[distcc] Monitor programs do not work with Portage/Gentoo Linux

Martin Pool mbp at samba.org
Mon Jul 7 05:09:26 GMT 2003 

On 23 Jun 2003, Wayne Davison <wayned at users.sourceforge.net> wrote:
> However, if people want to support long-running monitoring of a chain of
> ebuilds would require putting the state dir somewhere outside the home
> directory.  Perhaps we could allow the default location to be overridden
> with a DISTCC_STATEDIR environment variable.  Or, go back to putting it
> in the temp dir, and implement the DISTCC_TMPDIR suggestion in a way
> that overrides the TMPDIR setting instead of supplanting it.

I have thought a bit about this:

I don't think there is anything here that justifies ebuild-specific
hacks.  Many users may want to retain visibility of software built by
different users.  The most obvious example is tools being built by
root on BSD.  Another is compilations taking place inside chroot
environments.

So I think distcc should note its state in a machine-global location.
That location defaults to (say) /var/lib/distcc, but can be overridden
by setting DISTCC_STATEDIR.

Visibility of compilations between processes is controlled by
permissions on the state directory.  

A reasonable configuration for many machines is for all compilations
to be visible between all users.  This can be achieved just by making
the directory mode 777.

As at present, there will be one file in there for all tasks runnning.
I will extend it to include both tasks originating from the local
machine and tasks running on the local machine, and to indicate the
username.

As an additional protection the files will be created subject to the
Unix umask, so users that have requested privacy (umask 077) will not
expose any information other than that they are running the compiler.

The code needs to be a little careful of creating files in a directory
that can be written by other people.  For example, creation of files
should be done in a way that is safe against symlink tricks.  This is
feasible.

In the default installation, the directory will be created with mode
700, so that there is no security problem.  Distribution packages are
able to vary this policy either statically or depending on a user
response during installation.

Another possibility is to use some kind of network-based monitoring,
but I am loath to introduce a new security interface etc.

How does that sound?
-- 
Martin

More information about the distcc mailing list