[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensolaris-smf-discuss
Subject:    Re: [smf-discuss] Add new privileges to an SMF
From:       David Bustos <David.Bustos () sun ! com>
Date:       2008-11-13 22:46:09
Message-ID: 20081113224608.GC11895 () ciabatta ! SFBay ! Sun ! COM
[Download RAW message or body]

Quoth Peter Cudhea on Thu, Nov 13, 2008 at 12:55:34PM -0500:
> But now, PSARC 2007/414 is being ported back to S10.   In this case, the 
> code will be installed by patchadd, which does not remove the manifest 
> and reimport it.   So the observed symptom is that the iscsitgt service 
> fails to start.

I think this is a gap in SMF's integration with the patch system.  If
the manifest changes, then we should update the repository automatically
so you don't have to do anything else.  So I think you should file a bug
report, even if we decide it's an RFE, or we decide we won't fix it.  At
least the workaround will be documented somewhere more official than
mailing list archives.

> And my proposed "fix" is to introduce a postinstall script as part of 
> the SUNWiscsitgtu package, in S10 only.  The postinstall script detects 
> if the start/privileges property for the iscsitgt service is lacking the 
> proc_setid privilege.   If so, it "knows" that the boot environment 
> being installed into does not have a current version of the 
> above-mentioned manifest, so it re-imports the manifest.   That 
> postinstall process must run correctly whether the patchadd is being 
> done either to a live boot environment (with no reboot) or to an 
> alternate boot environment (e.g. by luupgrade -t).  So we want to make 
> use of the /var/svc/profile/upgrade mechanism to cause the correct 
> import to happen later when the system is activated/rebooted.  (One 
> minor wrinkle is that when this patch is created as a test IDR, I have 
> to manually insert the correct sections of the postinstall script from 
> my SUNWiscsitgtu package into the IDR's own postinstall script.   As far 
> as I can tell is the way IDR postinstall scripts are designed to work.)

If you're patching an alternate boot environment, then during boot SMF
is supposed to notice the manifest change and automatically reimport it.
If you're seeing something else, that is a bug in SMF.  Unless your
service doesn't depend on system/manifest-import:default, in which case
we'll try to start your service before the manifest is reimported.

For live installs, the i.manifest class action script is supposed to do
this.  But patches don't use i.manifest; they use some other scripts,
including u.manifest if I recall correctly.  You should seek out some
patching experts for advice about this.  If you can't find any, contact
me privately.


David
_______________________________________________
smf-discuss mailing list
smf-discuss@opensolaris.org
[prev in list] [next in list] [prev in thread] [next in thread]