[devel] [PATCH hasher-priv v3 0/7] hasher-privd

[Arseny Maslennikov]

This is an effort to make hasher-priv a privileged daemon which operates
in response to requests from unprivileged client processes. In short, we
want this to clear the set-uid root privilege from
/usr/libexec/hasher-priv/hasher-priv for the tool to be compatible with
no_new_privs environments, among other benefits.

The cgroup patch[3]] is not yet ready for submission, so it's dropped
for now.

See also: devel@ discussion of v1[1], v2[2], commit message of 1/7.

[1] https://lore.altlinux.org/devel/cover.1576183643.git.legion@altlinux.org/
[2] https://lore.altlinux.org/devel/20201022114343.1810141-1-arseny@altlinux.org/
[3] https://lore.altlinux.org/devel/20201022114343.1810141-7-arseny@altlinux.org/

Alexey Gladkov (1):
  Add systemd and sysvinit service files

Arseny Maslennikov (6):
  Turn hasher-priv into a daemon
  sockets: xsendmsg: get rid of SIGPIPE on socket writes
  chrootuid: explicitly reset signal mask before forking off payload
  Link with libsetproctitle by Dmitry V. Levin
  daemon: set titles for subprocesses
  Install hasher-priv without set ugids

 hasher-priv/.gitignore            |   1 +
 hasher-priv/DESIGN                | 281 ++++++++++++-------
 hasher-priv/Makefile              |  35 ++-
 hasher-priv/caller.c              |  81 +++---
 hasher-priv/caller_server.c       | 350 ++++++++++++++++++++++++
 hasher-priv/caller_task.c         | 225 +++++++++++++++
 hasher-priv/chrootuid.c           |   5 +
 hasher-priv/cmdline.c             |  27 +-
 hasher-priv/communication.c       | 394 +++++++++++++++++++++++++++
 hasher-priv/communication.h       |  80 ++++++
 hasher-priv/config.c              | 147 +++++++++-
 hasher-priv/daemon.conf           |  13 +
 hasher-priv/epoll.c               |  39 +++
 hasher-priv/epoll.h               |  18 ++
 hasher-priv/hasher-priv.c         |  78 ++++++
 hasher-priv/hasher-priv.spec      |  12 +-
 hasher-priv/hasher-privd.c        | 439 ++++++++++++++++++++++++++++++
 hasher-priv/hasher-privd.service  |  14 +
 hasher-priv/hasher-privd.sysvinit | 103 +++++++
 hasher-priv/io_log.c              |   2 +-
 hasher-priv/io_x11.c              |   2 +-
 hasher-priv/killuid.c             |   2 +-
 hasher-priv/logging.c             |  71 +++++
 hasher-priv/logging.h             |  55 ++++
 hasher-priv/main.c                |  75 -----
 hasher-priv/pass.c                | 117 +++++++-
 hasher-priv/pidfile.c             | 129 +++++++++
 hasher-priv/pidfile.h             |  44 +++
 hasher-priv/priv.h                |  57 +++-
 hasher-priv/sockets.c             | 180 ++++++++++++
 hasher-priv/sockets.h             |  32 +++
 hasher-priv/x11.c                 |   1 +
 32 files changed, 2859 insertions(+), 250 deletions(-)
 create mode 100644 hasher-priv/caller_server.c
 create mode 100644 hasher-priv/caller_task.c
 create mode 100644 hasher-priv/communication.c
 create mode 100644 hasher-priv/communication.h
 create mode 100644 hasher-priv/daemon.conf
 create mode 100644 hasher-priv/epoll.c
 create mode 100644 hasher-priv/epoll.h
 create mode 100644 hasher-priv/hasher-priv.c
 create mode 100644 hasher-priv/hasher-privd.c
 create mode 100644 hasher-priv/hasher-privd.service
 create mode 100755 hasher-priv/hasher-privd.sysvinit
 create mode 100644 hasher-priv/logging.c
 create mode 100644 hasher-priv/logging.h
 delete mode 100644 hasher-priv/main.c
 create mode 100644 hasher-priv/pidfile.c
 create mode 100644 hasher-priv/pidfile.h
 create mode 100644 hasher-priv/sockets.c
 create mode 100644 hasher-priv/sockets.h

-- 
2.32.0