"veyron/lib/modules": Fresh VEYRON_CREDENTIALS for each command
This CL changes modules.Shell to ensure that (by default) a fresh
VeyronCredentials environement variable is set for each child process.
Currently, the shell sets up a single credentials directory that is
shared by all its child processes. This leads to the risk that children
may concurrently access the directory and therefore step on each other's
blessings. In order to prevent this here and elsewhere, we plan to lock
the VeyronCredentials directory to a single runtime that accesses it and
unlock it only when the runtime is cleaned up. Making this work requires
changing all code where multiple processes/runtime share the same
credentials directory. This CL is the first step in this direction, and
changes modules.Shell to ensure that all its children are provided with
a different credentials directory.
In particular this CL makes the following changes:
* modules.NewShell initializes a credentials directory for the shell.
- It is set to the OS's VeyronCredentials variable if that is set,
otherwise, to a freshly created directory.
- Subsequent SetVar and ClearVar calls on the shell's VeyronCredentials
variable can modify the shell's credentials directory.
* Every command started by the shell has its VeyronCredentials
environment variable set up as follows:
- If the variable is set on the parameters provided to the 'Start'
call then that value is used.
- Otherwise, a the shell creates a new credentials directory and
blesses it with the principal specified by its credentials. The same
extension (in particular, 'child') is used for the blessing granted
to all children. However, each child has its own seperate directory.
* A cleanup on the Shell deletes any new credentials directories
created by the shell.
Change-Id: I5c809eca67fde20745735a51876a700a48090e3b
7 files changed
