Commit graph

14 commits

Author SHA1 Message Date
Andras Timar
322eaf5814 systemplate files are not writable by lool user
See also f1be65668c
systemplate files should not be writable by lool user

Change-Id: I5684248d3d4b4b0ba56f8c5ab490a6e7df0e0038
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/98069
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Tested-by: Jenkins
Reviewed-by: Andras Timar <andras.timar@collabora.com>
2020-07-05 13:28:28 +02:00
Ashod Nakashian
5c9988f2e3 wsd: faster jail setup via bind-mount
loolmount now works and supports mounting and
unmounting, plus numerous improvements,
refactoring, logging, etc..  When enabled,
binding improves the jail setup time by anywhere
from 2x to orders of magnitude (in docker, f.e.).

A new config entry mount_jail_tree controls
whether mounting is used or the old method of
linking/copying of jail contents. It is set to
true by default and falls back to linking/copying.
A test mount is done when the setting is enabled,
and if mounting fails, it's disabled to avoid noise.

Temporarily disabled for unit-tests until we can
cleanup lingering mounts after Jenkins aborts our
build job. In a future patch we will have mount/jail
cleanup as part of make.

The network/system files in /etc that need frequent
refreshing are now updated in systemplate to make
their most recent version available in the jails.
These files can change during the course of loolwsd
lifetime, and are unlikely to be updated in
systemplate after installation at all. We link to
them in the systemplate/etc directory, and if that
fails, we copy them before forking each kit
instance to have the latest.

This reworks the approach used to bind-mount the
jails and the templates such that the total is
now down to only three mounts: systemplate, lo, tmp.

As now systemplate and lotemplate are shared, they
must be mounted as readonly, this means that user/
must now be moved into tmp/user/ which is writable.

The mount-points must be recursive, because we mount
lo/ within the mount-point of systemplate (which is
the root of the jail). But because we (re)bind
recursively, and because both systemplate and
lotemplate are mounted for each jails, we need to
make them unbindable, so they wouldn't multiply the
mount-points for each jails (an explosive growth!)
Contrarywise, we don't want the mount-points to
be shared, because we don't expect to add/remove
mounts after a jail is created.

The random temp directory is now created and set
correctly, plus many logging and other improvements.

Change-Id: Iae3fda5e876cf47d2cae6669a87b5b826a8748df
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/92829
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
2020-07-01 05:42:43 +02:00
Andras Timar
25bc0a1088 Proof: add loolwsd-generate-proof-key helper script
Change-Id: Ibbd99b6431b1a2992c520d3fad5f52d0770905f6
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/92788
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
2020-04-23 19:36:06 +02:00
Andras Timar
8d5d9e427f APP_NAME tweaks
Change-Id: I16016cfc575620f98c0124fdb85e39cf56e0453a
2019-11-27 12:16:07 +01:00
Andras Timar
99ed303e2f chmod -x
Change-Id: Iaacb3f7abbbb5c76cbd693b8b9918137de086c3d
2019-11-26 22:58:35 +01:00
Andras Timar
da56f1fc73 deb: trigger systemplate update after apt operations (e.g. installation of a new font, etc.)
Change-Id: Ia356249598d2f451d135985511b0fce71335a28d
2019-11-26 22:56:58 +01:00
Jan Holesovsky
3a03f50784 Revert "Adapt paths to new package name"
It is not a good idea to change the configuration directory, it will affect all the existing installations.

And the service is called loolwsd - so the configuration should be called that way too.

This reverts commit 9278574289.

Change-Id: I7e6eee644e21ad2dd842742585d16133ff8e36c9
Reviewed-on: https://gerrit.libreoffice.org/72730
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
2019-05-22 12:06:06 +02:00
Samuel Mehrbrodt
9278574289 Adapt paths to new package name
After 1dbbc5acc7

Change-Id: I64a12fb13bc8f9371821b2d5969941bfddc2514a
Reviewed-on: https://gerrit.libreoffice.org/72728
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
2019-05-22 10:27:33 +02:00
Andras Timar
f1be65668c systemplate files should not be writable by lool user
Change-Id: Ifb4fb7e5d5c1861b5e26bb6a710acb28e546c846
Reviewed-on: https://gerrit.libreoffice.org/67425
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
2019-02-07 14:33:30 +01:00
Andras Timar
7c3322e7e0 do not distribute unused or internal dev tool binaries: loolmap, loolmount, loolstress
Change-Id: Ice905d08a695805f594df5731039f747ac88cf28
Reviewed-on: https://gerrit.libreoffice.org/54027
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2018-05-09 15:28:19 +02:00
Andras Timar
2de986cdcc typo: loowsd -> loolwsd
Change-Id: Ia9febfbceae101f24c41ef8921b7cf41f02dfce3
Reviewed-on: https://gerrit.libreoffice.org/37187
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
2017-05-03 10:20:26 +02:00
Andras Timar
f8ae6243dd non-world-readable loolwsd.xml in packages
Change-Id: Ibe91699f8d126dd34c1041fcfaaf471974387e47
Reviewed-on: https://gerrit.libreoffice.org/37102
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2017-04-29 22:44:13 +02:00
Andras Timar
94a810daa0 Run fc-cache after installation in order to improve startup time of LOKit
Change-Id: Ide3ceb5b5dccfce6ea9e155b5dbf2e49bf24fe88
2017-04-04 12:12:22 +02:00
Andras Timar
11fc3a0d02 package debian/ files and make them generic
Change-Id: Ia060b7d83c659db0354a5a1438b12bebaee45e03
2017-03-20 23:29:16 +01:00
Renamed from debian/loolwsd.postinst (Browse further)