Menu
▾
▴
Re: [Audit-test-developer] [PATCH 1/2] Add ipsec restart action
|
From: Ondrej M. <om...@re...> - 2011-12-15 22:26:10
|
Hi Linda, this ctl_ipsec command is calling 'service ipsec action_str'
without run_init, what about the context of such restarted ipsec
service? Is it correct?
On 12/15 /2011 05:52 PM, Linda Knippers wrote:
> I've pushed this patch series to the ipsec trustedprogram
> test should now run reliably no matter how many times you
> run it.
>
> -- ljk
>
>
> Linda Knippers wrote:
>> This allows the networking tests to reset ipsec on the
>> lblnet_test_server, which also flushes the state.
>>
>> Signed-off-by: Linda Knippers<lin...@hp...>
>> ---
>> audit/utils/network-server/lblnet_tst_server.c | 56 +++++++++++++++++++++++-
>> 1 files changed, 55 insertions(+), 1 deletions(-)
>>
>> diff --git a/audit/utils/network-server/lblnet_tst_server.c b/audit/utils/network-server/lblnet_tst_server.c
>> index 13abff3..c626768 100644
>> --- a/audit/utils/network-server/lblnet_tst_server.c
>> +++ b/audit/utils/network-server/lblnet_tst_server.c
>> @@ -211,12 +211,64 @@ void ctl_echo(int sock, char *param)
>> }
>>
>> /**
>> + * ctl_ipsec - Handle the "ipsec" control message
>> + * @sock: socket
>> + * @param: parameter string
>> + *
>> + * Description:
>> + * Call service ipsec with the restart param string
>> + * format:
>> + *
>> + * ipsec:restart
>> + *
>> + * This is intended to be used by ipsec audit tests to flush
>> + * the test server between runs.
>> + *
>> + */
>> +void ctl_ipsec(int sock, char *param)
>> +{
>> + char *action_str;
>> + int rc;
>> +
>> + if (param == NULL) {
>> + SMSG(SMSG_ERR, fprintf(log_fd, "error(ipsec): bad message\n"));
>> + return;
>> + }
>> +
>> + /* Close leaked sockets, or we will get AVC denials requesting policy rule:
>> + * allow run_init_t inetd_exec_t:file execute;
>> + * For development/debugging it's better NOT to close the socket and leave
>> + * the function call in a commented. */
>> + /* net_hlp_socket_close(&sock); */
>> +
>> + /* parse the control message */
>> + action_str = strtok(param, ",");
>> +
>> + SMSG(SMSG_NOTICE, fprintf(log_fd, "action = (%10s)\n",
>> + (char *) action_str));
>> +
>> + pid_t pID = fork();
>> + if (pID == 0) {
>> + rc = execl("/sbin/service",
>> + "/sbin/service",
>> + "ipsec", (char *) action_str, (char *) NULL);
>> + if (rc == -1)
>> + SMSG(SMSG_ERR, fprintf(log_fd, "error(ipsec): execl failed (%d)\n", errno));
>> +
>> + } else if (pID< 0) {
>> + SMSG(SMSG_ERR, fprintf(log_fd, "error(ipsec): fork failed\n"));
>> + return;
>> + } else
>> + SMSG(SMSG_NOTICE, fprintf(log_fd, "parent process continues\n"));
>> +}
>> +
>> +/**
>> * ctl_audit_remote_call - Handle the "audit_remote_call" control message
>> * @sock: socket
>> * @param: parameter string
>> *
>> * Description:
>> - * Call given funtion in audit-remote test actions. The control message
>> + * Call given function in audit-remote test actions. The control message
>> * format:
>> *
>> * audite_remote_call:<action,mode,caller_ipv4>
>> @@ -1215,6 +1267,8 @@ int main(int argc, char *argv[])
>> ctl_nccon(rem_sock, ctl_param);
>> } else if (strcasecmp(ctl_cmd, "audit_remote_call") == 0) {
>> ctl_audit_remote_call(rem_sock, ctl_param);
>> + } else if (strcasecmp(ctl_cmd, "ipsec") == 0) {
>> + ctl_ipsec(rem_sock, ctl_param);
>> } else {
>> SMSG(SMSG_WARN,
>> fprintf(log_fd,
>
>
> ------------------------------------------------------------------------------
> 10 Tips for Better Server Consolidation
> Server virtualization is being driven by many needs.
> But none more important than the need to reduce IT complexity
> while improving strategic productivity. Learn More!
> http://www.accelacomm.com/jaw/sdnl/114/51507609/
> _______________________________________________
> Audit-test-developer mailing list
> Aud...@li...
> https://lists.sourceforge.net/lists/listinfo/audit-test-developer
--
Ondrej Moriš, RHCE
Quality Assurance Engineer
BaseOS QE - Security
Email: om...@re...
Web: www.cz.redhat.com
IRC: omoris at #qa #urt #brno, #penguins
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
|