nbd swap server, inetd, SO_KEEPALIVE
Scott Balneaves
sbalneav at legalaid.mb.ca
Tue May 8 09:46:14 UTC 2007
On Tue, May 08, 2007 at 10:44:15AM +0100, Gavin McCullagh wrote:
> Any thoughts?
Hi Gavin,
Didn't even get a chance to say, "fare thee well" before you left, but we
don't even need a patch to inetd.
In a flash of insight, the veil was lifted from my eyes. We use tcpd
(as do most programs started from inetd) to control policy to the
nbdswapd process.
Adding the following line to /etc/hosts.allow:
nbdswapd: ALL: keepalive
does what we want with no funky inetd patches!
I've tested it last night on my boxes back in Canada, and it works
exactly as expected. Things clean up after themselves nicely.
I've spoken to the Canonical security boffin (who's name escapes me for
the moment), and he has no problem with adding that line to the
hosts.allow. I don't think debian packaging policy allows us to modify
the file in a package maintainer script, however, as part of
ltsp-build-client, it could easily be added.
For now, anyone adding this line to /etc/hosts.allow should get the
desired behaviour of having the swapd cleanly exit 2h or so after the
client goes away. Or whatever you've got your tcp timeout set to on
your box.
You can check you've got the line right with the following command:
sbalneav at vger:~$ tcpdchk -v
Using network configuration file: /etc/inetd.conf
>>> Rule /etc/hosts.allow line 15:
daemons: nbdswapd
clients: ALL
option: keepalive
access: granted
The "option: keepalive"'s the magic bit.
Cheers,
Scott
--
Scott L. Balneaves | "Eternity is a very long time,
Systems Department | especially towards the end."
Legal Aid Manitoba | -- Woody Allen
More information about the edubuntu-devel
mailing list