/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

Hooks take new "modules" argument, and hook names can contain periods.

* debian/mandos-client.README.Debian: Adjust wording.
* debian/rules (binary-common): Exclude nework-hooks.d directory from
                                dh_fixperms.
* initramfs-tools-hook: Also create network hook directory.  Allow
                        periods in hook names.  Only run executable
                        files in hook directory.  Copy needed modules.
* network-hooks.d/bridge: Fix "/usr/bin/brctl" to "/usr/sbin/brctl".
                          Also take "modules" argument.
* plugins.d/mandos-client.xml (NETWORK HOOKS/REQUIREMENTS): Document
                                                            the
                                                            allowing
                                                            of periods
                                                            in hook
                                                            names.
  (NETWORK HOOKS/REQUIREMENTS/files): Adjust wording.
  (NETWORK HOOKS/REQUIREMENTS/modules): New.
  (NETWORK HOOKS/REQUIREMENTS/MANDOSNETHOOKDIR): Clarify.
  (NETWORK HOOKS/REQUIREMENTS/MODE): Add "modules".

Show diffs side-by-side

added added

removed removed

Lines of Context:
plugins.d/mandos-client.xml
468
468
      <para>
469
469
        A network hook must be an executable file, and its name must
470
470
        consist entirely of upper and lower case letters, digits,
471
 
        underscores, and hyphens.
 
471
        underscores, periods, and hyphens.
472
472
      </para>
473
473
      <para>
474
474
        A network hook will receive one argument, which can be one of
497
497
          <term><literal>files</literal></term>
498
498
          <listitem>
499
499
            <para>
500
 
              This should make the network hook print, <emphasis>on
501
 
              separate lines</emphasis>, all the files needed for it
502
 
              to run.  (These files will be copied into the initial
503
 
              RAM filesystem.)  Intended use is for a network hook
504
 
              which is a shell script to print its needed binaries.
 
500
              This should make the network hook print, <emphasis>one
 
501
              file per line</emphasis>, all the files needed for it to
 
502
              run.  (These files will be copied into the initial RAM
 
503
              filesystem.)  Typical use is for a network hook which is
 
504
              a shell script to print its needed binaries.
505
505
            </para>
506
506
            <para>
507
507
              It is not necessary to print any non-executable files
511
511
            </para>
512
512
          </listitem>
513
513
        </varlistentry>
 
514
        <varlistentry>
 
515
          <term><literal>modules</literal></term>
 
516
          <listitem>
 
517
            <para>
 
518
              This should make the network hook print, <emphasis>on
 
519
              separate lines</emphasis>, all the kernel modules needed
 
520
              for it to run.  (These modules will be copied into the
 
521
              initial RAM filesystem.)  For instance, a tunnel
 
522
              interface needs the
 
523
              <quote><literal>tun</literal></quote> module.
 
524
            </para>
 
525
          </listitem>
 
526
        </varlistentry>
514
527
      </variablelist>
515
528
      <para>
516
529
        The network hook will be provided with a number of environment
525
538
              <command>&COMMANDNAME;</command> by the
526
539
              <option>--network-hook-dir</option> option.  Note: this
527
540
              should <emphasis>always</emphasis> be used by the
528
 
              network hook to refer to itself or any files it may
529
 
              require.
 
541
              network hook to refer to itself or any files in the hook
 
542
              directory it may require.
530
543
            </para>
531
544
          </listitem>
532
545
        </varlistentry>
548
561
            <para>
549
562
              This will be the same as the first argument;
550
563
              i.e. <quote><literal>start</literal></quote>,
551
 
              <quote><literal>stop</literal></quote>, or
552
 
              <quote><literal>files</literal></quote>.
 
564
              <quote><literal>stop</literal></quote>,
 
565
              <quote><literal>files</literal></quote>, or
 
566
              <quote><literal>modules</literal></quote>.
553
567
            </para>
554
568
          </listitem>
555
569
        </varlistentry>