[Nix-dev] nixos svn commit 33222 (Improved Upstart job handling in switch-to-configuration)

[Mathijs Kwik]

Hi all,

The mongodb upstart task uses setuid to run as a different user.
Upstart switches to this user for the script itself, but for the
pre-start script as well.

For the new switch-to-configuration handling, the following line was added:
ln -sfn "$(readlink -f "/etc/init/${job.name}.conf")"
/var/run/upstart-jobs/${job.name}

Which is problematic when it isn't run as root.
/var/run/upstart-jobs is currently 700

What would be the best way to counter this problem?

A possible solution is to make it 770 for some group "jobs" and make
these setuid upstart job users member of it.
This does however allow these users to add more than we'd like, or
delete/edit other links in there. The sticky bit only helps partially.

Another solution would be some setuid root helper script to call to
register services.
The script should probably be able to inspect the calling process and
see if it got called from upstart, so it cannot be abused.

Still another solution would be to just sync all links in that dir
using the current upstart statuses instead of adding/removing 1 by 1.
status-sync can then be called/hooked after every upstart/initctl
invocation.

What do you suggest?

Mathijs