diff options
| author | Alex Wilson <alex.wilson@joyent.com> | 2016-06-01 16:44:48 -0700 |
|---|---|---|
| committer | Alex Wilson <alex.wilson@joyent.com> | 2016-06-01 16:47:46 -0700 |
| commit | e37328425b592c054ffa60a45ff782e1991f4cf7 (patch) | |
| tree | b1ce50ae65d9a1db148665ca0c2c4ac7caea1b41 | |
| parent | 620ba571ce1f0bde01527de573ea99b2cf099bd8 (diff) | |
| download | illumos-joyent-e37328425b592c054ffa60a45ff782e1991f4cf7.tar.gz | |
OS-5440 pfexec and the case of the missing error message
Reviewed by: Richard Lowe <richlowe@richlowe.net>
Reviewed by: Patrick Mooney <patrick.mooney@joyent.com>
| -rw-r--r-- | usr/src/cmd/pfexec/pfexec.c | 12 | ||||
| -rw-r--r-- | usr/src/man/man1/pfexec.1 | 7 | ||||
| -rw-r--r-- | usr/src/uts/common/os/klpd.c | 2 |
3 files changed, 17 insertions, 4 deletions
diff --git a/usr/src/cmd/pfexec/pfexec.c b/usr/src/cmd/pfexec/pfexec.c index f06e1c3806..35bffd0d72 100644 --- a/usr/src/cmd/pfexec/pfexec.c +++ b/usr/src/cmd/pfexec/pfexec.c @@ -96,6 +96,7 @@ main(int argc, char **argv) { char *cmd; char *pset = NULL; + const char *msg; char pathbuf[MAXPATHLEN]; int c; priv_set_t *wanted; @@ -129,9 +130,12 @@ main(int argc, char **argv) switch (shellname(cmd, pathbuf)) { case RES_OK: (void) execv(pathbuf, argv); + msg = strerror(errno); + if (errno == ENOTACTIVE) + msg = gettext("failed to contact pfexecd"); (void) fprintf(stderr, gettext("pfexec: unable to execute %s: %s\n"), - pathbuf, strerror(errno)); + pathbuf, msg); return (1); case RES_PFEXEC: case RES_FAILURE: @@ -170,9 +174,13 @@ main(int argc, char **argv) } (void) execvp(argv[0], argv); + + msg = strerror(errno); + if (errno == ENOTACTIVE) + msg = gettext("failed to contact pfexecd"); (void) fprintf(stderr, gettext("pfexec: unable to execute %s: %s\n"), - argv[0], strerror(errno)); + argv[0], msg); return (1); } return (1); diff --git a/usr/src/man/man1/pfexec.1 b/usr/src/man/man1/pfexec.1 index 07b89eefa2..230b24bb7d 100644 --- a/usr/src/man/man1/pfexec.1 +++ b/usr/src/man/man1/pfexec.1 @@ -53,6 +53,11 @@ The privileges specification on the commands line is parsed using union of the privileges specified using the "\fBprivs\fR" keyword in \fBprof_attr\fR(4) for all the user's profiles and added to the inheritable set before executing the command. +.sp +.LP +For \fBpfexec\fR to function correctly, the \fBpfexecd\fR daemon must be running +in the current zone. This is normally managed by the +"\fBsvc:/system/pfexec:default\fR" SMF service (see \fBsmf\fR(5)). .SH USAGE .sp .LP @@ -104,4 +109,4 @@ An error occurred. .sp .LP \fBcsh\fR(1), \fBksh\fR(1), \fBprofiles\fR(1), \fBsh\fR(1), \fBexec_attr\fR(4), -\fBprof_attr\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5) +\fBprof_attr\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5), \fBsmf\fR(5) diff --git a/usr/src/uts/common/os/klpd.c b/usr/src/uts/common/os/klpd.c index 55734ae757..f5ae8823bb 100644 --- a/usr/src/uts/common/os/klpd.c +++ b/usr/src/uts/common/os/klpd.c @@ -861,7 +861,7 @@ pfexec_call(const cred_t *cr, struct pathname *rpnp, cred_t **pfcr, mutex_exit(&myzone->zone_lock); if (pfd == NULL) - return (0); + return (ENOTACTIVE); if (pfd->klpd_door_pid == curproc->p_pid) { klpd_rele(pfd); |