Commit graph

175 commits

Author SHA1 Message Date
Tor Lillqvist
c69fc09a1b Use just one RNG for the MasterProcessSession objects
It probably is not a good idea to keep depleting the entropy source needlessly
by having a separate RNG in the preSpawn(). Use just one shared RNG and
protect access to it with a mutex.
2015-05-07 20:24:06 +03:00
Tor Lillqvist
de52608a35 Drop setuid-root on Linux too, if we for some reason have it 2015-05-07 18:31:59 +03:00
Tor Lillqvist
caea0f9986 Try to make the server more stable when heavily loaded by connections
Use an explicit backlog parameter to the ServerSocket, and an explicit max number
of threads to use for the HTTPServer's thread pool.
2015-05-07 18:26:03 +03:00
Tor Lillqvist
0ca7f3129b Add code to wait for a child session to become available
Not sure it is completely correct. Lots of testing needed.
2015-05-07 16:29:36 +03:00
Tor Lillqvist
5aec1fc2f8 Register for callbacks from the LibreOfficeKit object, too
They are used for statgus indicator callbacks while loading a document. (This
is a fresh feature in LO master.)
2015-05-06 17:58:00 +03:00
Tor Lillqvist
cb65bbbc36 Include <string> for completeness
Sure, it seems to get included indirectly already, but we can't be sure that
holds for all compilers.
2015-05-06 17:58:00 +03:00
Tor Lillqvist
9bce431eea We have setcap only on Linux
Use setuid root otherwise. (But note that the portablity to other
Unixes is a work in progress, and for instance it is known that this
doesn't work on OS X yet.)
2015-05-04 21:00:02 +03:00
Tor Lillqvist
295e8305f9 Use the Linux capability API only on Linux 2015-05-04 21:00:02 +03:00
Tor Lillqvist
580c99d76c Add SIGPIPE which was missing by mistake, and make it compile on OS X 2015-05-04 20:54:46 +03:00
Tor Lillqvist
8a3dfa4936 The ld -rpath switch means a different thing on OS X 2015-05-04 20:52:05 +03:00
Tor Lillqvist
4ecc431159 Look for setcap and libcap only on Linux 2015-05-04 20:17:41 +03:00
Tor Lillqvist
af1821bb3b Temporarily bypass modification time things for actual URLs
The code works only for pathnames currently. Need to fix soon.
2015-04-30 21:12:33 +03:00
Tor Lillqvist
dce8e0870e Just _Exit() in childMain
Otherwise various LO global objects will try to run dtors and whatnot, often
crashing.
2015-04-30 21:06:52 +03:00
Tor Lillqvist
600b5bc4d8 Log also when copying of the document is done 2015-04-30 21:05:16 +03:00
Tor Lillqvist
af400fcef4 This is cleaner 2015-04-30 18:44:27 +03:00
Tor Lillqvist
f7375bb5ba Try to be a little more robust 2015-04-30 18:03:00 +03:00
Tor Lillqvist
59055b975e Use Poco::StreamCopier, just because it looks nicer
A test program did not show any performance difference between using the
std::copy() thing, Poco::StreamCopier, or std output << input.rdbuf() trick.
2015-04-30 18:01:21 +03:00
Tor Lillqvist
8b43cd25b0 Handle file: and http: URLs 2015-04-30 15:58:13 +03:00
Tor Lillqvist
847ce0442e Add the part parameter to the example tile message here, too 2015-04-30 15:19:29 +03:00
Tor Lillqvist
e48ba86eb9 Mention using actual URLs 2015-04-30 13:50:10 +03:00
Tor Lillqvist
3ea260f972 Portability improvements
Allow the directory parameters to be relative paths; turn them into absolute
ones for later use in the script as we change directories back and forth.

Use cpio instead of cp --parent for each file separately. (The latter has the
problem that parent directories are created using the protection the
corresponding source directory has, and tht might not permit you to copy other
files later into the same directory.)

Also copy usr/share/liblangtag, for the (common) case when LibreOffice is
built to use a system liblangtag.

Don't bother with the special handling of /usr/share/fonts/ghostscript unless
it exists and is a symlink.

With these changes, it worked for CentOS 7, too.
2015-04-29 15:06:18 +03:00
Tor Lillqvist
19276ed5d8 Actually drop the chroot capability also in the child process
I forgot to do it in childMain() in 28c9561722.
2015-04-28 11:24:00 +03:00
Tor Lillqvist
25575961ed We need to check for cache dir access only in the master process 2015-04-28 11:17:26 +03:00
Tor Lillqvist
4d6dfebf8e Expand on debugging details 2015-04-28 11:14:46 +03:00
Tor Lillqvist
2110aef06a No need for this member to be public 2015-04-28 11:02:29 +03:00
Tor Lillqvist
6df6a5d58b Spawn just one child in the --test case 2015-04-28 11:01:18 +03:00
Tor Lillqvist
88cb21867b Spawn children only after starting to listen on the server port
Otherwise some children, especially when there are more than just a few of
them to spawn, might try to contact the server before it is listening.
2015-04-28 10:57:05 +03:00
Tor Lillqvist
9251fefe94 Clarify remaining need for part parameter in messages 2015-04-27 21:58:54 +03:00
Tor Lillqvist
28c9561722 Get rid of the CHROOT capability after using it, or when not needing it 2015-04-27 21:55:36 +03:00
Tor Lillqvist
1b06290d2b Add a part parameter to the tile messages
The JS code always passes in 0 for now. The server parses the parameter and
calls LibreOfficeKitDocument::setPart() before calling paintTile().

Probably also the status, key, mouse and selection messages will need a part
number. The intent is after all that the protocol is as stateless as
possible. (So maybe we should also pass the document URL in each message?)
2015-04-27 21:30:26 +03:00
Tor Lillqvist
389815ac63 Introduce LOLProtocol::getTokenKeyword() and use it
The new function takes a map from keywords to integer values, and accepts
parameters in the form of either name=keyword, or for backward compatibility,
name='keyword'. Use it to parse the type parameter of the key, mouse,
selecttext and selectgraphic messages. This restricts the accepted keywords to
those actually valid for each message.
2015-04-27 21:12:20 +03:00
Tor Lillqvist
5267753b82 Add mention that MasterProcessSession::dispatchChild() should wait 2015-04-27 18:03:52 +03:00
Tor Lillqvist
b2f34b0c3d Maybe /usr/share/fonts/ghostscript is also good to have 2015-04-27 16:01:11 +03:00
Tor Lillqvist
0019dc4943 Preserve timestamp of directories created in the jail
Needed for /usr/share/fonts so that fontconfig trusts its cache, but no harm
doing it for all directories. (Except a slight slowdown, need to see it if
has any significant impact if we would do the utime() only for directories
under /usr/share/fonts.)

Thus we need to pass the FTW_DEPTH flag to nftw() and handle FTP_DP instead of
FTP_D. We also need to make sure the directory is created also in the case of
an empty directory, for which no FTW_F callback of files inside it has been
received.

It is safest to not exit the nftw() in the FTW_SLN case.
2015-04-27 15:57:18 +03:00
Tor Lillqvist
074a54dd6c Make sure the fontconfig cache works for the sys-template
Need to copy /var/cache/fontconfig, too. For it to be valid, the directory
timestamps in /usr/share/fonts must be preserved.
2015-04-27 15:49:25 +03:00
Tor Lillqvist
be2bb356c3 Add seconds.milliseconds to the log prefix 2015-04-27 14:16:37 +03:00
Michael Meeks
6b17e8b022 Update README, and install ld.so.* into the jail. 2015-04-27 10:00:31 +01:00
Michael Meeks
1317941b5a Use shell variables to make it more cut/paste-able. 2015-04-27 09:44:59 +01:00
Tor Lillqvist
68d15726c4 Rephrase statement more logically 2015-04-27 11:27:29 +03:00
Tor Lillqvist
bced6a0771 Clarification 2015-04-27 11:26:00 +03:00
Miklos Vajna
0615ce950f LOOLSession: log error if nftw() fails
Should help finding out the problem if --lotemplate is given a
non-existing directory by mistake.
2015-04-25 01:40:16 +02:00
Tor Lillqvist
7d25ffada6 Remove part that is not relevant any longer
I don't see the busy looping any more, and child porcesses are indeed now
pre-spawned as needed (not just "re-started").
2015-04-24 18:56:24 +03:00
Tor Lillqvist
d6005eb524 Mention we need a part number parameter in many places 2015-04-24 18:54:50 +03:00
Miklos Vajna
4a7265ae76 Makefile: fix autoreconf warning
Makefile.am:18: warning: deprecated feature: target 'SETCAP' overrides 'SETCAP$(EXEEXT)'
Makefile.am:18: change your target to read 'SETCAP$(EXEEXT)'
/usr/share/automake-1.13/am/program.am: target 'SETCAP$(EXEEXT)' was defined here
Makefile.am:1:   while processing program 'SETCAP'
2015-04-24 17:27:21 +02:00
Tor Lillqvist
e9f3e815fe Don't try to run the 'display' program if there is no $DISPLAY 2015-04-24 18:18:56 +03:00
Tor Lillqvist
3ff60eaea1 Mention that the tile cache directory needs to be created 2015-04-24 17:46:01 +03:00
Tor Lillqvist
3ee29053aa Add a section about coding style 2015-04-24 14:34:43 +03:00
Tor Lillqvist
4eaffc74f0 Log the exit status of a child process, or the signal that killed it 2015-04-24 13:14:57 +03:00
Tor Lillqvist
00da867e97 Cosmetics 2015-04-24 12:49:47 +03:00
Tor Lillqvist
4782d05852 Add Util::signalName() 2015-04-24 12:49:19 +03:00