From 797c331e1640169a3b4dcc95d747d57d5710459d Mon Sep 17 00:00:00 2001
From: Pablo Oliver Cortes <pablo.oliver.cortes@cern.ch>
Date: Mon, 6 May 2024 17:28:36 +0200
Subject: [PATCH] Resolve: "Fix tape daemon's log file creation permissions"
---
ReleaseNotes.md | 1 +
common/CMakeLists.txt | 1 -
common/log/FileLogger.cpp | 2 +-
common/processCap/ProcessCap.cpp | 84 ++++++++++---------
common/processCap/ProcessCap.hpp | 58 ++-----------
common/processCap/ProcessCapDummy.cpp | 32 -------
common/processCap/ProcessCapDummy.hpp | 62 --------------
common/threading/Daemon.cpp | 10 +--
common/threading/Daemon.hpp | 8 +-
.../docker/ctafrontend/opt/run/bin/taped.sh | 2 +-
.../tape/tapeserver/daemon/CleanerSession.cpp | 26 ++----
.../tape/tapeserver/daemon/CleanerSession.hpp | 15 ----
.../tapeserver/daemon/DataTransferSession.cpp | 38 +++------
.../tapeserver/daemon/DataTransferSession.hpp | 12 +--
.../daemon/DataTransferSessionTest.cpp | 51 ++++-------
.../daemon/RecallTaskInjectorTest.cpp | 10 +--
.../daemon/TapeReadSingleThread.cpp | 3 +-
.../daemon/TapeReadSingleThread.hpp | 1 -
.../daemon/TapeSingleThreadInterface.hpp | 11 +--
.../daemon/TapeWriteSingleThread.cpp | 3 +-
.../daemon/TapeWriteSingleThread.hpp | 1 -
.../tape/tapeserver/file/OsmReaderTest.cpp | 3 -
tapeserver/cta-taped.cpp | 79 ++++++++++++++---
tapeserver/daemon/DriveHandler.cpp | 6 --
tapeserver/daemon/DriveHandler.hpp | 4 -
tapeserver/daemon/TapeDaemon.cpp | 36 +-------
tapeserver/daemon/TapeDaemon.hpp | 18 +---
tapeserver/readtp/ReadtpCmd.cpp | 10 ---
tapeserver/readtp/ReadtpCmd.hpp | 13 ---
tapeserver/tapelabel/TapeLabelCmd.cpp | 3 +-
tapeserver/tapelabel/TapeLabelCmd.hpp | 6 --
31 files changed, 173 insertions(+), 436 deletions(-)
delete mode 100644 common/processCap/ProcessCapDummy.cpp
delete mode 100644 common/processCap/ProcessCapDummy.hpp
diff --git a/ReleaseNotes.md b/ReleaseNotes.md
index 9af68233de..db60caae16 100644
--- a/ReleaseNotes.md
+++ b/ReleaseNotes.md
@@ -13,6 +13,7 @@
- cta/CTA#645 - Fix new mount timeout log message
- cta/CTA#666 - Fix drive status activity field not being properly reset
- cta/CTA#502 - Fix string representation for Cleanup session type
+- cta/CTA#682 - Generate taped's log file with correct owner and group
### Continuous Integration
- cta/CTA#615 - Going to xrdfs xattr API for EOS5 extended attribute tests (EOS >= 5.2.17)
diff --git a/common/CMakeLists.txt b/common/CMakeLists.txt
index 7bf983e690..e3918aa926 100644
--- a/common/CMakeLists.txt
+++ b/common/CMakeLists.txt
@@ -126,7 +126,6 @@ set (COMMON_LIB_SRC_FILES
priorities/MountCriteria.cpp
priorities/UserGroup.cpp
processCap/ProcessCap.cpp
- processCap/ProcessCapDummy.cpp
remoteFS/RemoteFileStatus.cpp
remoteFS/RemotePath.cpp
remoteFS/RemotePathAndStatus.cpp
diff --git a/common/log/FileLogger.cpp b/common/log/FileLogger.cpp
index 2c78786e76..f1a7e9b1ed 100644
--- a/common/log/FileLogger.cpp
+++ b/common/log/FileLogger.cpp
@@ -30,7 +30,7 @@ namespace cta::log {
//------------------------------------------------------------------------------
FileLogger::FileLogger(std::string_view hostName, std::string_view programName, std::string_view filePath, int logMask) :
Logger(hostName, programName, logMask) {
- m_fd = ::open(filePath.data(), O_APPEND | O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR | S_IRGRP);
+ m_fd = ::open(filePath.data(), O_APPEND | O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH );
exception::Errnum::throwOnMinusOne(m_fd, std::string("In FileLogger::FileLogger(): failed to open log file: ") + std::string(filePath));
}
diff --git a/common/processCap/ProcessCap.cpp b/common/processCap/ProcessCap.cpp
index 4bb22a35c1..8142e75801 100644
--- a/common/processCap/ProcessCap.cpp
+++ b/common/processCap/ProcessCap.cpp
@@ -21,29 +21,10 @@
#include "common/processCap/ProcessCap.hpp"
#include "common/utils/utils.hpp"
-//------------------------------------------------------------------------------
-// getProcText
-//------------------------------------------------------------------------------
-std::string cta::server::ProcessCap::getProcText() {
- cap_t cap;
-
- try {
- cap = getProc();
- auto retval = toText(cap);
- cap_free(cap);
- return retval;
- } catch(cta::exception::Exception& ne) {
- cap_free(cap);
- cta::exception::Exception ex;
- ex.getMessage() << "Failed to get text representation of the capabilities of the process: " << ne.getMessage().str();
- throw ex;
- }
-}
-
//------------------------------------------------------------------------------
// getProc
//------------------------------------------------------------------------------
-cap_t cta::server::ProcessCap::getProc() {
+static cap_t getProc() {
cap_t cap = cap_get_proc();
if(nullptr == cap) {
cta::exception::Exception ex;
@@ -58,8 +39,7 @@ cap_t cta::server::ProcessCap::getProc() {
//------------------------------------------------------------------------------
// toText
//------------------------------------------------------------------------------
-std::string cta::server::ProcessCap::toText(
- const cap_t cap) {
+static std::string toText(const cap_t cap) {
// Create a C++ string with the result of calling cap_to_text()
char *const text = cap_to_text(cap, nullptr);
if(nullptr == text) {
@@ -84,27 +64,10 @@ std::string cta::server::ProcessCap::toText(
return result;
}
-//------------------------------------------------------------------------------
-// setProcText
-//------------------------------------------------------------------------------
-void cta::server::ProcessCap::setProcText(const std::string& text) {
- cap_t cap;
- try {
- cap = fromText(text);
- setProc(cap);
- cap_free(cap);
- } catch(cta::exception::Exception& ne) {
- cap_free(cap);
- cta::exception::Exception ex;
- ex.getMessage() << "Failed to set capabilities of process: " << ne.getMessage().str();
- throw ex;
- }
-}
-
//------------------------------------------------------------------------------
// fromText
//------------------------------------------------------------------------------
-cap_t cta::server::ProcessCap::fromText(const std::string &text) {
+static cap_t fromText(const std::string &text) {
const cap_t cap = cap_from_text(text.c_str());
if(nullptr == cap) {
cta::exception::Exception ex;
@@ -120,7 +83,7 @@ cap_t cta::server::ProcessCap::fromText(const std::string &text) {
//------------------------------------------------------------------------------
// setProc
//------------------------------------------------------------------------------
-void cta::server::ProcessCap::setProc(const cap_t cap) {
+static void setProc(const cap_t cap) {
if(cap_set_proc(cap)) {
cta::exception::Exception ex;
ex.getMessage() <<
@@ -129,3 +92,42 @@ void cta::server::ProcessCap::setProc(const cap_t cap) {
throw ex;
}
}
+
+namespace cta::server::ProcessCap{
+//------------------------------------------------------------------------------
+// getProcText
+//------------------------------------------------------------------------------
+std::string getProcText() {
+ cap_t cap;
+
+ try {
+ cap = getProc();
+ auto retval = toText(cap);
+ cap_free(cap);
+ return retval;
+ } catch(cta::exception::Exception& ne) {
+ cap_free(cap);
+ cta::exception::Exception ex;
+ ex.getMessage() << "Failed to get text representation of the capabilities of the process: " << ne.getMessage().str();
+ throw ex;
+ }
+}
+
+
+//------------------------------------------------------------------------------
+// setProcText
+//------------------------------------------------------------------------------
+void setProcText(const std::string& text) {
+ cap_t cap;
+ try {
+ cap = fromText(text);
+ setProc(cap);
+ cap_free(cap);
+ } catch(cta::exception::Exception& ne) {
+ cap_free(cap);
+ cta::exception::Exception ex;
+ ex.getMessage() << "Failed to set capabilities of process: " << ne.getMessage().str();
+ throw ex;
+ }
+}
+} //namespace cta::server::ProcessCap
diff --git a/common/processCap/ProcessCap.hpp b/common/processCap/ProcessCap.hpp
index d3f8000731..3d51eb3209 100644
--- a/common/processCap/ProcessCap.hpp
+++ b/common/processCap/ProcessCap.hpp
@@ -20,32 +20,15 @@
#include <string>
#include <sys/capability.h>
-namespace cta::server {
+namespace cta::server::ProcessCap {
-/**
- * Class providing support for UNIX capabilities.
- *
- * This class is used to provide support for UNIX capbilities, so that
- * subclasses can be created that override its virtual member functions.
- * Unit testing is the primary use-case where you may want a dummy capabilities
- * object that does nothing.
- *
- * Please note that process capabilities are not supported on Mac OS X.
- */
-class ProcessCap {
-public:
- /**
- * Destructor
- */
- virtual ~ProcessCap() = default;
-
- /**
+ /**
* C++ wrapper around the C functions cap_get_proc() and cap_to_text().
*
* @return The string representation the capabilities of the current
* process.
*/
- virtual std::string getProcText();
+ std::string getProcText();
/**
* C++ wrapper around the C functions cap_from_text() and cap_set_proc().
@@ -53,36 +36,5 @@ public:
* @text The string representation the capabilities that the current
* process should have.
*/
- virtual void setProcText(const std::string &text);
-
-private:
- /**
- * C++ wrapper around the C function cap_get_proc().
- *
- * @return The capability state.
- */
- cap_t getProc();
-
- /**
- * C++ wrapper around the C function cap_to_text().
- *
- * @param cap The capability state.
- */
- std::string toText(const cap_t cap);
-
- /**
- * C++ wrapper around the C function cap_from_text().
- *
- * @return The capability state.
- */
- cap_t fromText(const std::string &text);
-
- /**
- * C++ wrapper around the C function cap_set_proc().
- *
- * @param cap The capability state.
- */
- void setProc(const cap_t cap);
-};
-
-} // namespace cta::server
+ void setProcText(const std::string &text);
+} // namespace cta::server::ProcessCap
diff --git a/common/processCap/ProcessCapDummy.cpp b/common/processCap/ProcessCapDummy.cpp
deleted file mode 100644
index bd85985fbc..0000000000
--- a/common/processCap/ProcessCapDummy.cpp
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * @project The CERN Tape Archive (CTA)
- * @copyright Copyright © 2021-2022 CERN
- * @license This program is free software, distributed under the terms of the GNU General Public
- * Licence version 3 (GPL Version 3), copied verbatim in the file "COPYING". You can
- * redistribute it and/or modify it under the terms of the GPL Version 3, or (at your
- * option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU General Public License for more details.
- *
- * In applying this licence, CERN does not waive the privileges and immunities
- * granted to it by virtue of its status as an Intergovernmental Organization or
- * submit itself to any jurisdiction.
- */
-
-#include "common/processCap/ProcessCapDummy.hpp"
-
-//------------------------------------------------------------------------------
-// getProcText
-//------------------------------------------------------------------------------
-std::string cta::server::ProcessCapDummy::getProcText() {
- return m_text;
-}
-
-//------------------------------------------------------------------------------
-// setProcText
-//------------------------------------------------------------------------------
-void cta::server::ProcessCapDummy::setProcText(const std::string &text) {
- m_text = text;
-}
diff --git a/common/processCap/ProcessCapDummy.hpp b/common/processCap/ProcessCapDummy.hpp
deleted file mode 100644
index bf36e9e1cb..0000000000
--- a/common/processCap/ProcessCapDummy.hpp
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * @project The CERN Tape Archive (CTA)
- * @copyright Copyright © 2021-2022 CERN
- * @license This program is free software, distributed under the terms of the GNU General Public
- * Licence version 3 (GPL Version 3), copied verbatim in the file "COPYING". You can
- * redistribute it and/or modify it under the terms of the GPL Version 3, or (at your
- * option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU General Public License for more details.
- *
- * In applying this licence, CERN does not waive the privileges and immunities
- * granted to it by virtue of its status as an Intergovernmental Organization or
- * submit itself to any jurisdiction.
- */
-
-#pragma once
-
-#include "common/processCap/ProcessCap.hpp"
-
-#include <string>
-#include <sys/capability.h>
-
-namespace cta::server {
-
-/**
- * A dummy class that pretends to provide support for UNIX capabilities.
- *
- * This primary goal of this class is to facilitate unit testing.
- */
-class ProcessCapDummy : public ProcessCap {
-public:
- /**
- * Destructor
- */
- ~ProcessCapDummy() final = default;
-
- /**
- * C++ wrapper around the C functions cap_get_proc() and cap_to_text().
- *
- * @return The string representation the capabilities of the current
- * process.
- */
- std::string getProcText();
-
- /**
- * C++ wrapper around the C functions cap_from_text() and cap_set_proc().
- *
- * @text The string representation the capabilities that the current
- * process should have.
- */
- void setProcText(const std::string &text);
-
-private:
- /**
- * The string representation of the current capability state.
- */
- std::string m_text;
-};
-
-} // namespace cta::server
diff --git a/common/threading/Daemon.cpp b/common/threading/Daemon.cpp
index 3973b96e96..5ed5eaf263 100644
--- a/common/threading/Daemon.cpp
+++ b/common/threading/Daemon.cpp
@@ -61,8 +61,7 @@ void cta::server::Daemon::setCommandLineHasBeenParsed(const bool foreground) noe
//------------------------------------------------------------------------------
// daemonizeIfNotRunInForegroundAndSetUserAndGroup
//------------------------------------------------------------------------------
-void cta::server::Daemon::daemonizeIfNotRunInForegroundAndSetUserAndGroup(const std::string &userName,
- const std::string &groupName) {
+void cta::server::Daemon::daemonizeIfNotRunInForeground() {
// If the daemon is to be run in the background
if (!m_foreground) {
m_log.prepareForFork();
@@ -100,13 +99,6 @@ void cta::server::Daemon::daemonizeIfNotRunInForegroundAndSetUserAndGroup(const
"Failed to daemonize: Failed to freopen stderr");
} // if (!m_foreground)
- // Change the user and group of the daemon process
- std::list<log::Param> params = {
- log::Param("userName", userName),
- log::Param("groupName", groupName)};
- m_log(log::INFO, "Setting user name and group name of current process", params);
- cta::System::setUserAndGroup(userName, groupName);
-
// Ignore SIGPIPE (connection lost with client)
// and SIGXFSZ (a file is too big)
signal(SIGPIPE, SIG_IGN);
diff --git a/common/threading/Daemon.hpp b/common/threading/Daemon.hpp
index 5a7ec22fb0..034664433d 100644
--- a/common/threading/Daemon.hpp
+++ b/common/threading/Daemon.hpp
@@ -68,19 +68,13 @@ protected:
* Daemonizes the daemon if it has not been configured to run in the
* foreground.
*
- * This method also sets the user and group of the process to the specified
- * values.
- *
* Please make sure that the setForeground() method has been called as
* appropriate before this method is called.
*
* This method takes into account whether or not the daemon should run in
* foregreound or background mode (m_foreground).
- *
- * @param userName The name of the user.
- * @param groupName The name of the group.
*/
- void daemonizeIfNotRunInForegroundAndSetUserAndGroup(const std::string &userName, const std::string &groupName);
+ void daemonizeIfNotRunInForeground();
/**
* Object representing the API of the CASTOR logging system.
diff --git a/continuousintegration/docker/ctafrontend/opt/run/bin/taped.sh b/continuousintegration/docker/ctafrontend/opt/run/bin/taped.sh
index 223164aad4..11fc4a3950 100755
--- a/continuousintegration/docker/ctafrontend/opt/run/bin/taped.sh
+++ b/continuousintegration/docker/ctafrontend/opt/run/bin/taped.sh
@@ -93,7 +93,7 @@ else
export XrdSecPROTOCOL
export XrdSecSSSKT
-tail -F /var/log/cta/cta-taped.log &
+tail -F "/var/log/cta/cta-taped-${DRIVENAMES[${driveslot}]}.log" &
# cta-taped is ran with runuser to avoid a bug with Docker that prevents both
# the setresgid(-1, 1474, -1) and setresuid(-1, 14029, -1) system calls from
diff --git a/tapeserver/castor/tape/tapeserver/daemon/CleanerSession.cpp b/tapeserver/castor/tape/tapeserver/daemon/CleanerSession.cpp
index c7a1597810..ed44262644 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/CleanerSession.cpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/CleanerSession.cpp
@@ -22,12 +22,12 @@
#include "castor/tape/tapeserver/daemon/CleanerSession.hpp"
#include "castor/tape/tapeserver/file/HeaderChecker.hpp"
#include "catalogue/Catalogue.hpp"
+#include "common/processCap/ProcessCap.hpp"
//------------------------------------------------------------------------------
// constructor
//------------------------------------------------------------------------------
castor::tape::tapeserver::daemon::CleanerSession::CleanerSession(
- cta::server::ProcessCap &capUtils,
cta::mediachanger::MediaChangerFacade &mc,
cta::log::Logger &log,
const cta::tape::daemon::DriveConfigEntry &driveConfig,
@@ -38,7 +38,6 @@ castor::tape::tapeserver::daemon::CleanerSession::CleanerSession(
const std::string & externalEncryptionKeyScript,
cta::catalogue::Catalogue & catalogue,
cta::Scheduler & scheduler):
- m_capUtils(capUtils),
m_mc(mc),
m_log(log),
m_driveConfig(driveConfig),
@@ -117,7 +116,14 @@ void castor::tape::tapeserver::daemon::CleanerSession::setDriveDownAfterCleanerF
//------------------------------------------------------------------------------
castor::tape::tapeserver::daemon::Session::EndOfSessionAction
castor::tape::tapeserver::daemon::CleanerSession::exceptionThrowingExecute() {
- setProcessCapabilities("cap_sys_rawio+ep");
+ // Make effective the raw I/O process capability.
+ {
+ cta::server::ProcessCap::setProcText("cap_sys_rawio+ep");
+ std::list<cta::log::Param> params = {
+ cta::log::Param("capabilities", cta::server::ProcessCap::getProcText())};
+ m_log(cta::log::INFO, "CleanerSession made effective raw I/O capability to use tape",
+ params);
+ }
std::unique_ptr<drive::DriveInterface> drivePtr = createDrive();
drive::DriveInterface &drive = *drivePtr.get();
@@ -249,20 +255,6 @@ void castor::tape::tapeserver::daemon::CleanerSession::logAndClearTapeAlerts(dri
m_log(cta::log::ERR, "Cleaner failed getting tape alerts from the drive", params);
}
-//------------------------------------------------------------------------------
-// setProcessCapabilities
-//------------------------------------------------------------------------------
-void castor::tape::tapeserver::daemon::CleanerSession::setProcessCapabilities(
- const std::string &capabilities) {
- m_capUtils.setProcText(capabilities);
- {
- std::list<cta::log::Param> params = {
- cta::log::Param("capabilities", m_capUtils.getProcText())};
- m_log(cta::log::INFO, "Cleaner set process capabilities for using tape",
- params);
- }
-}
-
//------------------------------------------------------------------------------
// createDrive
//------------------------------------------------------------------------------
diff --git a/tapeserver/castor/tape/tapeserver/daemon/CleanerSession.hpp b/tapeserver/castor/tape/tapeserver/daemon/CleanerSession.hpp
index 06049ceb4b..c0649c7d10 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/CleanerSession.hpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/CleanerSession.hpp
@@ -21,7 +21,6 @@
#include <string>
#include "common/log/Logger.hpp"
-#include "common/processCap/ProcessCap.hpp"
#include "mediachanger/MediaChangerFacade.hpp"
#include "scheduler/Scheduler.hpp"
#include "tapeserver/castor/tape/tapeserver/daemon/EncryptionControl.hpp"
@@ -45,7 +44,6 @@ public:
/**
* Constructor
*
- * @param capUtils Object providing support for UNIX capabilities.
* @param mc Object representing the media changer.
* @param log Object representing the API to the CASTOR logging system.
* @param driveConfig Configuration of the tape drive to be cleaned.
@@ -61,7 +59,6 @@ public:
* @param catalogue the CTA catalogue
*/
CleanerSession(
- cta::server::ProcessCap &capUtils,
cta::mediachanger::MediaChangerFacade &mc,
cta::log::Logger &log,
const cta::tape::daemon::DriveConfigEntry &driveConfig,
@@ -83,11 +80,6 @@ public:
EndOfSessionAction execute() noexcept;
private:
- /**
- * Object providing support for UNIX capabilities.
- */
- cta::server::ProcessCap &m_capUtils;
-
/**
* The object representing the media changer.
*/
@@ -169,13 +161,6 @@ private:
*/
void cleanDrive(drive::DriveInterface &drive);
- /**
- * Sets the capabilities of the process and logs the result.
- *
- * @param capabilities The string representation of the capabilities.
- */
- void setProcessCapabilities(const std::string &capabilities);
-
/**
* Creates and returns the object that represents the tape drive to be
* cleaned.
diff --git a/tapeserver/castor/tape/tapeserver/daemon/DataTransferSession.cpp b/tapeserver/castor/tape/tapeserver/daemon/DataTransferSession.cpp
index 5b8205d105..08c36dcc1d 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/DataTransferSession.cpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/DataTransferSession.cpp
@@ -17,6 +17,7 @@
#include "common/log/Logger.hpp"
#include "common/log/LogContext.hpp"
+#include "common/processCap/ProcessCap.hpp"
#include "common/threading/System.hpp"
#include "castor/tape/tapeserver/daemon/EmptyDriveProbe.hpp"
#include "castor/tape/tapeserver/daemon/DataTransferSession.hpp"
@@ -49,7 +50,7 @@ castor::tape::tapeserver::daemon::DataTransferSession::DataTransferSession(const
const cta::tape::daemon::DriveConfigEntry& driveConfig,
cta::mediachanger::MediaChangerFacade& mc,
cta::tape::daemon::TapedProxy& initialProcess,
- cta::server::ProcessCap& capUtils,
+
const DataTransferConfig& dataTransferConfig,
cta::Scheduler& scheduler) :
m_log(log),
@@ -59,31 +60,9 @@ castor::tape::tapeserver::daemon::DataTransferSession::DataTransferSession(const
m_driveInfo({driveConfig.unitName, cta::utils::getShortHostname(), driveConfig.logicalLibrary}),
m_mediaChanger(mc),
m_initialProcess(initialProcess),
- m_capUtils(capUtils),
m_scheduler(scheduler) {
}
-//------------------------------------------------------------------------------
-// setProcessCapabilities
-//------------------------------------------------------------------------------
-/**
- * This function will try to set the cap_sys_rawio capability that is needed
- * for by tape thread to access /dev/nst
- */
-void castor::tape::tapeserver::daemon::DataTransferSession::setProcessCapabilities(
- const std::string& capabilities) {
- cta::log::LogContext lc(m_log);
- try {
- m_capUtils.setProcText(capabilities);
- cta::log::LogContext::ScopedParam sp(lc,
- cta::log::Param("capabilities", m_capUtils.getProcText()));
- lc.log(cta::log::INFO, "Set process capabilities for using tape");
- } catch (const cta::exception::Exception& ne) {
- lc.log(cta::log::ERR,
- "Failed to set process capabilities for using the tape ");
- }
-}
-
//------------------------------------------------------------------------------
//DataTransferSession::execute
//------------------------------------------------------------------------------
@@ -103,7 +82,15 @@ castor::tape::tapeserver::daemon::DataTransferSession::execute() {
lc.pushOrReplace(cta::log::Param("thread", "MainThread"));
lc.pushOrReplace(cta::log::Param("tapeDrive", m_driveConfig.unitName));
- setProcessCapabilities("cap_sys_rawio+ep");
+ // Make effective the raw I/O process capability.
+ try {
+ cta::server::ProcessCap::setProcText("cap_sys_rawio+ep");
+ cta::log::LogContext::ScopedParam sp(lc, cta::log::Param("capabilities",
+ cta::server::ProcessCap::getProcText()));
+ lc.log(cta::log::INFO, "DataTransferSession made effective raw I/O capabilty to the tape");
+ } catch (const cta::exception::Exception &ex) {
+ lc.log(cta::log::ERR, "DataTransferSession failed to make effective raw I/O capabilty to use tape");
+ }
TapeSessionReporter tapeServerReporter(m_initialProcess, m_driveConfig, m_hostname, lc);
@@ -286,7 +273,7 @@ castor::tape::tapeserver::daemon::DataTransferSession::executeRead(cta::log::Log
RecallMemoryManager memoryManager(m_dataTransferConfig.nbBufs, m_dataTransferConfig.bufsz, logContext);
TapeReadSingleThread readSingleThread(*drive, m_mediaChanger, reporter, m_volInfo,
- m_dataTransferConfig.bulkRequestRecallMaxFiles, m_capUtils, watchDog, logContext,
+ m_dataTransferConfig.bulkRequestRecallMaxFiles, watchDog, logContext,
reportPacker,
m_dataTransferConfig.useLbp, m_dataTransferConfig.useRAO, m_dataTransferConfig.useEncryption,
m_dataTransferConfig.externalEncryptionKeyScript, *retrieveMount,
@@ -432,7 +419,6 @@ castor::tape::tapeserver::daemon::DataTransferSession::executeWrite(cta::log::Lo
m_volInfo,
logContext,
reportPacker,
- m_capUtils,
m_dataTransferConfig.maxFilesBeforeFlush,
m_dataTransferConfig.maxBytesBeforeFlush,
m_dataTransferConfig.useLbp,
diff --git a/tapeserver/castor/tape/tapeserver/daemon/DataTransferSession.hpp b/tapeserver/castor/tape/tapeserver/daemon/DataTransferSession.hpp
index 1fb9ea13d7..4f4f3f3f8d 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/DataTransferSession.hpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/DataTransferSession.hpp
@@ -19,7 +19,6 @@
#include "common/log/LogContext.hpp"
#include "common/log/Logger.hpp"
-#include "common/processCap/ProcessCap.hpp"
#include "mediachanger/MediaChangerFacade.hpp"
#include "tapeserver/daemon/TapedProxy.hpp"
#include "DataTransferConfig.hpp"
@@ -52,7 +51,7 @@ public:
const cta::tape::daemon::DriveConfigEntry& driveConfig,
cta::mediachanger::MediaChangerFacade& mc,
cta::tape::daemon::TapedProxy& initialProcess,
- cta::server::ProcessCap& capUtils, const DataTransferConfig& dataTransferConfig,
+ const DataTransferConfig& dataTransferConfig,
cta::Scheduler& scheduler);
/**
@@ -77,13 +76,6 @@ public:
*/
EndOfSessionAction execute() override;
- /**
- * Sets the capabilities of the process and logs the result.
- *
- * @param capabilities The string representation of the capabilities.
- */
- void setProcessCapabilities(const std::string& capabilities);
-
/** Temporary method used for debugging while building the session class */
std::string getVid() const { return m_volInfo.vid; }
@@ -139,8 +131,6 @@ private:
cta::mediachanger::MediaChangerFacade& m_mediaChanger;
/** Reference to the tape server's parent process to report detailed status */
cta::tape::daemon::TapedProxy& m_initialProcess;
- /** Object providing utilities for working UNIX capabilities. */
- cta::server::ProcessCap& m_capUtils;
/** hostname, used to report status of the drive */
const std::string m_hostname;
/**
diff --git a/tapeserver/castor/tape/tapeserver/daemon/DataTransferSessionTest.cpp b/tapeserver/castor/tape/tapeserver/daemon/DataTransferSessionTest.cpp
index 4c62b80439..d8d713cc37 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/DataTransferSessionTest.cpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/DataTransferSessionTest.cpp
@@ -54,7 +54,6 @@
#include "common/dataStructures/RequesterMountRule.hpp"
#include "common/exception/Exception.hpp"
#include "common/log/StringLogger.hpp"
-#include "common/processCap/ProcessCapDummy.hpp"
#include "common/threading/Thread.hpp"
#include "common/utils/utils.hpp"
#include "mediachanger/MediaChangerFacade.hpp"
@@ -614,10 +613,9 @@ TEST_P(DataTransferSessionTest, DataTransferSessionGooddayRecall) {
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::RmcProxy rmcProxy;
cta::mediachanger::MediaChangerFacade mc(rmcProxy, dummyLog);
- cta::server::ProcessCap capUtils;
castor::messages::TapeserverProxyDummy initialProcess;
castor::tape::tapeserver::daemon::DataTransferSession sess("tapeHost", logger, mockSys,
- driveConfig, mc, initialProcess, capUtils, castorConf, scheduler);
+ driveConfig, mc, initialProcess, castorConf, scheduler);
// 8) Run the data transfer session
sess.execute();
@@ -802,10 +800,9 @@ TEST_P(DataTransferSessionTest, DataTransferSessionWrongChecksumRecall) {
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::RmcProxy rmcProxy;
cta::mediachanger::MediaChangerFacade mc(rmcProxy, dummyLog);
- cta::server::ProcessCap capUtils;
castor::messages::TapeserverProxyDummy initialProcess;
castor::tape::tapeserver::daemon::DataTransferSession sess("tapeHost", logger, mockSys,
- driveConfig, mc, initialProcess, capUtils, castorConf, scheduler);
+ driveConfig, mc, initialProcess, castorConf, scheduler);
// 8) Run the data transfer session
sess.execute();
@@ -1020,10 +1017,9 @@ TEST_P(DataTransferSessionTest, DataTransferSessionWrongRecall) {
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::RmcProxy rmcProxy;
cta::mediachanger::MediaChangerFacade mc(rmcProxy, dummyLog);
- cta::server::ProcessCap capUtils;
castor::messages::TapeserverProxyDummy initialProcess;
DataTransferSession sess("tapeHost", logger, mockSys,
- driveConfig, mc, initialProcess, capUtils, castorConf, scheduler);
+ driveConfig, mc, initialProcess, castorConf, scheduler);
// 8) Run the data transfer session
sess.execute();
@@ -1205,10 +1201,9 @@ TEST_P(DataTransferSessionTest, DataTransferSessionRAORecall) {
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::RmcProxy rmcProxy;
cta::mediachanger::MediaChangerFacade mc(rmcProxy, dummyLog);
- cta::server::ProcessCap capUtils;
castor::messages::TapeserverProxyDummy initialProcess;
castor::tape::tapeserver::daemon::DataTransferSession sess("tapeHost", logger, mockSys,
- driveConfig, mc, initialProcess, capUtils, castorConf, scheduler);
+ driveConfig, mc, initialProcess, castorConf, scheduler);
// 8) Run the data transfer session
sess.execute();
@@ -1394,10 +1389,9 @@ TEST_P(DataTransferSessionTest, DataTransferSessionRAORecallLinearAlgorithm) {
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::RmcProxy rmcProxy;
cta::mediachanger::MediaChangerFacade mc(rmcProxy, dummyLog);
- cta::server::ProcessCap capUtils;
castor::messages::TapeserverProxyDummy initialProcess;
castor::tape::tapeserver::daemon::DataTransferSession sess("tapeHost", logger, mockSys,
- driveConfig, mc, initialProcess, capUtils, castorConf, scheduler);
+ driveConfig, mc, initialProcess, castorConf, scheduler);
// 8) Run the data transfer session
sess.execute();
@@ -1584,10 +1578,9 @@ TEST_P(DataTransferSessionTest, DataTransferSessionRAORecallRAOAlgoDoesNotExistS
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::RmcProxy rmcProxy;
cta::mediachanger::MediaChangerFacade mc(rmcProxy, dummyLog);
- cta::server::ProcessCap capUtils;
castor::messages::TapeserverProxyDummy initialProcess;
castor::tape::tapeserver::daemon::DataTransferSession sess("tapeHost", logger, mockSys,
- driveConfig, mc, initialProcess, capUtils, castorConf, scheduler);
+ driveConfig, mc, initialProcess, castorConf, scheduler);
// 8) Run the data transfer session
sess.execute();
@@ -1777,10 +1770,9 @@ TEST_P(DataTransferSessionTest, DataTransferSessionRAORecallSLTFRAOAlgorithm) {
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::RmcProxy rmcProxy;
cta::mediachanger::MediaChangerFacade mc(rmcProxy, dummyLog);
- cta::server::ProcessCap capUtils;
castor::messages::TapeserverProxyDummy initialProcess;
castor::tape::tapeserver::daemon::DataTransferSession sess("tapeHost", logger, mockSys,
- driveConfig, mc, initialProcess, capUtils, castorConf, scheduler);
+ driveConfig, mc, initialProcess, castorConf, scheduler);
// 8) Run the data transfer session
sess.execute();
@@ -1958,9 +1950,8 @@ TEST_P(DataTransferSessionTest, DataTransferSessionNoSuchDrive) {
cta::mediachanger::RmcProxy rmcProxy;
cta::mediachanger::MediaChangerFacade mc(rmcProxy, dummyLog);
castor::messages::TapeserverProxyDummy initialProcess;
- cta::server::ProcessCapDummy capUtils;
DataTransferSession sess("tapeHost", logger, mockSys,
- driveConfig, mc, initialProcess, capUtils, castorConf, scheduler);
+ driveConfig, mc, initialProcess, castorConf, scheduler);
ASSERT_NO_THROW(sess.execute());
std::string temp = logger.getLog();
ASSERT_NE(std::string::npos, logger.getLog().find("Error looking for path to tape drive"));
@@ -2112,10 +2103,9 @@ TEST_P(DataTransferSessionTest, DataTransferSessionFailtoMount) {
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::RmcProxy rmcProxy;
cta::mediachanger::MediaChangerFacade mc(rmcProxy, dummyLog);
- cta::server::ProcessCap capUtils;
castor::messages::TapeserverProxyDummy initialProcess;
DataTransferSession sess("tapeHost", logger, mockSys,
- driveConfig, mc, initialProcess, capUtils, castorConf, scheduler);
+ driveConfig, mc, initialProcess, castorConf, scheduler);
ASSERT_NO_THROW(sess.execute());
std::string temp = logger.getLog();
ASSERT_NE(std::string::npos, logger.getLog().find("Failed to mount the tape"));
@@ -2253,9 +2243,8 @@ TEST_P(DataTransferSessionTest, DataTransferSessionGooddayMigration) {
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::RmcProxy rmcProxy;
cta::mediachanger::MediaChangerFacade mc(rmcProxy, dummyLog);
- cta::server::ProcessCap capUtils;
castor::messages::TapeserverProxyDummy initialProcess;
- DataTransferSession sess("tapeHost", logger, mockSys, driveConfig, mc, initialProcess, capUtils, castorConf, scheduler);
+ DataTransferSession sess("tapeHost", logger, mockSys, driveConfig, mc, initialProcess, castorConf, scheduler);
sess.execute();
std::string logToCheck = logger.getLog();
logToCheck += "";
@@ -2407,9 +2396,8 @@ TEST_P(DataTransferSessionTest, DataTransferSessionWrongFileSizeMigration) {
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::RmcProxy rmcProxy;
cta::mediachanger::MediaChangerFacade mc(rmcProxy, dummyLog);
- cta::server::ProcessCap capUtils;
castor::messages::TapeserverProxyDummy initialProcess;
- DataTransferSession sess("tapeHost", logger, mockSys, driveConfig, mc, initialProcess, capUtils, castorConf, scheduler);
+ DataTransferSession sess("tapeHost", logger, mockSys, driveConfig, mc, initialProcess, castorConf, scheduler);
sess.execute();
std::string logToCheck = logger.getLog();
logToCheck += "";
@@ -2572,9 +2560,8 @@ TEST_P(DataTransferSessionTest, DataTransferSessionWrongChecksumMigration) {
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::RmcProxy rmcProxy;
cta::mediachanger::MediaChangerFacade mc(rmcProxy, dummyLog);
- cta::server::ProcessCap capUtils;
castor::messages::TapeserverProxyDummy initialProcess;
- DataTransferSession sess("tapeHost", logger, mockSys, driveConfig, mc, initialProcess, capUtils, castorConf, scheduler);
+ DataTransferSession sess("tapeHost", logger, mockSys, driveConfig, mc, initialProcess, castorConf, scheduler);
sess.execute();
std::string logToCheck = logger.getLog();
logToCheck += "";
@@ -2728,9 +2715,8 @@ TEST_P(DataTransferSessionTest, DataTransferSessionWrongFilesizeInMiddleOfBatchM
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::RmcProxy rmcProxy;
cta::mediachanger::MediaChangerFacade mc(rmcProxy, dummyLog);
- cta::server::ProcessCap capUtils;
castor::messages::TapeserverProxyDummy initialProcess;
- DataTransferSession sess("tapeHost", logger, mockSys, driveConfig, mc, initialProcess, capUtils, castorConf, scheduler);
+ DataTransferSession sess("tapeHost", logger, mockSys, driveConfig, mc, initialProcess, castorConf, scheduler);
sess.execute();
std::string logToCheck = logger.getLog();
logToCheck += "";
@@ -2894,9 +2880,8 @@ TEST_P(DataTransferSessionTest, DataTransferSessionMissingFilesMigration) {
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::RmcProxy rmcProxy;
cta::mediachanger::MediaChangerFacade mc(rmcProxy, dummyLog);
- cta::server::ProcessCap capUtils;
castor::messages::TapeserverProxyDummy initialProcess;
- DataTransferSession sess("tapeHost", logger, mockSys, driveConfig, mc, initialProcess, capUtils, castorConf, scheduler);
+ DataTransferSession sess("tapeHost", logger, mockSys, driveConfig, mc, initialProcess, castorConf, scheduler);
sess.execute();
std::string temp = logger.getLog();
temp += "";
@@ -3058,9 +3043,8 @@ TEST_P(DataTransferSessionTest, DataTransferSessionTapeFullMigration) {
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::RmcProxy rmcProxy;
cta::mediachanger::MediaChangerFacade mc(rmcProxy, dummyLog);
- cta::server::ProcessCap capUtils;
castor::messages::TapeserverProxyDummy initialProcess;
- DataTransferSession sess("tapeHost", logger, mockSys, driveConfig, mc, initialProcess, capUtils, castorConf, scheduler);
+ DataTransferSession sess("tapeHost", logger, mockSys, driveConfig, mc, initialProcess, castorConf, scheduler);
sess.execute();
std::string temp = logger.getLog();
temp += "";
@@ -3231,9 +3215,8 @@ TEST_P(DataTransferSessionTest, DataTransferSessionTapeFullOnFlushMigration) {
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::RmcProxy rmcProxy;
cta::mediachanger::MediaChangerFacade mc(rmcProxy, dummyLog);
- cta::server::ProcessCap capUtils;
castor::messages::TapeserverProxyDummy initialProcess;
- DataTransferSession sess("tapeHost", logger, mockSys, driveConfig, mc, initialProcess, capUtils, castorConf, scheduler);
+ DataTransferSession sess("tapeHost", logger, mockSys, driveConfig, mc, initialProcess, castorConf, scheduler);
sess.execute();
std::string temp = logger.getLog();
temp += "";
@@ -3365,10 +3348,8 @@ TEST_P(DataTransferSessionTest, CleanerSessionFailsShouldPutTheDriveDown) {
cta::log::DummyLogger dummyLog("dummy", "dummy");
cta::mediachanger::RmcProxy rmcProxy;
cta::mediachanger::MediaChangerFacade mc(rmcProxy, dummyLog);
- cta::server::ProcessCapDummy capUtils;
castor::messages::TapeserverProxyDummy initialProcess;
CleanerSession cleanerSession(
- capUtils,
mc,
logger,
driveConfig,
diff --git a/tapeserver/castor/tape/tapeserver/daemon/RecallTaskInjectorTest.cpp b/tapeserver/castor/tape/tapeserver/daemon/RecallTaskInjectorTest.cpp
index 1e70ac42ef..6166c87cb7 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/RecallTaskInjectorTest.cpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/RecallTaskInjectorTest.cpp
@@ -27,7 +27,6 @@
#include "catalogue/dummy/DummyCatalogue.hpp"
#include "common/log/DummyLogger.hpp"
#include "common/log/StringLogger.hpp"
-#include "common/processCap/ProcessCapDummy.hpp"
#include "mediachanger/MediaChangerFacade.hpp"
#include "scheduler/SchedulerDatabase.hpp"
#include "scheduler/TapeMountDummy.hpp"
@@ -98,10 +97,9 @@ namespace unitTests
cta::mediachanger::MediaChangerFacade & mc,
tapeserver::daemon::TapeSessionReporter & tsr,
const tapeserver::daemon::VolumeInfo& volInfo,
- cta::server::ProcessCap& cap,
const uint32_t tapeLoadTimeout,
cta::log::LogContext & lc):
- TapeSingleThreadInterface<TapeReadTask>(drive, mc, tsr, volInfo,cap, lc, false, "", tapeLoadTimeout){}
+ TapeSingleThreadInterface<TapeReadTask>(drive, mc, tsr, volInfo, lc, false, "", tapeLoadTimeout){}
~FakeSingleTapeReadThread(){
const unsigned int size= m_tasks.size();
@@ -171,8 +169,7 @@ namespace unitTests
volume.mountType=cta::common::dataStructures::MountType::Retrieve;
castor::tape::tapeserver::daemon::TapeSessionReporter gsr(initialProcess, cta::tape::daemon::DriveConfigEntry(),
"0.0.0.0", lc);
- cta::server::ProcessCapDummy cap;
- FakeSingleTapeReadThread tapeRead(drive, mc, gsr, volume, cap, 60, lc);
+ FakeSingleTapeReadThread tapeRead(drive, mc, gsr, volume, 60, lc);
tapeserver::daemon::RecallTaskInjector rti(mm, tapeRead, diskWrite, trm, maxNbJobsInjectedAtOnce, blockSize, lc);
bool noFilesToRecall;
@@ -236,10 +233,9 @@ namespace unitTests
castor::tape::tapeserver::daemon::VolumeInfo volume;
volume.vid="V12345";
volume.mountType=cta::common::dataStructures::MountType::Retrieve;
- cta::server::ProcessCapDummy cap;
castor::tape::tapeserver::daemon::TapeSessionReporter tsr(initialProcess, cta::tape::daemon::DriveConfigEntry(),
"0.0.0.0", lc);
- FakeSingleTapeReadThread tapeRead(drive, mc, tsr, volume, cap, 60, lc);
+ FakeSingleTapeReadThread tapeRead(drive, mc, tsr, volume, 60, lc);
tapeserver::daemon::RecallTaskInjector rti(mm, tapeRead, diskWrite, trm, 6, blockSize, lc);
bool noFilesToRecall;
diff --git a/tapeserver/castor/tape/tapeserver/daemon/TapeReadSingleThread.cpp b/tapeserver/castor/tape/tapeserver/daemon/TapeReadSingleThread.cpp
index 3bba467446..8306ea347b 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/TapeReadSingleThread.cpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/TapeReadSingleThread.cpp
@@ -31,7 +31,6 @@ castor::tape::tapeserver::daemon::TapeReadSingleThread::TapeReadSingleThread(
TapeSessionReporter& reporter,
const VolumeInfo& volInfo,
uint64_t maxFilesRequest,
- cta::server::ProcessCap& capUtils,
RecallWatchDog& watchdog,
const cta::log::LogContext& logContext,
RecallReportPacker& reportPacker,
@@ -43,7 +42,7 @@ castor::tape::tapeserver::daemon::TapeReadSingleThread::TapeReadSingleThread(
const uint32_t tapeLoadTimeout,
cta::catalogue::Catalogue& catalogue) :
TapeSingleThreadInterface<TapeReadTask>(drive, mediaChanger, reporter, volInfo,
- capUtils, logContext, useEncryption, externalEncryptionKeyScript,
+ logContext, useEncryption, externalEncryptionKeyScript,
tapeLoadTimeout),
m_maxFilesRequest(maxFilesRequest),
m_watchdog(watchdog),
diff --git a/tapeserver/castor/tape/tapeserver/daemon/TapeReadSingleThread.hpp b/tapeserver/castor/tape/tapeserver/daemon/TapeReadSingleThread.hpp
index 76b8230015..509935dd50 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/TapeReadSingleThread.hpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/TapeReadSingleThread.hpp
@@ -52,7 +52,6 @@ public:
TapeSessionReporter& reporter,
const VolumeInfo& volInfo,
uint64_t maxFilesRequest,
- cta::server::ProcessCap& capUtils,
RecallWatchDog& watchdog,
const cta::log::LogContext& logContext,
RecallReportPacker& reportPacker,
diff --git a/tapeserver/castor/tape/tapeserver/daemon/TapeSingleThreadInterface.hpp b/tapeserver/castor/tape/tapeserver/daemon/TapeSingleThreadInterface.hpp
index f5e5a20834..71f8391f7c 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/TapeSingleThreadInterface.hpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/TapeSingleThreadInterface.hpp
@@ -25,7 +25,6 @@
#include "mediachanger/MediaChangerFacade.hpp"
#include "common/log/LogContext.hpp"
#include "common/threading/BlockingQueue.hpp"
-#include "common/processCap/ProcessCap.hpp"
#include "common/threading/Thread.hpp"
#include "Session.hpp"
#include "TapeSessionStats.hpp"
@@ -47,10 +46,6 @@ class TapeSessionReporter;
template<class Task>
class TapeSingleThreadInterface : private cta::threading::Thread {
private :
- /**
- * Utility to change the capabilities of the current tape thread
- */
- cta::server::ProcessCap& m_capUtils;
protected:
///the queue of tasks
cta::threading::BlockingQueue<Task *> m_tasks;
@@ -271,18 +266,16 @@ public:
* @param mc The media changer (=robot) that will (un)load/(un)mount the tape
* @param gsr
* @param volInfo All we need to know about the tape we are manipulating
- * @param capUtils
* @param lc lc The log context, later on copied
* @param tapeLoadTimeout the timeout after which the mount of the tape is considered failed
*/
TapeSingleThreadInterface(castor::tape::tapeserver::drive::DriveInterface& drive,
cta::mediachanger::MediaChangerFacade& mc, TapeSessionReporter& tsr,
const VolumeInfo& volInfo,
- cta::server::ProcessCap& capUtils, const cta::log::LogContext& lc,
+ const cta::log::LogContext& lc,
const bool useEncryption,
const std::string& externalEncryptionKeyScript, const uint32_t tapeLoadTimeout)
- : m_capUtils(capUtils),
- m_drive(drive), m_mediaChanger(mc), m_reporter(tsr), m_vid(volInfo.vid), m_logContext(lc),
+ : m_drive(drive), m_mediaChanger(mc), m_reporter(tsr), m_vid(volInfo.vid), m_logContext(lc),
m_volInfo(volInfo), m_hardwareStatus(Session::MARK_DRIVE_AS_UP),
m_encryptionControl(useEncryption, externalEncryptionKeyScript), m_tapeLoadTimeout(tapeLoadTimeout) {}
}; // class TapeSingleThreadInterface
diff --git a/tapeserver/castor/tape/tapeserver/daemon/TapeWriteSingleThread.cpp b/tapeserver/castor/tape/tapeserver/daemon/TapeWriteSingleThread.cpp
index 907126affd..aae45d10ed 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/TapeWriteSingleThread.cpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/TapeWriteSingleThread.cpp
@@ -30,7 +30,6 @@ castor::tape::tapeserver::daemon::TapeWriteSingleThread::TapeWriteSingleThread(
const VolumeInfo& volInfo,
const cta::log::LogContext& logContext,
MigrationReportPacker& reportPacker,
- cta::server::ProcessCap& capUtils,
uint64_t filesBeforeFlush, uint64_t bytesBeforeFlush,
const bool useLbp, const bool useEncryption,
const std::string& externalEncryptionKeyScript,
@@ -38,7 +37,7 @@ castor::tape::tapeserver::daemon::TapeWriteSingleThread::TapeWriteSingleThread(
const uint64_t tapeLoadTimeout,
cta::catalogue::Catalogue& catalogue) :
TapeSingleThreadInterface<TapeWriteTask>(drive, mediaChanger, reporter, volInfo,
- capUtils, logContext, useEncryption, externalEncryptionKeyScript, tapeLoadTimeout),
+ logContext, useEncryption, externalEncryptionKeyScript, tapeLoadTimeout),
m_filesBeforeFlush(filesBeforeFlush),
m_bytesBeforeFlush(bytesBeforeFlush),
m_drive(drive),
diff --git a/tapeserver/castor/tape/tapeserver/daemon/TapeWriteSingleThread.hpp b/tapeserver/castor/tape/tapeserver/daemon/TapeWriteSingleThread.hpp
index 91ce04a678..147952565e 100644
--- a/tapeserver/castor/tape/tapeserver/daemon/TapeWriteSingleThread.hpp
+++ b/tapeserver/castor/tape/tapeserver/daemon/TapeWriteSingleThread.hpp
@@ -57,7 +57,6 @@ public:
const VolumeInfo& volInfo,
const cta::log::LogContext& logContext,
MigrationReportPacker& reportPacker,
- cta::server::ProcessCap& capUtils,
uint64_t filesBeforeFlush,
uint64_t bytesBeforeFlush,
const bool useLbp,
diff --git a/tapeserver/castor/tape/tapeserver/file/OsmReaderTest.cpp b/tapeserver/castor/tape/tapeserver/file/OsmReaderTest.cpp
index 70d1e51a7b..a4f2321990 100644
--- a/tapeserver/castor/tape/tapeserver/file/OsmReaderTest.cpp
+++ b/tapeserver/castor/tape/tapeserver/file/OsmReaderTest.cpp
@@ -33,7 +33,6 @@
#include "catalogue/dummy/DummyTapeCatalogue.hpp"
#include "common/log/StdoutLogger.hpp"
#include "common/log/StringLogger.hpp"
-#include "common/processCap/ProcessCapDummy.hpp"
#include "scheduler/RetrieveJob.hpp"
namespace {
@@ -166,7 +165,6 @@ TEST_F(OsmReaderTest, CleanDrive) {
cta::log::DummyLogger dummylogger("dummy", "unitTest");
cta::log::StringLogger strlogger("string", "unitTest", cta::log::DEBUG);
cta::log::StdoutLogger stdoutlogger("stdout", "unitTest");
- cta::server::ProcessCapDummy capUtils;
cta::mediachanger::RmcProxy rmcProxy;
cta::mediachanger::MediaChangerFacade mc(rmcProxy, dummylogger);
cta::tape::daemon::DriveConfigEntry driveConfig(m_devName, "TestLogicalLibrary", m_nstDev, "dummy");
@@ -174,7 +172,6 @@ TEST_F(OsmReaderTest, CleanDrive) {
auto scheduler = std::make_unique<cta::Scheduler>(*m_catalogue, *m_db, 5, 2 * 1000 * 1000);
castor::tape::tapeserver::daemon::CleanerSession cleanerSession(
- capUtils,
mc,
strlogger,
driveConfig,
diff --git a/tapeserver/cta-taped.cpp b/tapeserver/cta-taped.cpp
index 5e34cac232..1c33505fa2 100644
--- a/tapeserver/cta-taped.cpp
+++ b/tapeserver/cta-taped.cpp
@@ -16,10 +16,12 @@
*/
#include "common/Configuration.hpp"
+#include "common/exception/Errnum.hpp"
#include "common/log/FileLogger.hpp"
#include "common/log/StdoutLogger.hpp"
#include "common/log/SyslogLogger.hpp"
#include "common/processCap/ProcessCap.hpp"
+#include "common/threading/System.hpp"
#include "tapeserver/daemon/CommandLineParams.hpp"
#include "tapeserver/daemon/common/TapedConfiguration.hpp"
#include "tapeserver/daemon/TapeDaemon.hpp"
@@ -51,7 +53,7 @@ static int exceptionThrowingMain(const cta::daemon::CommandLineParams & commandL
//------------------------------------------------------------------------------
// The help string
//------------------------------------------------------------------------------
-std::string gHelpString =
+const std::string gHelpString =
"Usage: cta-taped [options]\n"
"\n"
"where options can be:\n"
@@ -99,15 +101,11 @@ static int exceptionThrowingMain(const cta::daemon::CommandLineParams& commandLi
log(log::INFO, "Set log mask", params);
}
- // Create the object providing utilities for working with UNIX capabilities
- cta::server::ProcessCap capUtils;
-
// Create the main tapeserverd object
cta::tape::daemon::TapeDaemon daemon(
commandLine,
log,
- globalConfig,
- capUtils);
+ globalConfig);
// Run the tapeserverd daemon
return daemon.main();
@@ -137,10 +135,9 @@ int main(const int argc, char **const argv) {
std::unique_ptr<cta::daemon::CommandLineParams> commandLine;
try {
commandLine.reset(new cta::daemon::CommandLineParams(argc, argv));
- } catch (exception::Exception &ex) {
- std::cerr <<
- "Failed to interpret the command line parameters: " <<
- ex.getMessage().str() << std::endl;
+ } catch (const exception::Exception &ex) {
+ std::cerr << "Failed to interpret the command line parameters: "
+ << ex.getMessage().str() << std::endl;
return EXIT_FAILURE;
}
@@ -149,10 +146,67 @@ int main(const int argc, char **const argv) {
return EXIT_SUCCESS;
}
- // Try to instantiate the logging system API
+ std::string shortHostName;
+ try {
+ shortHostName = utils::getShortHostname();
+ } catch (const exception::Errnum &ex) {
+ std::cerr << "Failed to get short host name." << ex.getMessage().str();
+ return EXIT_FAILURE;
+ }
+
+ // Use a temporary stdoutlogger to parse the config file before
+ // instantianting the logger system API.
std::unique_ptr<log::Logger> logPtr;
+ logPtr.reset(new log::StdoutLogger(shortHostName, "cta-taped"));
+
+ // Initial parse of config file
+ tape::daemon::common::TapedConfiguration globalConfig;
+ try {
+ globalConfig =
+ tape::daemon::common::TapedConfiguration::createFromCtaConf(commandLine->configFileLocation, *logPtr);
+ } catch (const exception::Exception &ex) {
+ std::list<cta::log::Param> params = {
+ cta::log::Param("exceptionMessage", ex.getMessage().str())};
+ (*logPtr)(log::ERR, "Caught an unexpected CTA exception, cta-taped cannot start", params);
+ return EXIT_FAILURE;
+ }
+
+ // Change process capabilities.
+ // process must be able to change user and group now.
+ // rawio cap must be permitted now to be able to perform raw IO once we are no longer root.
+ try {
+ cta::server::ProcessCap::setProcText("cap_setgid,cap_setuid+ep cap_sys_rawio+p");
+ (*logPtr)(log::INFO, "Set process capabilities",
+ {{"capabilites", cta::server::ProcessCap::getProcText()}});
+ } catch (const cta::exception::Exception &ex) {
+ std::list<cta::log::Param> params = {
+ cta::log::Param("exceptionMessage", ex.getMessage().str())};
+ (*logPtr)(log::ERR, "Caught an unexpected CTA exception, cta-taped cannot start", params);
+ return EXIT_FAILURE;
+ }
+
+ // Change user and group
+ const std::string userName = globalConfig.daemonUserName.value();
+ const std::string groupName = globalConfig.daemonGroupName.value();
+
+ try {
+ (*logPtr)(log::INFO, "Setting user name and group name of current process",
+ {{"userName", userName}, {"groupName", groupName}});
+ cta::System::setUserAndGroup(userName, groupName);
+ // There is no longer any need for the process to be able to change user,
+ // however the process should still be permitted to make the raw IO
+ // capability effective in the future when needed.
+ cta::server::ProcessCap::setProcText("cap_sys_rawio+p");
+
+ } catch (exception::Exception& ex) {
+ std::list<log::Param> params = {
+ log::Param("exceptionMessage", ex.getMessage().str())};
+ (*logPtr)(log::ERR, "Caught an unexpected CTA, cta-taped cannot start", params);
+ return EXIT_FAILURE;
+ }
+
+ // Try to instantiate the logging system API
try {
- const std::string shortHostName = utils::getShortHostname();
if(commandLine->logToStdout) {
logPtr.reset(new log::StdoutLogger(shortHostName, "cta-taped"));
} else if(commandLine->logToFile) {
@@ -167,6 +221,7 @@ int main(const int argc, char **const argv) {
std::cerr << "Failed to instantiate object representing CTA logging system: " << ex.getMessage().str() << std::endl;
return EXIT_FAILURE;
}
+
cta::log::Logger& log = *logPtr;
int programRc = EXIT_FAILURE; // Default return code when receiving an exception.
diff --git a/tapeserver/daemon/DriveHandler.cpp b/tapeserver/daemon/DriveHandler.cpp
index bbb8c26c00..44ee5ceaeb 100644
--- a/tapeserver/daemon/DriveHandler.cpp
+++ b/tapeserver/daemon/DriveHandler.cpp
@@ -879,8 +879,6 @@ void DriveHandler::puttingDriveDown(IScheduler* scheduler, cta::tape::daemon::Ta
castor::tape::tapeserver::daemon::Session::EndOfSessionAction DriveHandler::executeCleanerSession(
cta::IScheduler* scheduler) const {
- // Capabilities management.
- cta::server::ProcessCap capUtils;
// Mounting management.
cta::mediachanger::RmcProxy rmcProxy(
m_tapedConfig.rmcPort.value(),
@@ -889,7 +887,6 @@ castor::tape::tapeserver::daemon::Session::EndOfSessionAction DriveHandler::exec
cta::mediachanger::MediaChangerFacade mediaChangerFacade(rmcProxy, m_lc.logger());
castor::tape::System::realWrapper sWrapper;
const auto cleanerSession = std::make_unique<castor::tape::tapeserver::daemon::CleanerSession>(
- capUtils,
mediaChangerFacade,
m_lc.logger(),
m_driveConfig,
@@ -980,8 +977,6 @@ castor::tape::tapeserver::daemon::Session::EndOfSessionAction DriveHandler::exec
dataTransferConfig.wdGetNextMountMaxSecs = m_tapedConfig.wdGetNextMountMaxSecs.value();
dataTransferConfig.wdNoBlockMoveMaxSecs = m_tapedConfig.wdNoBlockMoveMaxSecs.value();
- // Capabilities management.
- cta::server::ProcessCap capUtils;
// Mounting management.
cta::mediachanger::RmcProxy rmcProxy(
m_tapedConfig.rmcPort.value(),
@@ -997,7 +992,6 @@ castor::tape::tapeserver::daemon::Session::EndOfSessionAction DriveHandler::exec
m_driveConfig,
mediaChangerFacade,
*driveHandlerProxy,
- capUtils,
dataTransferConfig,
*(dynamic_cast<cta::Scheduler*>(scheduler))
);
diff --git a/tapeserver/daemon/DriveHandler.hpp b/tapeserver/daemon/DriveHandler.hpp
index 025ffb116b..0584bf5a27 100644
--- a/tapeserver/daemon/DriveHandler.hpp
+++ b/tapeserver/daemon/DriveHandler.hpp
@@ -47,10 +47,6 @@ namespace mediachanger {
class MediaChangerFacade;
}
-namespace server {
-class ProcessCap;
-}
-
namespace tape::daemon {
class DriveHandlerProxy;
diff --git a/tapeserver/daemon/TapeDaemon.cpp b/tapeserver/daemon/TapeDaemon.cpp
index 3f4e4a1094..f479a503b9 100644
--- a/tapeserver/daemon/TapeDaemon.cpp
+++ b/tapeserver/daemon/TapeDaemon.cpp
@@ -22,6 +22,7 @@
#include "catalogue/Catalogue.hpp"
#include "common/exception/Errnum.hpp"
#include "common/exception/NoSuchObject.hpp"
+#include "common/processCap/ProcessCap.hpp"
#include "common/utils/utils.hpp"
#include "tapeserver/daemon/CommandLineParams.hpp"
#include "tapeserver/daemon/DriveHandler.hpp"
@@ -35,10 +36,9 @@ namespace cta::tape::daemon {
TapeDaemon::TapeDaemon(const cta::daemon::CommandLineParams & commandLine,
log::Logger& log,
- const common::TapedConfiguration& globalConfig,
- cta::server::ProcessCap& capUtils):
+ const common::TapedConfiguration& globalConfig):
cta::server::Daemon(log),
- m_globalConfiguration(globalConfig), m_capUtils(capUtils),
+ m_globalConfiguration(globalConfig),
m_hostName(getHostName()) {
setCommandLineHasBeenParsed(commandLine.foreground);
}
@@ -80,20 +80,9 @@ std::string cta::tape::daemon::TapeDaemon::getHostName() const {
// exceptionThrowingMain
//------------------------------------------------------------------------------
void cta::tape::daemon::TapeDaemon::exceptionThrowingMain() {
- // Process must be able to change user now and should be permitted to perform
- // raw IO in the future
- setProcessCapabilities("cap_setgid,cap_setuid+ep cap_sys_rawio+p");
-
- const std::string userName = m_globalConfiguration.daemonUserName.value();
- const std::string groupName = m_globalConfiguration.daemonGroupName.value();
- daemonizeIfNotRunInForegroundAndSetUserAndGroup(userName, groupName);
+ daemonizeIfNotRunInForeground();
setDumpable();
- // There is no longer any need for the process to be able to change user,
- // however the process should still be permitted to perform raw IO in the
- // future
- setProcessCapabilities("cap_sys_rawio+p");
-
// Set the name of the (unique) thread for easy process identification.
prctl(PR_SET_NAME, "cta-tpd-master");
mainEventLoop();
@@ -152,23 +141,6 @@ void cta::tape::daemon::TapeDaemon::setDumpable() {
}
}
-//------------------------------------------------------------------------------
-// setProcessCapabilities
-//------------------------------------------------------------------------------
-void cta::tape::daemon::TapeDaemon::setProcessCapabilities(
- const std::string &text) {
- try {
- m_capUtils.setProcText(text);
- m_log(log::INFO, "Set process capabilities",
- {{"capabilities", m_capUtils.getProcText()}});
- } catch(cta::exception::Exception &ne) {
- cta::exception::Exception ex;
- ex.getMessage() << "Failed to set process capabilities to '" << text <<
- "': " << ne.getMessage().str();
- throw ex;
- }
-}
-
bool cta::tape::daemon::TapeDaemon::isMaintenanceProcessDisabled() const{
return m_globalConfiguration.useMaintenanceProcess.value() == "no";
}
diff --git a/tapeserver/daemon/TapeDaemon.hpp b/tapeserver/daemon/TapeDaemon.hpp
index 37becf5056..55b8c76d1e 100644
--- a/tapeserver/daemon/TapeDaemon.hpp
+++ b/tapeserver/daemon/TapeDaemon.hpp
@@ -20,7 +20,6 @@
#include "common/threading/Daemon.hpp"
#include "tapeserver/daemon/CommandLineParams.hpp"
#include "tapeserver/daemon/common/TapedConfiguration.hpp"
-#include "common/processCap/ProcessCap.hpp"
#include <signal.h>
@@ -36,13 +35,11 @@ public:
/** Constructor.
* @param commandLine The parameters extracted from the command line.
* @param log The object representing the API of the CTA logging system.
- * @param globalConfig The configuration of the tape server.
- * @param capUtils Object providing utilities for working UNIX capabilities. */
+ * @param globalConfig The configuration of the tape server. */
TapeDaemon(
const cta::daemon::CommandLineParams & commandLine,
cta::log::Logger &log,
- const common::TapedConfiguration &globalConfig,
- cta::server::ProcessCap &capUtils);
+ const common::TapedConfiguration &globalConfig);
virtual ~TapeDaemon();
@@ -80,12 +77,6 @@ protected:
/** Sets the dumpable attribute of the current process to true. */
void setDumpable();
- /** Sets the capabilities of the current process.
- *
- * @text The string representation the capabilities that the current
- * process should have. */
- void setProcessCapabilities(const std::string &text);
-
/** Socket pair used to send commands to the DriveProcess. */
struct DriveSocketPair {
/** Bi-directional socket used by the TapeDaemon parent process to send
@@ -229,11 +220,6 @@ protected:
/** The tape server's configuration */
const common::TapedConfiguration& m_globalConfiguration;
- /**
- * Object providing utilities for working UNIX capabilities.
- */
- cta::server::ProcessCap &m_capUtils;
-
/**
* The name of the host on which the daemon is running. This name is
* needed to fill in messages to be sent to the vdqmd daemon.
diff --git a/tapeserver/readtp/ReadtpCmd.cpp b/tapeserver/readtp/ReadtpCmd.cpp
index dcedd9f96f..2ab13c6eb1 100644
--- a/tapeserver/readtp/ReadtpCmd.cpp
+++ b/tapeserver/readtp/ReadtpCmd.cpp
@@ -186,16 +186,6 @@ std::list<std::string> ReadtpCmd::readListFromFile(const std::string &filename)
}
-//------------------------------------------------------------------------------
-// setProcessCapabilities
-//------------------------------------------------------------------------------
-void ReadtpCmd::setProcessCapabilities(const std::string &capabilities) {
- m_capUtils.setProcText(capabilities);
- std::list<cta::log::Param> params;
- params.push_back(cta::log::Param("capabilities", capabilities));
- m_log(cta::log::DEBUG, "Set process capabilities", params);
-}
-
//------------------------------------------------------------------------------
// createDrive
//------------------------------------------------------------------------------
diff --git a/tapeserver/readtp/ReadtpCmd.hpp b/tapeserver/readtp/ReadtpCmd.hpp
index 97663d3da0..b90165e56d 100644
--- a/tapeserver/readtp/ReadtpCmd.hpp
+++ b/tapeserver/readtp/ReadtpCmd.hpp
@@ -23,7 +23,6 @@
#include "common/log/DummyLogger.hpp"
#include "common/log/LogContext.hpp"
#include "common/log/StdoutLogger.hpp"
-#include "common/processCap/ProcessCap.hpp"
#include "disk/DiskFile.hpp"
#include "mediachanger/MediaChangerFacade.hpp"
#include "tapeserver/castor/tape/tapeserver/daemon/EncryptionControl.hpp"
@@ -134,13 +133,6 @@ private:
*/
std::string getNextDestinationUrl();
- /**
- * Sets the capabilities of the process and logs the result.
- *
- * @param capabilities The string representation of the capabilities.
- */
- void setProcessCapabilities(const std::string &capabilities);
-
/**
* Returns a Drive object representing the tape drive to be used to read
* the tape.
@@ -249,11 +241,6 @@ private:
*/
std::unique_ptr<cta::catalogue::Catalogue> m_catalogue;
- /**
- * Object providing utilities for working UNIX capabilities.
- */
- cta::server::ProcessCap m_capUtils;
-
/**
* The system wrapper used to find the device and instantiate the drive object.
*/
diff --git a/tapeserver/tapelabel/TapeLabelCmd.cpp b/tapeserver/tapelabel/TapeLabelCmd.cpp
index d4827e3659..8010be3ad4 100644
--- a/tapeserver/tapelabel/TapeLabelCmd.cpp
+++ b/tapeserver/tapelabel/TapeLabelCmd.cpp
@@ -19,6 +19,7 @@
#include "catalogue/CatalogueFactory.hpp"
#include "catalogue/CatalogueFactoryFactory.hpp"
#include "common/Constants.hpp"
+#include "common/processCap/ProcessCap.hpp"
#include "mediachanger/LibrarySlotParser.hpp"
#include "rdbms/Login.hpp"
#include "tapeserver/castor/tape/tapeserver/file/Exceptions.hpp"
@@ -383,7 +384,7 @@ void TapeLabelCmd::rewindDrive(castor::tape::tapeserver::drive::DriveInterface &
// setProcessCapabilities
//------------------------------------------------------------------------------
void TapeLabelCmd::setProcessCapabilities(const std::string &capabilities) {
- m_capUtils.setProcText(capabilities);
+ cta::server::ProcessCap::setProcText(capabilities);
std::list<cta::log::Param> params;
params.push_back(cta::log::Param("capabilities", capabilities));
m_log(cta::log::INFO, "Label session set process capabilities", params);
diff --git a/tapeserver/tapelabel/TapeLabelCmd.hpp b/tapeserver/tapelabel/TapeLabelCmd.hpp
index 6e84bd9532..cc11e64ba1 100644
--- a/tapeserver/tapelabel/TapeLabelCmd.hpp
+++ b/tapeserver/tapelabel/TapeLabelCmd.hpp
@@ -22,7 +22,6 @@
#include "common/CmdLineTool.hpp"
#include "common/log/LogContext.hpp"
#include "common/log/StdoutLogger.hpp"
-#include "common/processCap/ProcessCap.hpp"
#include "mediachanger/MediaChangerFacade.hpp"
#include "tapeserver/castor/tape/tapeserver/daemon/EncryptionControl.hpp"
#include "tapeserver/castor/tape/tapeserver/drive/DriveGeneric.hpp"
@@ -73,11 +72,6 @@ private:
*/
std::unique_ptr<cta::catalogue::Catalogue> m_catalogue;
- /**
- * Object providing utilities for working UNIX capabilities.
- */
- cta::server::ProcessCap m_capUtils;
-
/**
* The system wrapper used to find the device and instantiate the drive object.
*/
--
GitLab