Closed vincentmli closed 1 month ago
opensnoop
PID COMM FD ERR PATH
23188 loxicmd -1 2 /etc/ld.so.cache
23188 loxicmd -1 2 /lib64/glibc-hwcaps/x86-64-v2/libresolv.so.2
23188 loxicmd 3 0 /lib64/libresolv.so.2
23188 loxicmd 3 0 /lib64/libc.so.6
23188 loxicmd 3 0 /proc/self/maps
23188 loxicmd 3 0 /sys/kernel/mm/transparent_hugepage/hpage_pmd_size
1814 unbound 12 0 /etc/unbound/root.hints
23194 loxicmd -1 2 /etc/ld.so.cache
23194 loxicmd -1 2 /lib64/glibc-hwcaps/x86-64-v2/libresolv.so.2
23194 loxicmd 3 0 /lib64/libresolv.so.2
23194 loxicmd 3 0 /lib64/libc.so.6
23194 loxicmd 3 0 /proc/self/maps
23194 loxicmd 3 0 /sys/kernel/mm/transparent_hugepage/hpage_pmd_size
23194 loxicmd 3 0 /etc/localtime
23194 loxicmd -1 13 ipconfig_2024-08-21_20:44:49.txt <====
diff below to loxicmd fixed the problem:
root@r210:/home/vincent/go/src/github.com/vincentmli/BPFire/cache/loxicmd-0.9.6# git diff
diff --git a/cmd/dump/save.go b/cmd/dump/save.go
index 0b14d36..fd6b9d3 100644
--- a/cmd/dump/save.go
+++ b/cmd/dump/save.go
@@ -80,6 +80,10 @@ func SaveCmd(saveOpts *SaveOptions, restOptions *api.RESTOptions) *cobra.Command
return
}
fmt.Println("LB Configuration saved in", lbfile)
+ err = os.Remove(lbfile)
+ if err != nil {
+ fmt.Println(err.Error())
+ }
}
if saveOpts.SaveSessionConfig || saveOpts.SaveAllConfig {
sessionFile, err := get.Sessiondump(restOptions, dpath)
diff --git a/cmd/get/get_loadbalancer.go b/cmd/get/get_loadbalancer.go
index 173e4a9..9ad29b8 100644
--- a/cmd/get/get_loadbalancer.go
+++ b/cmd/get/get_loadbalancer.go
@@ -226,6 +226,7 @@ func Lbdump(restOptions *api.RESTOptions, path string) (string, error) {
fileP := []string{"lbconfig_", ".txt"}
t := time.Now()
file := strings.Join(fileP, t.Local().Format("2006-01-02_15:04:05"))
+ file = path + file
f, err := os.Create(file)
if err != nil {
fmt.Printf("Can't create dump file\n")
opensnoop:
PID COMM FD ERR PATH
4419 loxicmd 3 0 /etc/localtime
4419 loxicmd 3 0 /var/ipfire/loxilb/lbconfig_2024-08-23_19:00:35.txt <=====
4419 loxicmd 8 0 /dev/null
it looks when loxicmd save -l -c /var/ipfire/loxilb/
to save LB config and invoked from web interface with user nobody
permission, the file
variable requires explicit directory path /var/ipfire/loxilb/
since /var/ipfire/loxilb
is owned by user nobody
, without explicit directory path, user nobody
has no permission to create file lbconfig_2024-08-23_19:00:35.txt
which does not have explicit path that is owned by user nobody
.
since BPFire only deal with loxilb IP/LB/FW for now, diff below could work around the issue
diff --git a/cmd/dump/save.go b/cmd/dump/save.go
index 0b14d36..372c761 100644
--- a/cmd/dump/save.go
+++ b/cmd/dump/save.go
@@ -72,6 +72,10 @@ func SaveCmd(saveOpts *SaveOptions, restOptions *api.RESTOptions) *cobra.Command
return
}
fmt.Println("IP Configuration saved in", file)
+ err = os.Remove(file)
+ if err != nil {
+ fmt.Println(err.Error())
+ }
}
if saveOpts.SaveLBConfig || saveOpts.SaveAllConfig {
lbfile, err := get.Lbdump(restOptions, dpath)
@@ -80,6 +84,10 @@ func SaveCmd(saveOpts *SaveOptions, restOptions *api.RESTOptions) *cobra.Command
return
}
fmt.Println("LB Configuration saved in", lbfile)
+ err = os.Remove(lbfile)
+ if err != nil {
+ fmt.Println(err.Error())
+ }
}
if saveOpts.SaveSessionConfig || saveOpts.SaveAllConfig {
sessionFile, err := get.Sessiondump(restOptions, dpath)
@@ -104,6 +112,10 @@ func SaveCmd(saveOpts *SaveOptions, restOptions *api.RESTOptions) *cobra.Command
return
}
fmt.Println("Firewall Configuration saved in", FWFile)
+ err = os.Remove(FWFile)
+ if err != nil {
+ fmt.Println(err.Error())
+ }
}
if saveOpts.SaveEPConfig || saveOpts.SaveAllConfig {
EPFile, err := get.EPdump(restOptions, dpath)
diff --git a/cmd/get/get_firewall.go b/cmd/get/get_firewall.go
index bd80a4c..c45ce57 100644
--- a/cmd/get/get_firewall.go
+++ b/cmd/get/get_firewall.go
@@ -144,6 +144,7 @@ func FWdump(restOptions *api.RESTOptions, path string) (string, error) {
fileP := []string{"FWconfig_", ".txt"}
t := time.Now()
file := strings.Join(fileP, t.Local().Format("2006-01-02_15:04:05"))
+ file = path + file
f, err := os.Create(file)
if err != nil {
fmt.Printf("Can't create dump file\n")
diff --git a/cmd/get/get_loadbalancer.go b/cmd/get/get_loadbalancer.go
index 173e4a9..9ad29b8 100644
--- a/cmd/get/get_loadbalancer.go
+++ b/cmd/get/get_loadbalancer.go
@@ -226,6 +226,7 @@ func Lbdump(restOptions *api.RESTOptions, path string) (string, error) {
fileP := []string{"lbconfig_", ".txt"}
t := time.Now()
file := strings.Join(fileP, t.Local().Format("2006-01-02_15:04:05"))
+ file = path + file
f, err := os.Create(file)
if err != nil {
fmt.Printf("Can't create dump file\n")
diff --git a/cmd/get/get_netlink.go b/cmd/get/get_netlink.go
index a9c8747..e4da735 100644
--- a/cmd/get/get_netlink.go
+++ b/cmd/get/get_netlink.go
@@ -517,6 +517,7 @@ func Nlpdump(dpath string) (string, error) {
fileP := []string{"ipconfig_", ".txt"}
t := time.Now()
file := strings.Join(fileP, t.Local().Format("2006-01-02_15:04:05"))
+ file = dpath + file
f, err = os.Create(file)
if err != nil {
fmt.Printf("Can't create dump file\n")
@@ -525,7 +526,7 @@ func Nlpdump(dpath string) (string, error) {
defer f.Close()
- path = "ipconfig_" + t.Local().Format("2006-01-02_15:04:05") + "/"
+ path = dpath + "ipconfig_" + t.Local().Format("2006-01-02_15:04:05") + "/"
//fmt.Printf("Creating intf config dir : %s\n", path)
if _, err := os.Stat(path); errors.Is(err, os.ErrNotExist) {
err := os.Mkdir(path, os.ModePerm)
better diff to create the file under /tmp directory and cleaned up after loxicmd exit
diff --git a/cmd/get/get_firewall.go b/cmd/get/get_firewall.go
index bd80a4c..296f711 100644
--- a/cmd/get/get_firewall.go
+++ b/cmd/get/get_firewall.go
@@ -141,7 +141,7 @@ func FWAPICall(restOptions *api.RESTOptions) (*http.Response, error) {
func FWdump(restOptions *api.RESTOptions, path string) (string, error) {
// File Open
- fileP := []string{"FWconfig_", ".txt"}
+ fileP := []string{"/tmp/FWconfig_", ".txt"}
t := time.Now()
file := strings.Join(fileP, t.Local().Format("2006-01-02_15:04:05"))
f, err := os.Create(file)
@@ -149,7 +149,7 @@ func FWdump(restOptions *api.RESTOptions, path string) (string, error) {
fmt.Printf("Can't create dump file\n")
os.Exit(1)
}
- defer f.Close()
+ defer os.Remove(f.Name())
// API Call
client := api.NewLoxiClient(restOptions)
diff --git a/cmd/get/get_loadbalancer.go b/cmd/get/get_loadbalancer.go
index 173e4a9..1aa08b8 100644
--- a/cmd/get/get_loadbalancer.go
+++ b/cmd/get/get_loadbalancer.go
@@ -223,7 +223,7 @@ func Lbdump(restOptions *api.RESTOptions, path string) (string, error) {
lbresp := api.LbRuleModGet{}
dresp := api.LbRuleModGet{}
// File Open
- fileP := []string{"lbconfig_", ".txt"}
+ fileP := []string{"/tmp/lbconfig_", ".txt"}
t := time.Now()
file := strings.Join(fileP, t.Local().Format("2006-01-02_15:04:05"))
f, err := os.Create(file)
@@ -231,7 +231,7 @@ func Lbdump(restOptions *api.RESTOptions, path string) (string, error) {
fmt.Printf("Can't create dump file\n")
os.Exit(1)
}
- defer f.Close()
+ defer os.Remove(f.Name())
// API Call
client := api.NewLoxiClient(restOptions)
diff --git a/cmd/get/get_netlink.go b/cmd/get/get_netlink.go
index a9c8747..e58a75a 100644
--- a/cmd/get/get_netlink.go
+++ b/cmd/get/get_netlink.go
@@ -514,7 +514,7 @@ func GetBonds() {
func Nlpdump(dpath string) (string, error) {
var ret int
var err error
- fileP := []string{"ipconfig_", ".txt"}
+ fileP := []string{"/tmp/ipconfig_", ".txt"}
t := time.Now()
file := strings.Join(fileP, t.Local().Format("2006-01-02_15:04:05"))
f, err = os.Create(file)
@@ -523,9 +523,9 @@ func Nlpdump(dpath string) (string, error) {
os.Exit(1)
}
- defer f.Close()
+ defer os.Remove(f.Name())
- path = "ipconfig_" + t.Local().Format("2006-01-02_15:04:05") + "/"
+ path = "/tmp/" + "ipconfig_" + t.Local().Format("2006-01-02_15:04:05") + "/"
//fmt.Printf("Creating intf config dir : %s\n", path)
if _, err := os.Stat(path); errors.Is(err, os.ErrNotExist) {
err := os.Mkdir(path, os.ModePerm)
@@ -534,6 +534,8 @@ func Nlpdump(dpath string) (string, error) {
}
}
+ defer os.RemoveAll(path)
+
/*Get bridge info first */
GetBridges()
GetBonds()
attempted to add
loxicmd save -l -c /var/ipfire/loxilb/
loxilb LB UI loxilbconfig.cgi below:$errormessage get
"Can't create dump file"