From: Ondrej M. <om...@re...> - 2011-12-15 22:26:10
|
Hi Linda, this ctl_ipsec command is calling 'service ipsec action_str' without run_init, what about the context of such restarted ipsec service? Is it correct? On 12/15 /2011 05:52 PM, Linda Knippers wrote: > I've pushed this patch series to the ipsec trustedprogram > test should now run reliably no matter how many times you > run it. > > -- ljk > > > Linda Knippers wrote: >> This allows the networking tests to reset ipsec on the >> lblnet_test_server, which also flushes the state. >> >> Signed-off-by: Linda Knippers<lin...@hp...> >> --- >> audit/utils/network-server/lblnet_tst_server.c | 56 +++++++++++++++++++++++- >> 1 files changed, 55 insertions(+), 1 deletions(-) >> >> diff --git a/audit/utils/network-server/lblnet_tst_server.c b/audit/utils/network-server/lblnet_tst_server.c >> index 13abff3..c626768 100644 >> --- a/audit/utils/network-server/lblnet_tst_server.c >> +++ b/audit/utils/network-server/lblnet_tst_server.c >> @@ -211,12 +211,64 @@ void ctl_echo(int sock, char *param) >> } >> >> /** >> + * ctl_ipsec - Handle the "ipsec" control message >> + * @sock: socket >> + * @param: parameter string >> + * >> + * Description: >> + * Call service ipsec with the restart param string >> + * format: >> + * >> + * ipsec:restart >> + * >> + * This is intended to be used by ipsec audit tests to flush >> + * the test server between runs. >> + * >> + */ >> +void ctl_ipsec(int sock, char *param) >> +{ >> + char *action_str; >> + int rc; >> + >> + if (param == NULL) { >> + SMSG(SMSG_ERR, fprintf(log_fd, "error(ipsec): bad message\n")); >> + return; >> + } >> + >> + /* Close leaked sockets, or we will get AVC denials requesting policy rule: >> + * allow run_init_t inetd_exec_t:file execute; >> + * For development/debugging it's better NOT to close the socket and leave >> + * the function call in a commented. */ >> + /* net_hlp_socket_close(&sock); */ >> + >> + /* parse the control message */ >> + action_str = strtok(param, ","); >> + >> + SMSG(SMSG_NOTICE, fprintf(log_fd, "action = (%10s)\n", >> + (char *) action_str)); >> + >> + pid_t pID = fork(); >> + if (pID == 0) { >> + rc = execl("/sbin/service", >> + "/sbin/service", >> + "ipsec", (char *) action_str, (char *) NULL); >> + if (rc == -1) >> + SMSG(SMSG_ERR, fprintf(log_fd, "error(ipsec): execl failed (%d)\n", errno)); >> + >> + } else if (pID< 0) { >> + SMSG(SMSG_ERR, fprintf(log_fd, "error(ipsec): fork failed\n")); >> + return; >> + } else >> + SMSG(SMSG_NOTICE, fprintf(log_fd, "parent process continues\n")); >> +} >> + >> +/** >> * ctl_audit_remote_call - Handle the "audit_remote_call" control message >> * @sock: socket >> * @param: parameter string >> * >> * Description: >> - * Call given funtion in audit-remote test actions. The control message >> + * Call given function in audit-remote test actions. The control message >> * format: >> * >> * audite_remote_call:<action,mode,caller_ipv4> >> @@ -1215,6 +1267,8 @@ int main(int argc, char *argv[]) >> ctl_nccon(rem_sock, ctl_param); >> } else if (strcasecmp(ctl_cmd, "audit_remote_call") == 0) { >> ctl_audit_remote_call(rem_sock, ctl_param); >> + } else if (strcasecmp(ctl_cmd, "ipsec") == 0) { >> + ctl_ipsec(rem_sock, ctl_param); >> } else { >> SMSG(SMSG_WARN, >> fprintf(log_fd, > > > ------------------------------------------------------------------------------ > 10 Tips for Better Server Consolidation > Server virtualization is being driven by many needs. > But none more important than the need to reduce IT complexity > while improving strategic productivity. Learn More! > http://www.accelacomm.com/jaw/sdnl/114/51507609/ > _______________________________________________ > Audit-test-developer mailing list > Aud...@li... > https://lists.sourceforge.net/lists/listinfo/audit-test-developer -- Ondrej Moriš, RHCE Quality Assurance Engineer BaseOS QE - Security Email: om...@re... Web: www.cz.redhat.com IRC: omoris at #qa #urt #brno, #penguins Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic |