Hi,
I am trying to write some QA for hotproc and ran into a stumbling
block with dbpma in how it treats permissions. I have a simple access
check in hotproc where I check for the context of the requester to be
root in order to allow stores and this seems to work fine with pmstore:
[vagrant@pcptest pcpdec]$ pmstore hotproc.control.config "uid=0"
hotproc.control.config old value="" new value="uid=0"
hotproc.control.config: pmStore: No permission to perform requested
operation
[vagrant@pcptest pcpdec]$ sudo pmstore hotproc.control.config "uid=0"
hotproc.control.config old value="" new value="uid=0"
[vagrant@pcptest pcpdec]$ pmval -s 1 hotproc.control.config
But I can't get this to work at all with dbpmda:
[vagrant@pcptest pcpdec]$ sudo dbpmda -i
dbpmda> getdesc on
dbpmda> open pipe /var/lib/pcp/pmdas/proc/pmdaproc -d 3
Start pmdaproc PMDA: /var/lib/pcp/pmdas/proc/pmdaproc -d 3
dbpmda> store hotproc.control.config "uid=0"
PMID: 3.60.8
Getting description...
Sending Profile...
Getting Result Structure...
3.60.8: "" -> "uid=0"
Sending Result...
Error PDU: No permission to perform requested operation
As far as I can tell, all processes are running as root:
[vagrant@pcptest testsuite]$ ps -ef |grep pmda
root 20407 2253 0 21:23 pts/0 00:00:00 sudo dbpmda -i
root 20408 20407 0 21:23 pts/0 00:00:00 dbpmda -i
root 20410 20408 0 21:24 pts/0 00:00:00
/var/lib/pcp/pmdas/proc/pmdaproc -d 3
I'm doing the root check in this way, adding a method to contexts.c:
int
proc_ctx_getuid(int ctx)
{
proc_perctx_t *pp;
if (ctx < 0 || ctx >= num_ctx)
return -1;
pp = &ctxtab[ctx];
if ( (pp->state & CTX_ACTIVE) && (pp->state & CTX_USERID) )
return pp->uid;
else
return -1;
}
And then returning a permission error if the return !=0. I'll publish
my full tree tomorrow but just wanted to see if this jumped out to
anyone as a problem you've seen before.
Thanks
Martins
|