06/09: activation: Lock /etc/.pwd.lock before accessing databases.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

06/09: activation: Lock /etc/.pwd.lock before accessing databases.

From:	guix-commits
Subject:	06/09: activation: Lock /etc/.pwd.lock before accessing databases.
Date:	Wed, 5 Jun 2019 17:11:22 -0400 (EDT)

civodul pushed a commit to branch master
in repository guix.

commit d497b6ab397273cd250003b6266f22ad74f4c20d
Author: Ludovic Courtès <address@hidden>
Date:   Mon Jun 3 17:14:17 2019 +0200

    activation: Lock /etc/.pwd.lock before accessing databases.
    
    Suggested by Florian Pelz <address@hidden>
    in <http://bugs.gnu.org/35996>.
    
    * gnu/build/accounts.scm (%password-lock-file): New variable.
    * gnu/build/activation.scm (activate-users+groups): Wrap calls to
    'user+group-databases', 'write-group', etc. into 'with-file-lock'.
---
 gnu/build/accounts.scm   |  6 ++++++
 gnu/build/activation.scm | 37 +++++++++++++++++++++----------------
 2 files changed, 27 insertions(+), 16 deletions(-)

diff --git a/gnu/build/accounts.scm b/gnu/build/accounts.scm
index c43ce85..8687446 100644
--- a/gnu/build/accounts.scm
+++ b/gnu/build/accounts.scm
@@ -51,6 +51,7 @@
             group-entry-gid
             group-entry-members
 
+            %password-lock-file
             write-group
             write-passwd
             write-shadow
@@ -224,6 +225,11 @@ each field."
                    (serialization list->comma-separated comma-separated->list)
                    (default '())))
 
+(define %password-lock-file
+  ;; The password database lock file used by libc's 'lckpwdf'.  Users should
+  ;; grab this lock with 'with-file-lock' when they access the databases.
+  "/etc/.pwd.lock")
+
 (define (database-writer file mode entry->string)
   (lambda* (entries #:optional (file-or-port file))
     "Write ENTRIES to FILE-OR-PORT.  When FILE-OR-PORT is a file name, write
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index cfdf17d..c6c7e7f 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -22,6 +22,7 @@
   #:use-module (gnu build accounts)
   #:use-module (gnu build linux-boot)
   #:use-module (guix build utils)
+  #:use-module ((guix build syscalls) #:select (with-file-lock))
   #:use-module (ice-9 ftw)
   #:use-module (ice-9 match)
   #:use-module (ice-9 vlist)
@@ -129,22 +130,26 @@ group records) are all available."
   ;; Allow home directories to be created under /var/lib.
   (mkdir-p "/var/lib")
 
-  (let-values (((groups passwd shadow)
-                (user+group-databases users groups)))
-    (write-group groups)
-    (write-passwd passwd)
-    (write-shadow shadow)
-
-    ;; Home directories of non-system accounts are created by
-    ;; 'activate-user-home'.
-    (for-each make-home-directory system-accounts)
-
-    ;; Turn shared home directories, such as /var/empty, into root-owned,
-    ;; read-only places.
-    (for-each (lambda (directory)
-                (chown directory 0 0)
-                (chmod directory #o555))
-              (duplicates (map user-account-home-directory system-accounts)))))
+  ;; Take same lock as libc's 'lckpwdf' (but without a timeout) while we read
+  ;; and write the databases.  This ensures there's no race condition with
+  ;; other tools that might be accessing it at the same time.
+  (with-file-lock %password-lock-file
+    (let-values (((groups passwd shadow)
+                  (user+group-databases users groups)))
+      (write-group groups)
+      (write-passwd passwd)
+      (write-shadow shadow)))
+
+  ;; Home directories of non-system accounts are created by
+  ;; 'activate-user-home'.
+  (for-each make-home-directory system-accounts)
+
+  ;; Turn shared home directories, such as /var/empty, into root-owned,
+  ;; read-only places.
+  (for-each (lambda (directory)
+              (chown directory 0 0)
+              (chmod directory #o555))
+            (duplicates (map user-account-home-directory system-accounts))))
 
 (define (activate-user-home users)
   "Create and populate the home directory of USERS, a list of tuples, unless

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (c0f6eeb -> d088d5c), guix-commits, 2019/06/05
- 04/09: syscalls: 'with-file-lock' expands to a call to 'call-with-file-lock'., guix-commits, 2019/06/05
- 02/09: gnu: minizip: Do not install crypt.h., guix-commits, 2019/06/05
- 08/09: accounts: Close database before renaming it., guix-commits, 2019/06/05
- 01/09: guix package: Do not list environment variables that need to be set., guix-commits, 2019/06/05
- 03/09: syscalls: Add 'with-file-lock' macro., guix-commits, 2019/06/05
- 09/09: accounts: Call 'fdatasync' when writing databases., guix-commits, 2019/06/05
- 07/09: nar: Really lock store files., guix-commits, 2019/06/05
- 05/09: syscalls: 'with-lock-file' catches ENOSYS., guix-commits, 2019/06/05
- 06/09: activation: Lock /etc/.pwd.lock before accessing databases., guix-commits <=

Prev by Date: 05/09: syscalls: 'with-lock-file' catches ENOSYS.
Next by Date: branch master updated (d088d5c -> 8703646)
Previous by thread: 05/09: syscalls: 'with-lock-file' catches ENOSYS.
Next by thread: branch master updated (d088d5c -> 8703646)
Index(es):
- Date
- Thread