[Cluster-devel] [PATCHv3 6/6] rgmanager: ra2rng.xsl: script-file: try to prevent cluster's services

Jan Pokorný jpokorny at redhat.com
Mon Dec 9 14:16:24 UTC 2013 

Note that, AFAIK, "file" parameter to "script" can be arbitrary string
with a logical limitation to be something (builtins, aliases, etc. not
excluded) that will run when pasted verbatim to the bash prompt (with
no quotes added) followed by the desired action and fired up.
Hence any leading/trailing whitespace really does not matter.
The restriction being added reflects this automatically by using "token"
datatype, but unfortunately libxml2 currently contains a bug leading
to not dropping such whitespace correctly before applying additional
facet checking (here: pattern) [1].  Until libxml2 is fixed,
the restriction will miss cases where "file" starts/ends with
balast whitespace.

Also note that this restriction can be easily bypassed by, e.g., using
":; /etc/init.d/cman", but it's purpose is to prevent from random
mis-writing "cman" instead of the desired service.

And finally, as pointed out by Fabio, there can be (highly experimental)
cases when cluster/rgmanager actively manages cluster's own auxiliary
management services like ricci and/or modclusterd (note that standard
management tools like ccs and luci would then be likely unusable and
one would have to deal with, e.g., configuration updates manually in
a low-level way given that also "cman_tool version -r" would be
unusable).

[1] https://mail.gnome.org/archives/xml/2013-November/msg00024.html

Signed-off-by: Jan Pokorný <jpokorny at redhat.com>
---
 rgmanager/src/resources/ra2rng.xsl | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/rgmanager/src/resources/ra2rng.xsl b/rgmanager/src/resources/ra2rng.xsl
index 2f81d16..c939582 100644
--- a/rgmanager/src/resources/ra2rng.xsl
+++ b/rgmanager/src/resources/ra2rng.xsl
@@ -69,6 +69,19 @@
 
 <int:agent-parameter-specialization>
     <!-- int:agent @name="..." > int:parameter @name="..." > PATTERN -->
+    <!-- SCRIPT -->
+    <int:agent name="script">
+        <int:parameter name="file">
+            <data type="token">
+                <except>
+                    <data type="token">
+                        <!-- disallow cluster to control its own core services through a "script" RA -->
+                        <param name="pattern">/etc/(rc\.d/)?init\.d/(cman|rgmanager)(\s.*|)</param>
+                    </data>
+                </except>
+            </data>
+        </int:parameter>
+    </int:agent>
 </int:agent-parameter-specialization>
 
 <xsl:variable name="SP" select="' '"/>
-- 
1.8.1.4

More information about the Cluster-devel mailing list