| Commit message (Collapse) | Author | Age |
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change was prompted by the realisation that RECONNECTS nullifies any
enclosing SERVICE:WITHOUT-STARTING-SERVICES because *HOST* during RECONNECTS
is a distinct HOST value, computed at hostattrs time, which can't be affected
by an enclosing combinator that works by temporarily pushing hostattrs at
:APPLY time. So, for example, if we chroot and subsequently establish a
:SETUID connection, properties might try to start services as the non-root
user and there is no way for them to know they shouldn't.
We can avoid this problem by using a connattr instead because we have a
mechanism for propagating connattrs to subsequently established connections.
And as in most cases the reason for not starting services is solely due to the
way in which we're connecting to the host, a connattr is more appropriate.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
| |
No longer needed thanks to f4e9170e73cb4bcfa7328422b4ff4f72d1339dd0.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
|
|
| |
For the purposes of CHROOT:OS-BOOTSTRAPPED, this should be more robust.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
|
|
| |
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|
|
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
|