Commit Graph

3446 Commits

Author SHA1 Message Date
Jason A. Donenfeld
5e1f180f0b
seedrng: clean up fds and avoid -1 close on exit (#509)
This cleans up the exit path a little bit.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-03-29 16:21:28 -05:00
Jason A. Donenfeld
076c2552ae Use seedrng for seeding the random number generator
The RNG can't actually be seeded from a shell script, due to the
reliance on ioctls. For this reason, the seedrng project provides a
basic script meant to be copy and pasted into projects like OpenRC and
tweaked as needed: https://git.zx2c4.com/seedrng/about/

This commit imports it into OpenRC and wires up /etc/init.d/urandom to
call it. It shouldn't be called by other things on the system, so it
lives in rc_sbindir.

Closes #506.
Closes #507.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-03-26 19:16:27 -05:00
sad-goldfish
270e5c6828
Add Posix Scheduling Support to start-stop-daemon (#497) 2022-03-05 15:48:17 -05:00
Mike Frysinger
d796310456 switch 0x100 constants to enums
This should make the code easier to maintain without having to remember
what the exact 0x100 constant means.
2022-03-05 14:17:14 -05:00
Mike Frysinger
5400dcc509 switch 0x80 to 0x103 for long options
We use 0x100+ to avoid collisions in the 8 bit getopt interface, so
switch 0x80 to align with the other existing 0x100 options we have.
2022-03-05 14:08:02 -05:00
LinkTed
6034866d1c Use consistent args passing in start-stop-daemon 2022-03-05 13:14:59 -05:00
LinkTed
5e127608c3 Fix indentation in the meson.build file 2022-03-05 13:14:59 -05:00
Cat Lee Ball
7c2e7e6df4 Add newline for want
The comment block for `want` seemed to be unintentionally part of the `use` block. Added a newline so `want` will have its own section.
2022-03-05 13:14:21 -05:00
Mike Frysinger
219a231917 add GH action to leverage coverity scan 2022-02-06 17:22:31 -05:00
LinkTed
8115f3274e linux: Add support for No New Privs flag
This add No New Privs flag for start-stop-daemon and supervise-daemon
by adding --no-new-privs flag. As a result, the user set the No New
Privs flag for the program should run with.
see PR_SET_NO_NEW_PRIVS prctl(2)
2022-02-06 17:17:46 -05:00
LinkTed
79e5edc1a3 capabilities: Add support for securebits flags
This adds securebits flags for start-stop-daemon and supervise-daemon
by adding --secbits option. As a result, the user can specify
securebits the program should run with. see capabilities(7)
2022-02-06 17:17:46 -05:00
omnivagant
e045591845 init.d/devfs: default mount /dev noexec 2022-01-30 01:53:25 -05:00
Dermot Bradley
98feac173e init.d/bootmisc.in: prevent error due to nonexistant file
During boot if the "previous_dmesg" setting is enabled in
/etc/conf.d/bootmisc then during the 1st boot of a machine the
bootmisc init.d script will attempt to move a nonexistant dmesg
file, so generating an error on the console.

Modify the script to only move an existing file.
2022-01-30 01:53:10 -05:00
Matt Turner
e6d48ea141 rc-misc.c: Allocate memory for 'file'
This is a partial revert of commit 8e02406d ("rc-misc.c: remove
references to PATH_MAX"), which changed 'file' to a null pointer with no
associated storage.

../openrc-0.44.10/src/rc/rc-misc.c: In function ‘_rc_deptree_load’:
../openrc-0.44.10/src/rc/rc-misc.c:392:33: warning: ‘%s’ directive argument is null [-Wformat-overflow=]
392 |                                 eerror("Clock skew detected with `%s'", file);
    |                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fixes: 8e02406d ("rc-misc.c: remove references to PATH_MAX")
Closes: #493
2022-01-26 20:18:23 -06:00
William Hubbs
0f8fe2a6cb define the pam directory at the top level 2021-12-31 11:01:55 -06:00
William Hubbs
29477075c8 remove a tab 2021-12-31 10:56:42 -06:00
William Hubbs
5e9797035b fix libkvm dependency for *bsd 2021-12-30 18:45:39 -06:00
William Hubbs
c045d33a40 fix filename in FreeBSD meson build 2021-12-30 18:41:38 -06:00
William Hubbs
ffa2e06043 use meson in cirrus ci 2021-12-30 18:37:19 -06:00
William Hubbs
21d81ea5a9 build: always add subdirs 2021-12-30 12:17:47 -06:00
William Hubbs
fd70988587 remove separate pam directory 2021-12-29 19:04:06 -06:00
William Hubbs
cab458e27a build: rename sh_dir variable to rc_shdir 2021-12-29 15:57:04 -06:00
LinkTed
6e214b2616 capabilities: Add support for Linux capabilities(7)
This adds capabilities for start-stop-daemon by adding --capabilities
option. As a result, the user can specify the inheritable, ambient and
bounding set by define capabilities in the service script.

This fixes #314.
2021-12-23 17:29:10 -05:00
Matt Whitlock
fd1e4a384a add option for OOM score adjustment
This commit adds a new --oom-score-adj option to start-stop-daemon and
supervise-daemon, as well as an equivalent SSD_OOM_SCORE_ADJ environment
variable. If either of these are specified (with the command-line
option taking precedence), then the specified adjustment value is
written to /proc/self/oom_score_adj after forking but prior to exec'ing
the daemon (at the time when nice and ionice are applied).

Additionally, per a suggestion by Mike Frysinger, the suggested values
for the SSD_NICELEVEL, SSD_IONICELEVEL, and SSD_OOM_SCORE_ADJ variables
in the example config file are now given as zeros, which are the
kernel's default values of these process knobs for the init process at
boot. Note that uncommenting any of these zero-valued suggestions will
cause SSD/SD to set the corresponding process knob affirmatively to
zero, whereas leaving the variable unset (and the equivalent command-
line option unspecified) means SSD/SD will not change the corresponding
process knob from its inherited value.

See: https://github.com/OpenRC/openrc/pull/435#discussion_r688310672
This fixes #435.
2021-12-22 10:01:14 -06:00
Matt Whitlock
dd5a6fa60f start-stop-daemon: fix typo in error message 2021-12-21 10:26:29 -06:00
Mike Frysinger
8b247dd5d8 broadcast: fix compiler warnings
Newer gcc reports:
broadcast.c: In function 'broadcast':
broadcast.c:132:15: warning: variable 'tp' might be clobbered by 'longjmp' or 'vfork' [-Wclobbered]
  132 |         FILE *tp;

Move the storage off the stack to avoid.  This makes the function
not safe for multithread use, but we don't do that anywhere, so
who cares!
2021-12-21 01:48:31 -05:00
Matt Whitlock
8ffc4162e2 code style: remove space after unary "not" operator
There are no semantic changes in this commit.

Suggested-by: Mike Frysinger <vapier@gentoo.org>
See: https://github.com/OpenRC/openrc/pull/435#pullrequestreview-727035394
2021-12-21 01:48:04 -05:00
Aaditya Bagga
703bdbf88e supervise runsvdir daemon
This fixes #254.
2021-12-20 22:32:36 -06:00
Mike Frysinger
301161a7a4 use HEAD in git URIs to point to the default branch
This makes the URIs shorter and dynamic: whatever the default branch
the repo uses will be used.
2021-12-20 20:07:00 -05:00
Mike Frysinger
04d8234844 drop unused copyright variables
The existing copyright notices in the file headers cover these vars.
2021-12-20 20:04:59 -05:00
Mike Frysinger
d017d5af9c change getopt definition to elide pointer storage
Make this a const pointer to the storage directly instead of a pointer
variable that points to the storage.  Makes the code slightly smaller.
2021-12-20 20:03:35 -05:00
William Hubbs
32aeb7407b remove extra file 2021-12-12 19:19:20 -06:00
iucoen
e21b01b97e net-online: add missing sleep 1 in ping loop
Currently the ping loop instantly times out because timeout is decremented by 1 without actually going to sleep.

This fixes #480.
2021-12-12 19:17:16 -06:00
Doug Freed
a182f6e5f1 rc-status: fix uptime types and simplify
This fixes #484.
This fixes #483.
2021-12-12 18:29:28 -06:00
William Hubbs
0eb11e7db6 killprocs: add kill_delay setting
This allows containers using OpenRC based services to be configured to
allow open tcp connections to be closed before they are shut down.

This fixes #476.
2021-12-07 13:40:15 -06:00
William Hubbs
331d6f14fd support/init.d.examples: Do not use @PKG_PREFIX@ in service examples
I can't think of a reason to do this since these scripts are just
examples.

This is for #474.
2021-11-28 23:55:42 -06:00
William Hubbs
cc0037e9ca build: set rootprefix_default to /usr if on a /usr merged system
This requires at leaste meson 0.53.0 since it uses the fs module.

This is for #474.
2021-11-28 12:35:29 -06:00
Sam James
2ba16135cb meson: fallback to libcrypt detection outside of pkg-config
Much like PAM, not all implementations of libcrypt provide a pkg-config
file, and hence we can't find it using the old logic.

Let's fall back to the standard AC_SEARCH_LIBS-style check if the pkg-config-style
detection fails.

This fixes finding e.g. musl's libcrypt.

X-Gentoo-Bug: 827074
X-Gentoo-Bug-URL: https://bugs.gentoo.org/827074
2021-11-27 13:14:10 -06:00
Sam James
b94517376e src/rc/rc-selinux.c: fix use of deprecated security_context_t
It's only a char* and has been deprecated upstream [0].

[0] https://github.com/SELinuxProject/selinux/commit/7a124ca27581

Fixes: #478
2021-11-27 13:13:52 -06:00
Sam James
b868fc2c8d meson: only find libcrypt if SELinux and no PAM
We only need libcrypt if we're building _with_ SELinux and
_without_ PAM. We don't use libcrypt for general SELinux
with PAM.

This is mostly a correctness change as libcrypt should
generally be available (as opposed to the previous
change which fixed some real-world cases).

Fixes: f3f0fde861
Fixes: #478
2021-11-27 13:13:35 -06:00
Sam James
f3f0fde861 meson: link against libcrypt for SELinux if no PAM
We use libcrypt's crypt() if we're _not_ using PAM
in the SELinux code (rc-selinux, specifically).

X-Gentoo-Bug: 824954
X-Gentoo-Bug-URL: https://bugs.gentoo.org/824954
Fixes: https://github.com/openrc/openrc/pull/477
2021-11-20 17:33:14 -06:00
Sam James
bd5cdaafad meson: fix pam_misc_dep definition
X-Gentoo-Bug: 824954
X-Gentoo-Bug-URL: https://bugs.gentoo.org/824954
Fixes: https://github.com/OpenRC/openrc/issues/470
Fixes: https://github.com/OpenRC/openrc/pull/477
2021-11-20 17:31:17 -06:00
Sam James
015c83761d src/librc/librc-daemon.c: add missing include for kill (fix uclibc)
Fixes: #471
Fixes: #473
2021-11-12 22:59:03 -06:00
Sam James
0091a628c5 src/librc/librc-misc.c: add missing include for fileno (fix uclibc)
Fixes: #471
Fixes: #473
2021-11-12 22:58:22 -06:00
Eric Turgeon
bfb00e6a14 Added missing comma in openrc/src/rc
Clang was failing with:
```
/zroot/jenkins/workspace/update_ghsotbsd-13_poudriere_jail/sbin/openrc/../../contrib/openrc/src/rc/rc.c:70:2: error: suspicious concatenation of string literals in an array initialization; did you mean to separate the elements with a comma? [-Werror,-Wstring-concatenation]
        "when leaving single user or boot runlevels",
        ^
/zroot/jenkins/workspace/update_ghsotbsd-13_poudriere_jail/sbin/openrc/../../contrib/openrc/src/rc/rc.c:69:2: note: place parentheses around the string literal to silence warning
        "override the next runlevel to change into\n"
        ^
```

This fixes #469.
2021-11-12 22:55:40 -06:00
William Hubbs
d21fabca02 openrc-init: fix build for selinux
X-Gentoo-Bug: 821520
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=821520
2021-11-12 22:03:43 -06:00
William Hubbs
9d4f11f726 build: pam fix
Set the HAVE_PAM option if the dependency is found *and* pam is
requested.

X-Gentoo-Bug: 821211
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=821211
2021-11-06 19:37:37 -05:00
William Hubbs
3908687559 fix permission of installed version file 2021-10-15 23:17:26 -05:00
Aidan Harris
eaa42da9a6 Use cgroup.kill in cgroup_cleanup when possible
The old code is moved to a cgroup_fallback_cleanup function and only
 called if cgroup2_kill fails.

 This fixes #454.
2021-10-15 22:10:37 -05:00
Kerin Millar
cd4bbdcd62 init.d/s6-svscan.in: make sure $command exists
While the s6-svscan runscript belongs to OpenRC, the user is required to
install s6 before it can actually be used, potentially leading to
confusion. Check for the existence of $command in start_pre and, if it does not
exist, bail out with an error that makes this observation.

X-Gentoo-Bug: 816978
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=816978
2021-10-14 23:03:32 -05:00