bugzilla-daemon at bugzilla.netfilter.org
2012-May-18 09:49 UTC
[Bug 788] New: Allow saving to/restoring from a file without shell redirection
http://bugzilla.netfilter.org/show_bug.cgi?id=788
Summary: Allow saving to/restoring from a file without shell
redirection
Product: ipset
Version: unspecified
Platform: x86_64
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: default
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: bochecha at fedoraproject.org
Estimated Hours: 0.0
In some environments, you don't have access to a full shell with
input/output
redirection.
For those cases, being able to specify the file name on the command line would
be very useful, e.g something like:
$ ipset save -of /etc/ipset/ipset.save
$ ipset restore -if /etc/ipset/ipset.save
-----
One such environment is systemd. I'm maintaining the ipset package in
Fedora,
and it would be nice to provide users a way to have their ipsets automatically
restored at boot time, and saved at shutdown.
In systemd, a unit file provides a command line to run in order to start or
stop the service with the ExecStart and ExecStop directives.
However, there's no input/output redirection available in systemd, so I
can't
use:
ExecStart=/usr/bin/ipset restore < /etc/ipset/ipset.save
ExecStop=/usr/bin/ipset save > /etc/ipset/ipset.save
One solution is to use instead:
ExecStart=/bin/sh -c "/usr/bin/ipset restore <
/etc/ipset/ipset.save"
ExecStop=/bin/sh -c "/usr/bin/ipset save >
/etc/ipset/ipset.save"
But that's just ugly, and it means we fork a shell process just for the
redirection.
Another way is to use a wrapper script, something like (untested) :
#!/bin/bash
if [ $1 == "restore" ]; then
/usr/bin/ipset restore < /etc/ipset/ipset.save
elif [ $1 == "save" ]; then
/usr/bin/ipset save > /etc/ipset/ipset.save
else:
echo "Invalid parameter: $1"
exit 1
exit 0
And then use:
ExecStart=/path/to/wrapper-script restore
ExecStop=/path/to/wrapper-script save
It's more elegant in the systemd service file, but we still introduce a new
bash process just for the redirection.
It would be much cleaner and efficient to have an option to specify the
input/output file in ipset.
That's the systemd use case, but I'm sure there might be other cases
where such
an option would be desirable.
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-May-23 21:33 UTC
[Bug 788] Allow saving to/restoring from a file without shell redirection
http://bugzilla.netfilter.org/show_bug.cgi?id=788
Jozsef Kadlecsik <kadlec at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |kadlec at netfilter.org
Resolution| |FIXED
--- Comment #1 from Jozsef Kadlecsik <kadlec at netfilter.org> 2012-05-23
23:33:15 CEST ---
I have just committed a patch in the git repository which adds the
"-file"
option to specify a filename to read from (restore) or print to (list/save).
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
Reasonably Related Threads
- [Bug 856] New: configure is checking kernel stuff even when the kmod build was disabled
- [Bug 802] New: Lack of error feedback on SELinux denial
- [Bug 880] New: ipset doesn't refresh the timeout for an existing entry when the table is FULL.
- [Bug 749] New: Optionally disable building the kernel module.
- [Bug 719] New: ipset restore fails randomly