SCM Mounts: Done (Almost)
By mkupfer on Oct 10, 2009
I've finished the workaround for the
privileges issue. I ended up writing a simple setuid C
program so that our PAM module could unmount the loopback
filesystems. I had been using an RBAC-based approach, but that
requires that the user own the mount point for each loopback
mount. The more I worked on it, the more failure scenarios I ran
into because of that requirement. The setuid approach had none of
those issues, and it turned out to be much simpler to code than I
had been expecting.
So the changes have been committed to the repository for the SCM infrastructure, and the new bits have been deployed on the backup SCM server. The only thing left is to deploy on the primary SCM server.