff options
author | Christian Grothoff <christian@grothoff.org> | 2013-10-11 16:09:56 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2013-10-11 16:09:56 +0000 |
commit | 996871b39362b2ce34980d99e7fedfb05075f041 (patch) | |
tree | 216af472c01d9a7ba36687ba4957c67f4e281be6 | |
parent | 79fa5ae2d73c1da264e9565ba46868ee08dffacd (diff) | |
download | gnunet-996871b39362b2ce34980d99e7fedfb05075f041.tar.gz gnunet-996871b39362b2ce34980d99e7fedfb05075f041.zip |
implementing #3064: enable split-personality ARM to run some services as 'gnunet' and others as grothoff, depending on level of personal information available to the service
-rw-r--r-- | doc/man/gnunet.conf.5 | 4 | ||||
-rw-r--r-- | src/arm/arm.conf.in | 21 | ||||
-rw-r--r-- | src/arm/gnunet-service-arm.c | 46 | ||||
-rw-r--r-- | src/ats/ats.conf.in | 6 | ||||
-rw-r--r-- | src/gns/gns.conf.in | 2 | ||||
-rw-r--r-- | src/identity/identity.conf.in | 1 | ||||
-rw-r--r-- | src/namestore/namestore.conf.in | 1 |
7 files changed, 75 insertions, 6 deletions
diff --git a/doc/man/gnunet.conf.5 b/doc/man/gnunet.conf.5 index de2211f74..444042ea8 100644 --- a/doc/man/gnunet.conf.5 +++ b/doc/man/gnunet.conf.5 | |||
@@ -36,6 +36,10 @@ The following options are generic and shared by all services: | |||
36 | If UNIX domain sockets are used, set this to YES if only users with the same UID are allowed to access the service. | 36 | If UNIX domain sockets are used, set this to YES if only users with the same UID are allowed to access the service. |
37 | .IP UNIX_MATCH_GID | 37 | .IP UNIX_MATCH_GID |
38 | If UNIX domain sockets are used, set this to YES if only users with the same GID are allowed to access the service. | 38 | If UNIX domain sockets are used, set this to YES if only users with the same GID are allowed to access the service. |
39 | .IP USER_SERVICE | ||
40 | Set to YES if this service should be run per-user, NO if this is a system service. End-users should never have to change the defaults GNUnet provides for this option. | ||
41 | |||
42 | |||
39 | 43 | ||
40 | .SH ARM Options | 44 | .SH ARM Options |
41 | 45 | ||
diff --git a/src/arm/arm.conf.in b/src/arm/arm.conf.in index 6bffca796..830b51dc1 100644 --- a/src/arm/arm.conf.in +++ b/src/arm/arm.conf.in | |||
@@ -17,6 +17,27 @@ UNIX_MATCH_GID = YES | |||
17 | # log files are preserved. | 17 | # log files are preserved. |
18 | # GLOBAL_POSTFIX = -l $GNUNET_CACHE_HOME/{}-%Y-%m-%d.log | 18 | # GLOBAL_POSTFIX = -l $GNUNET_CACHE_HOME/{}-%Y-%m-%d.log |
19 | GLOBAL_PREFIX = @MONKEYPREFIX@ | 19 | GLOBAL_PREFIX = @MONKEYPREFIX@ |
20 | |||
21 | # If set to YES, ARM will only start services that are marked as | ||
22 | # system-level services (and we'll expect a second ARM to be | ||
23 | # run per-user to run user-level services). Note that in this | ||
24 | # case you must have manually created a different configuration | ||
25 | # file with the user where at least this and the USER_ONLY | ||
26 | # options differ. | ||
27 | # SYSTEM_ONLY = YES | ||
28 | |||
29 | # If set to YES, ARM will only start services that are marked as | ||
30 | # per-user services (and we'll expect a system user to run ARM to | ||
31 | # provide system-level services). Per-user services enable | ||
32 | # better personalization and priviledge separation and in particular | ||
33 | # ensures that personal data is stored under $HOME, which might | ||
34 | # be important in a multi-user system (or if $HOME is encrypted | ||
35 | # and /var/ is not). | ||
36 | # USER_ONLY = YES | ||
37 | |||
38 | |||
39 | |||
40 | # Name of the user that will be used to provide the service | ||
20 | # USERNAME = | 41 | # USERNAME = |
21 | # MAXBUF = | 42 | # MAXBUF = |
22 | # TIMEOUT = | 43 | # TIMEOUT = |
diff --git a/src/arm/gnunet-service-arm.c b/src/arm/gnunet-service-arm.c index 7c759d0ac..1eaaa26c5 100644 --- a/src/arm/gnunet-service-arm.c +++ b/src/arm/gnunet-service-arm.c | |||
@@ -36,6 +36,7 @@ | |||
36 | */ | 36 | */ |
37 | #define MAX_NOTIFY_QUEUE 1024 | 37 | #define MAX_NOTIFY_QUEUE 1024 |
38 | 38 | ||
39 | |||
39 | /** | 40 | /** |
40 | * List of our services. | 41 | * List of our services. |
41 | */ | 42 | */ |
@@ -159,7 +160,7 @@ struct ServiceList | |||
159 | 160 | ||
160 | /** | 161 | /** |
161 | * Is this service to be started by default (or did a client tell us explicitly | 162 | * Is this service to be started by default (or did a client tell us explicitly |
162 | * to start it)? GNUNET_NO if the service is started only upon 'accept' on a | 163 | * to start it)? #GNUNET_NO if the service is started only upon 'accept' on a |
163 | * listen socket or possibly explicitly by a client changing the value. | 164 | * listen socket or possibly explicitly by a client changing the value. |
164 | */ | 165 | */ |
165 | int is_default; | 166 | int is_default; |
@@ -218,6 +219,16 @@ static struct GNUNET_DISK_PipeHandle *sigpipe; | |||
218 | static int in_shutdown; | 219 | static int in_shutdown; |
219 | 220 | ||
220 | /** | 221 | /** |
222 | * Are we starting user services? | ||
223 | */ | ||
224 | static int start_user = GNUNET_YES; | ||
225 | |||
226 | /** | ||
227 | * Are we starting system services? | ||
228 | */ | ||
229 | static int start_system = GNUNET_YES; | ||
230 | |||
231 | /** | ||
221 | * Handle to our server instance. Our server is a bit special in that | 232 | * Handle to our server instance. Our server is a bit special in that |
222 | * its service is not immediately stopped once we get a shutdown | 233 | * its service is not immediately stopped once we get a shutdown |
223 | * request (since we need to continue service until all of our child | 234 | * request (since we need to continue service until all of our child |
@@ -387,7 +398,9 @@ broadcast_status (const char *name, | |||
387 | * being started. 0 if starting was not requested. | 398 | * being started. 0 if starting was not requested. |
388 | */ | 399 | */ |
389 | static void | 400 | static void |
390 | start_process (struct ServiceList *sl, struct GNUNET_SERVER_Client *client, uint64_t request_id) | 401 | start_process (struct ServiceList *sl, |
402 | struct GNUNET_SERVER_Client *client, | ||
403 | uint64_t request_id) | ||
391 | { | 404 | { |
392 | char *loprefix; | 405 | char *loprefix; |
393 | char *options; | 406 | char *options; |
@@ -1273,6 +1286,19 @@ setup_service (void *cls, const char *section) | |||
1273 | /* not a service section */ | 1286 | /* not a service section */ |
1274 | return; | 1287 | return; |
1275 | } | 1288 | } |
1289 | if ((GNUNET_YES == | ||
1290 | GNUNET_CONFIGURATION_have_value (cfg, section, "USER_SERVICE")) && | ||
1291 | (GNUNET_YES == | ||
1292 | GNUNET_CONFIGURATION_get_value_yesno (cfg, section, "USER_SERVICE"))) | ||
1293 | { | ||
1294 | if (GNUNET_NO == start_user) | ||
1295 | return; /* user service, and we don't deal with those */ | ||
1296 | } | ||
1297 | else | ||
1298 | { | ||
1299 | if (GNUNET_NO == start_system) | ||
1300 | return; /* system service, and we don't deal with those */ | ||
1301 | } | ||
1276 | sl = find_service (section); | 1302 | sl = find_service (section); |
1277 | if (NULL != sl) | 1303 | if (NULL != sl) |
1278 | { | 1304 | { |
@@ -1312,6 +1338,7 @@ setup_service (void *cls, const char *section) | |||
1312 | sl->pipe_control = GNUNET_CONFIGURATION_get_value_yesno (cfg, section, "PIPECONTROL"); | 1338 | sl->pipe_control = GNUNET_CONFIGURATION_get_value_yesno (cfg, section, "PIPECONTROL"); |
1313 | #endif | 1339 | #endif |
1314 | GNUNET_CONTAINER_DLL_insert (running_head, running_tail, sl); | 1340 | GNUNET_CONTAINER_DLL_insert (running_head, running_tail, sl); |
1341 | |||
1315 | if (GNUNET_YES != | 1342 | if (GNUNET_YES != |
1316 | GNUNET_CONFIGURATION_get_value_yesno (cfg, section, "AUTOSTART")) | 1343 | GNUNET_CONFIGURATION_get_value_yesno (cfg, section, "AUTOSTART")) |
1317 | return; | 1344 | return; |
@@ -1409,7 +1436,20 @@ run (void *cls, struct GNUNET_SERVER_Handle *serv, | |||
1409 | GNUNET_CONFIGURATION_get_value_string (cfg, "ARM", "GLOBAL_POSTFIX", | 1436 | GNUNET_CONFIGURATION_get_value_string (cfg, "ARM", "GLOBAL_POSTFIX", |
1410 | &final_option)) | 1437 | &final_option)) |
1411 | final_option = GNUNET_strdup (""); | 1438 | final_option = GNUNET_strdup (""); |
1412 | 1439 | if (GNUNET_YES == | |
1440 | GNUNET_CONFIGURATION_get_value_yesno (cfg, "ARM", "USER_ONLY")) | ||
1441 | { | ||
1442 | GNUNET_break (GNUNET_YES == start_user); | ||
1443 | start_system = GNUNET_NO; | ||
1444 | return; | ||
1445 | } | ||
1446 | if (GNUNET_YES == | ||
1447 | GNUNET_CONFIGURATION_get_value_yesno (cfg, "ARM", "SYSTEM_ONLY")) | ||
1448 | { | ||
1449 | GNUNET_break (GNUNET_YES == start_system); | ||
1450 | start_user = GNUNET_NO; | ||
1451 | return; | ||
1452 | } | ||
1413 | GNUNET_CONFIGURATION_iterate_sections (cfg, &setup_service, NULL); | 1453 | GNUNET_CONFIGURATION_iterate_sections (cfg, &setup_service, NULL); |
1414 | 1454 | ||
1415 | /* start default services... */ | 1455 | /* start default services... */ |
diff --git a/src/ats/ats.conf.in b/src/ats/ats.conf.in index c53f50b08..47ca10411 100644 --- a/src/ats/ats.conf.in +++ b/src/ats/ats.conf.in | |||
@@ -10,7 +10,7 @@ UNIX_MATCH_UID = YES | |||
10 | UNIX_MATCH_GID = YES | 10 | UNIX_MATCH_GID = YES |
11 | 11 | ||
12 | # Designated assigment mode: PROPORTIONAL / MLP / RIL | 12 | # Designated assigment mode: PROPORTIONAL / MLP / RIL |
13 | MODE = PROPORTIONAL | 13 | MODE = PROPORTIONAL |
14 | 14 | ||
15 | # Network specific inbound/outbound quotas | 15 | # Network specific inbound/outbound quotas |
16 | UNSPECIFIED_QUOTA_IN = 64 KiB | 16 | UNSPECIFIED_QUOTA_IN = 64 KiB |
@@ -41,7 +41,7 @@ MLP_MIN_INTERVAL = 15000 | |||
41 | 41 | ||
42 | # MLP defaults | 42 | # MLP defaults |
43 | # MLP_MAX_DURATION = 3 s | 43 | # MLP_MAX_DURATION = 3 s |
44 | # MLP_MAX_ITERATIONS = 1024 | 44 | # MLP_MAX_ITERATIONS = 1024 |
45 | # MLP_COEFFICIENT_D = 1.0 | 45 | # MLP_COEFFICIENT_D = 1.0 |
46 | # MLP_COEFFICIENT_U = 1.0 | 46 | # MLP_COEFFICIENT_U = 1.0 |
47 | # MLP_COEFFICIENT_R = 1.0 | 47 | # MLP_COEFFICIENT_R = 1.0 |
@@ -51,7 +51,7 @@ MLP_MIN_INTERVAL = 15000 | |||
51 | # MLP Debugging settings | 51 | # MLP Debugging settings |
52 | DUMP_MLP = NO | 52 | DUMP_MLP = NO |
53 | DUMP_SOLUTION = NO | 53 | DUMP_SOLUTION = NO |
54 | DUMP_OVERWRITE = NO | 54 | DUMP_OVERWRITE = NO |
55 | DUMP_MIN_PEERS = 0 | 55 | DUMP_MIN_PEERS = 0 |
56 | DUMP_MIN_ADDRS = 0 | 56 | DUMP_MIN_ADDRS = 0 |
57 | DUMP_OVERWRITE = NO | 57 | DUMP_OVERWRITE = NO |
diff --git a/src/gns/gns.conf.in b/src/gns/gns.conf.in index beb0ae9a9..4e83a00bf 100644 --- a/src/gns/gns.conf.in +++ b/src/gns/gns.conf.in | |||
@@ -23,6 +23,7 @@ ZONE_PUBLISH_TIME_WINDOW = 4 h | |||
23 | [gns-proxy] | 23 | [gns-proxy] |
24 | BINARY = gnunet-gns-proxy | 24 | BINARY = gnunet-gns-proxy |
25 | AUTOSTART = NO | 25 | AUTOSTART = NO |
26 | USER_SERVICE = YES | ||
26 | 27 | ||
27 | # Where is the certificate for the GNS proxy stored? | 28 | # Where is the certificate for the GNS proxy stored? |
28 | PROXY_CACERT = $GNUNET_DATA_HOME/gns/gns_ca_cert.pem | 29 | PROXY_CACERT = $GNUNET_DATA_HOME/gns/gns_ca_cert.pem |
@@ -32,6 +33,7 @@ PROXY_UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-gns-proxy.sock | |||
32 | [dns2gns] | 33 | [dns2gns] |
33 | BINARY = gnunet-dns2gns | 34 | BINARY = gnunet-dns2gns |
34 | AUTOSTART = NO | 35 | AUTOSTART = NO |
36 | USER_SERVICE = YES | ||
35 | 37 | ||
36 | # -d: DNS resolver to use, -s: suffix to use, -f: fcfs suffix to use | 38 | # -d: DNS resolver to use, -s: suffix to use, -f: fcfs suffix to use |
37 | OPTIONS = -d 8.8.8.8 | 39 | OPTIONS = -d 8.8.8.8 |
diff --git a/src/identity/identity.conf.in b/src/identity/identity.conf.in index 1b0d087e6..da46794df 100644 --- a/src/identity/identity.conf.in +++ b/src/identity/identity.conf.in | |||
@@ -1,5 +1,6 @@ | |||
1 | [identity] | 1 | [identity] |
2 | AUTOSTART = YES | 2 | AUTOSTART = YES |
3 | USER_SERVICE = YES | ||
3 | @JAVAPORT@PORT = 2108 | 4 | @JAVAPORT@PORT = 2108 |
4 | HOSTNAME = localhost | 5 | HOSTNAME = localhost |
5 | BINARY = gnunet-service-identity | 6 | BINARY = gnunet-service-identity |
diff --git a/src/namestore/namestore.conf.in b/src/namestore/namestore.conf.in index 66695af2e..c1fb9435d 100644 --- a/src/namestore/namestore.conf.in +++ b/src/namestore/namestore.conf.in | |||
@@ -1,5 +1,6 @@ | |||
1 | [namestore] | 1 | [namestore] |
2 | AUTOSTART = YES | 2 | AUTOSTART = YES |
3 | USER_SERVICE = YES | ||
3 | UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-namestore.sock | 4 | UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-namestore.sock |
4 | UNIX_MATCH_UID = NO | 5 | UNIX_MATCH_UID = NO |
5 | UNIX_MATCH_GID = YES | 6 | UNIX_MATCH_GID = YES |