~mdw
/
secnet
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
polypath: Break up child process handling
[secnet]
/
secnet.h
diff --git
a/secnet.h
b/secnet.h
index
3b54def
..
76db603
100644
(file)
--- a/
secnet.h
+++ b/
secnet.h
@@
-14,6
+14,7
@@
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
+#include <fnmatch.h>
#include <sys/poll.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/poll.h>
#include <sys/types.h>
#include <sys/wait.h>
@@
-59,6
+60,10
@@
extern struct log_if *system_log;
/* from process.c */
extern void start_signal_handling(void);
/* from process.c */
extern void start_signal_handling(void);
+void afterfork(void);
+/* Must be called before exec in every child made after
+ start_signal_handling. Safe to call in earlier children too. */
+
/***** CONFIGURATION support *****/
extern bool_t just_check_config; /* If True then we're going to exit after
/***** CONFIGURATION support *****/
extern bool_t just_check_config; /* If True then we're going to exit after
@@
-170,6
+175,7
@@
extern void *safe_realloc_ary(void *p, size_t size, size_t count,
const char *message);
void setcloexec(int fd); /* cannot fail */
const char *message);
void setcloexec(int fd); /* cannot fail */
+void setnonblock(int fd); /* cannot fail */
void pipe_cloexec(int fd[2]); /* pipe(), setcloexec() twice; cannot fail */
extern int sys_cmd(const char *file, const char *argc, ...);
void pipe_cloexec(int fd[2]); /* pipe(), setcloexec() twice; cannot fail */
extern int sys_cmd(const char *file, const char *argc, ...);
@@
-263,12
+269,20
@@
bool_t remove_hook(uint32_t phase, hook_fn *f, void *state);
extern uint32_t current_phase;
extern void enter_phase(uint32_t new_phase);
extern uint32_t current_phase;
extern void enter_phase(uint32_t new_phase);
+void phase_hooks_init(void); /* for main() only */
+void clear_phase_hooks(uint32_t phase); /* for afterfork() */
+
/* Some features (like netlink 'soft' routes) require that secnet
retain root privileges. They should indicate that here when
appropriate. */
extern bool_t require_root_privileges;
extern cstring_t require_root_privileges_explanation;
/* Some features (like netlink 'soft' routes) require that secnet
retain root privileges. They should indicate that here when
appropriate. */
extern bool_t require_root_privileges;
extern cstring_t require_root_privileges_explanation;
+/* Some modules may want to know whether secnet is going to drop
+ privilege, so that they know whether to do privsep. Call only
+ in phases SETUP and later. */
+bool_t will_droppriv(void);
+
/***** END of program lifetime support *****/
/***** MODULE support *****/
/***** END of program lifetime support *****/
/***** MODULE support *****/
@@
-283,6
+297,7
@@
extern void init_builtin_modules(dict_t *dict);
extern init_module resolver_module;
extern init_module random_module;
extern init_module udp_module;
extern init_module resolver_module;
extern init_module random_module;
extern init_module udp_module;
+extern init_module polypath_module;
extern init_module util_module;
extern init_module site_module;
extern init_module transform_eax_module;
extern init_module util_module;
extern init_module site_module;
extern init_module transform_eax_module;