pcp
[Top] [All Lists]

pcp updates: fche merge

To: pcp@xxxxxxxxxxx
Subject: pcp updates: fche merge
From: Nathan Scott <nathans@xxxxxxxxxx>
Date: Thu, 3 Oct 2013 21:15:46 -0400 (EDT)
Delivered-to: pcp@xxxxxxxxxxx
In-reply-to: <1610460221.1560685.1380849333857.JavaMail.root@xxxxxxxxxx>
Reply-to: Nathan Scott <nathans@xxxxxxxxxx>
Thread-index: 1YRwv6orAM2l8mudayEQrwTqZwyC4w==
Thread-topic: pcp updates: fche merge
Changes committed to git://oss.sgi.com/pcp/pcp.git dev

 src/libpcp/src/context.c    |    1 
 src/pmdas/systemd/Install   |    2 
 src/pmdas/systemd/systemd.c |  322 +++++++++++++++++++++++++++++++++++++-------
 3 files changed, 274 insertions(+), 51 deletions(-)

commit cce2d1034d1c8866f52810675d0e6c976e6fd09c
Author: Frank Ch. Eigler <fche@xxxxxxxxxx>
Date:   Thu Oct 3 18:11:49 2013 -0400

    systemd pmda: add uid/gid-filtering mode
    
    As a confidentiality matter, we should not expose system log
    information to any Tom, Dick, and Harry.  journalctl has an
    filesystem-ACL mechanism for restricting visibility of logs to certain
    users/groups, but short of running root & setuid'ing back & forth for
    clients, we can't rely on that.
    
    So, we implement a baby ACL ourselves, using the event-queue filtering
    logic for each client (authenticated), passing to each client only
    those journal entries that match _UID=$uid -or- _GID=$gid -or- have
    $gid as one journalctl groups adm/wheel/systemd-journal.  The effect
    is not quite the same (since we disregard auxiliary group
    memberships), but c'est la view.  We err on the side of restricting
    info (to non-root users).
    
    Unauthenticated contexts, by default, get no soup.  A new non-default
    command line option -f is available to signify that there does exist
    such a thing as free lunch, and thereby to serve journal entries to
    anyone who asks.

commit 82688b9c0cfb501e9e5f2f548fa0aee8f4b140ae
Author: Frank Ch. Eigler <fche@xxxxxxxxxx>
Date:   Wed Oct 2 21:39:07 2013 -0400

    pmda systemd: tweak meta-cleanup: restore dp->sts error storage
    
    This reworks commit fe3e502c19f0fb44064e68a3117152039876a00e.

commit c21738e50e9bb4ac80f90548934b551188d46785
Author: Frank Ch. Eigler <fche@xxxxxxxxxx>
Date:   Wed Oct 2 21:23:04 2013 -0400

    pmNewContext: plug memory leak on failed connections
    
    The __pmContext struct that's malloc'd anew early on during
    pmNewContext needs to be fred within the FAILED: path, lest we seek to
    sink the good ship HMS Server with a memory leak.
    
    The problem was initially found when "pmie -h NOSUCHHOST" goes into a
    frenzy, retrying context creation every few seconds.  (Why pmie was
    started with -h NOSUCHHOST is left to another surprising and
    delightful tale.)

commit fe3e502c19f0fb44064e68a3117152039876a00e
Author: Frank Ch. Eigler <fche@xxxxxxxxxx>
Date:   Wed Oct 2 21:14:52 2013 -0400

    pmda systemd: meta-cleanup: drop dispatch->sts error storage

<Prev in Thread] Current Thread [Next in Thread>
  • pcp updates: fche merge, Nathan Scott <=