Commit Graph

3534 Commits

Author SHA1 Message Date
Sam James
c80d6bb2ed checkpath: missing includes from IWYU 2023-01-29 11:32:22 -06:00
Sam James
bfe38c98a8 src: shared: schedules: add missing includes to header
Needed for clang-tidy prep work, as it requires headers to work standalone
(which is useful anyway).
2023-01-28 22:14:30 -06:00
Sam James
e8a76ad6e6 src: shared: plugin: add missing includes to header
Needed for clang-tidy prep work, as it requires headers to work standalone
(which is useful anyway).
2023-01-28 22:14:30 -06:00
Sam James
7d63049adb src: shared: misc: add missing includes to header
Needed for clang-tidy prep work, as it requires headers to work standalone
(which is useful anyway).
2023-01-28 22:14:30 -06:00
Sam James
dc0b3157a9 src: shared: helpers: add missing includes to header
Needed for clang-tidy prep work, as it requires headers to work standalone
(which is useful anyway).
2023-01-28 22:14:30 -06:00
Sam James
2f6b5b7ef4 openrc: rc-logger: add missing includes to header
Needed for clang-tidy prep work, as it requires headers to work standalone
(which is useful anyway).
2023-01-28 22:14:30 -06:00
NRK
eb3635dd1f swclock: fix codeql warning and upgrade to futimens
this was reported by codeql's scan as a TOCTOU bug. while that's true in
theory, i don't believe it would've had any practical effect.

a better justification for this change might be the fact that it
upgrades from `utime` (which is depreciated by POSIX [0]) to `futimens`.

[0]: https://www.man7.org/linux/man-pages/man3/utime.3p.html#FUTURE_DIRECTIONS
2023-01-28 16:19:33 -05:00
NRK
459783bbad openrc: avoid unnecessary malloc inside sig-handler
malloc (called by xasprintf) is not async-signal-safe. beside, the
string here is constant, so there's no need to malloc it all.

eerrorx isn't async-signal-safe either (due to calling fprintf and exit)
but consequence of them are _typically_ not as grave as calling malloc
while it's internal state is inconsistent.

Bug: https://github.com/OpenRC/openrc/issues/589
2023-01-28 13:08:00 -05:00
Sam James
a28bdc7e5c openrc-shutdown: mark handler as noreturn, use _unused macro 2023-01-25 01:11:25 -05:00
Sam James
bcae7d03b4 openrc: mark handle_bad_signal as noreturn
For -Wmissing-noreturn.
2023-01-25 00:51:13 -05:00
Sam James
ccc2b71145 supervise-daemon: mark various functions as noreturn
For -Wmissing-noreturn.
2023-01-25 00:50:43 -05:00
Sam James
78c0693c50 openrc-shutdown: mark stop_shutdown as noreturn, fix typo/indentation
For -Wmissing-noreturn.
2023-01-25 00:50:15 -05:00
Sam James
ddf4a3a7a0 shared: move _noreturn definition into helpers.h 2023-01-25 00:49:47 -05:00
Sam James
a6568c304f libeinfo: fix -Wunused-but-set-variable 2023-01-25 00:49:22 -05:00
Sam James
d6a5264a9d librc: fix 'init' memory leak
From scan-build w/ clang-16.0.0_pre20230107:
```
../src/librc/librc.c:759:14: warning: Potential leak of memory pointed to by 'init' [unix.Malloc]
                                                return false;
                                                       ^~~~~
```
2023-01-25 00:48:26 -05:00
Sam James
9f227e8b49 openrc-run: drop strlen dead store 2023-01-25 00:08:30 -05:00
Sam James
3bb5450320 openrc-shutdown: fix need_warning dead store
It's already initialised to false at the start and it's clear when reading
what the flow is.

While at it, fix some indentation and adjust whitespace to make more readable.
2023-01-25 00:07:03 -05:00
Sam James
a689fdb7be openrc-run: fix -Wunused-but-set-variable 2023-01-25 00:06:27 -05:00
Sam James
fc4f15d6cd openrc: fix double-assignment to dir
This one is a bit odd, it didn't get fixed in e273b4e08e,
and goes all the way back to cb9da6a262.
2023-01-25 00:05:32 -05:00
Sam James
19f329d2f4 openrc, openrc-run: Fix -Wstrict-prototypes
These become fine with C23 because () starts to mean (void) then, but for
previous language versions, it's deprecated, and it causes an annoying
warning when building with Clang by default.

Plus, GCC lacks specific flags to trigger what C23 *does* ban, so a lot
of people are going around building with -Wstrict-prototypes, so let's
just fix this to be consistent with the rest of the codebase anyway
to fend off false positive reports.
2023-01-25 00:05:05 -05:00
William Hubbs
0b86c06c3c update cirrus ci to latest FreeBSD images 2023-01-24 11:32:11 -06:00
Mike Frysinger
fea9d9a7f0 add CoC based on the Contributor Covenant project 2023-01-21 22:01:15 -06:00
Matt Whitlock
9dfd2b2737 start-stop-daemon, supervise-daemon: use closefrom()/close_range()
On systems with a very large RLIMIT_NOFILE, calling close() in a loop
from 3 to getdtablesize() effects an enormous number of system calls.
There are better alternatives. Both BSD and Linux have the closefrom()
system call that closes all file descriptors with indices not less than
a specified minimum. Have start-stop-daemon call closefrom() on systems
where it's implemented, falling back to the old loop elsewhere.

Likewise, calling fcntl(i, F_SETFD, FD_CLOEXEC) in a loop from 3 to
getdtablesize() raises a similar performance concern. Linux 5.11 and
onward has a close_range() system call with a CLOSE_RANGE_CLOEXEC flag
that sets the FD_CLOEXEC flag on all file descriptors in a specified
range. Have supervise-daemon utilize this feature on systems where it's
implemented, falling back to the old loop elsewhere.
2023-01-20 21:44:37 -06:00
Matt Whitlock
de295bd0c6 start-stop-daemon: remove unnecessary carve-out for pipe FD
1364e6631c exempted the write end of the
synchronization pipe from the close() loop in the child process, but
this is unnecessary, as the pipe is opened with O_CLOEXEC, and the child
process calls execvp() soon after the close() loop, with the intervening
code not needing the pipe. Indeed, the pipe only needs to remain open in
the child process until after the call to setsid(), which occurs well
before the close() loop. So, eliminate the needless carve-out from the
close() loop, in preparation for introducing closefrom().
2023-01-20 21:44:37 -06:00
Mike Frysinger
6f44445958 checkpath: add missing sticky/set*id mode bits to check
We incorrectly masked out the upper 3 bits when checking to see if the
permissions need updating leading us to run chmod when not needed.

Fixes #482.
2023-01-15 15:31:25 -05:00
Mike Frysinger
52dcb4aaa3 netmount: add fuse.glusterfs
Fixes #495.
2023-01-15 15:24:51 -05:00
Mike Frysinger
c6d6ed0c9c openrc-run: add status to basic usage message
Fixes #491.
2023-01-15 15:19:53 -05:00
Mike Frysinger
b778c72f81 checkpath: fix initial dirfd opening
dirfd is uninitialized at this point, and even if it were, it doesn't
make sense to use since the path is "/" -- the dirfd is ignored when
the path is absolute.  Switch to AT_FDCWD to avoid all that.
2023-01-15 15:17:18 -05:00
Mike Frysinger
32715e1144 man: update path to internal runtime state
Fixes #498.
2023-01-15 15:10:22 -05:00
Mike Frysinger
ec04e08707 init: add missing eend to /run mount #554
Fixes #554.
2023-01-15 14:58:27 -05:00
Ivan Bushchik
dd05e60ced LICENSE: Change year to 2023 (from 2015!!!) 2023-01-08 09:05:18 -05:00
William Hubbs
9ef74594df version 0.46 2023-01-05 00:31:37 -06:00
William Hubbs
59e9637647 update news 2023-01-05 00:22:41 -06:00
Nikolaos Chatzikonstantinou
35077afb68 build: fix run_command warning
The default behavior of check: false is going to change to true in the
future, see <https://github.com/mesonbuild/meson/issues/9300>.

Thus we are explicit about the desired behavior. The error in uname is
important but with test we check ourselves using returncode().

This fixes #556.
2022-12-08 11:06:09 -06:00
William Hubbs
02b064a591 src/swclock: make the reference file a required argument 2022-12-08 09:56:50 -06:00
William Hubbs
839083bb52 make the location of the swclock reference file configurable
This fixes #565.
2022-12-08 09:56:40 -06:00
Mike Gilbert
1364e6631c start-stop-daemon: use a pipe to sync parent/child processes
This fixes #557.
2022-12-07 17:12:24 -06:00
Jakub Jirutka
953172c6c6 supervise-daemon: don't overwrite empty supervise_daemon_args
If supervise_daemon_args is not set *or empty*, it defaults to
`start_stop_daemon_args`. This is bad because supervise-daemon doesn't
accept the same options as `start-stop-daemon`. So if we set e.g.
`start_stop_daemon_args="--wait 50"`, but not `supervise_daemon_args`,
and the user adds `supervisor=supervise-daemon` to the corresponding
/etc/conf.d/<service> file, the service will fail to start due to
unrecognized option "wait".

It would be best to remove this fallback, but that might break some
existing scripts that depend on it. So this commit just changes it to
use `start_stop_daemon_args` as the default for `supervise_daemon_args`
only if `supervise_daemon_args` is not set at all, but not if it's
empty.

This at least simplifies workarounds; we can just add
`supervise_daemon_args="$supervise_daemon_args"` to init scripts.

This fixes #558.
2022-12-07 16:42:14 -06:00
Sam James
0525de4f18 librc-depend: fix -Wmismatched-dealloc
Despite this being a 'deptree', it's actually
xmalloc'd in the same function (rc_deptree_update),
and so should be free'd, not rc_deptree_free'd,
as rc_deptree_load* wasn't used to allocate it.

```
[71/213] Compiling C object src/librc/librc.so.1.p/librc-depend.c.o
../src/librc/librc-depend.c: In function ‘rc_deptree_update’:
../src/librc/librc-depend.c:1077:9: warning: ‘rc_deptree_free’ called on pointer returned from a mismatched allocation function [-Wmismatched-dealloc]
 1077 |         rc_deptree_free(deptree);
      |         ^~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../src/shared/misc.h:29,
                 from ../src/librc/librc.h:57,
                 from ../src/librc/librc-depend.c:21:
In function ‘xmalloc’,
    inlined from ‘rc_deptree_update’ at ../src/librc/librc-depend.c:775:12:
../src/shared/helpers.h:64:23: note: returned from ‘malloc’
   64 |         void *value = malloc(size);
      |                       ^~~~~~~~~~~~
```

This fixes #563.
2022-12-07 11:35:16 -06:00
Stefan Linke
9380347f04 Avoid warning on grep 3.8 in hwclock
Starting with grep version 3.8, the hwclock init script logs warnings
about stray backslashes:

> hwclock | * Setting system clock using the hardware clock [UTC] ...
> hwclock |grep: warning: stray \ before -
> hwclock |grep: warning: stray \ before -

This is caused by the check for existence of the `--noadjfile` argument
in function `get_noadjfile()`.

Replacing the affected logic with an explicit argument denoting the
pattern as such resolves the issue.

Fixes #548
2022-09-07 11:59:30 -04:00
Matt Whitlock
112b69860f start-stop-daemon, supervise-daemon: set autogroup nicelevel
As described in "Why nice levels are a placebo and have been for a very
long time, and no one seems to have noticed"[1], the Linux kernel in its
default configuration on many Linux distributions autogroups tasks by
session ID and "fairly" allocates CPU time among such autogroups. The
nice levels of tasks within each autogroup are only relative to
other tasks within the same autogroup. Effectively, this means that the
traditional nice level is rendered moot for tools like start-stop-daemon
and supervise-daemon, which start each daemon in its own session and
thus in its own autogroup. Linux does provide a means to change the
niceness of autogroups relative to each other, so let's have start-stop-
daemon and supervise-daemon make use of this feature where available so
that -N,--nicelevel/SSD_NICELEVEL will actually do what the user
intends. On systems where autogroups are not supported or are disabled,
this commit introduces no change in behavior.

Note that the setsid() call in the child process of start-stop-daemon is
moved to much earlier. This is necessary so that the new process will be
assigned to a new autogroup before the autogroup nicelevel is set. To
avoid inadvertently acquiring /dev/tty as the controlling terminal of
the new session after setsid() has given up the controlling terminal
inherited from the parent process, tty_fd is opened before the call to
setsid().

[1] https://www.reddit.com/r/linux/comments/d7hx2c/why_nice_levels_are_a_placebo_and_have_been_for_a/
This fixes #542.
2022-09-06 17:26:22 -05:00
Sören Tempel
d21dde73ba init.d/root: don't remount swap
While refactoring the changes proposed in #533 a minor error was
introduced were the root service will now attempt to remount swap.
This will fail with the error message `mountinfo: 'swap' is not a
mountpoint`.

This fixes #546
2022-09-04 18:44:47 -05:00
William Hubbs
9b08de926b Revert "start-stop-daemon: use vfork to avoid races"
This is broken, so revert it and reopen #532.

This reverts commit 9e5ce59a21.
2022-09-02 17:27:39 -05:00
Sören Tempel
f60d42e901 init.d/root: also remount / with options provided in /etc/fstab
Without this commit, the root OpenRC service remounts all mounted
filesystems (except /) with the options defined in /etc/fstab via
fstabinfo. It is presently unclear to me why / was excluded from
remounting in 497ff7ee41 and unfortunately
neither the commit nor the associated Bugzilla issue [1] provides
further information on this.

At Alpine, our initramfs does currently not remount / with all options
defined in /etc/fstab [2]. As part of the discussion on the Alpine side
of things we wondered why OpenRC does not remount / since this would be
the easier solution for us. For this reason, this commit changes the
behavior of the OpenRC root services accordingly to also remount / with
the options defined in /etc/fstab.

[1]: https://bugs.gentoo.org/401573
[2]: https://gitlab.alpinelinux.org/alpine/mkinitfs/-/merge_requests/103
This fixes #533.
2022-09-02 13:41:44 -05:00
Arusekk
9e5ce59a21 start-stop-daemon: use vfork to avoid races
While running `rc-service start docker` on Gentoo,
I found that the command does not start the service 90% of the time,
with an enigmatic 'service crashed' message.

The root cause of this is apparently rc-service spawning a pty,
running start-stop-daemon inside that pty, and exitting,
before start-stop-daemon child process calls setsid(),
which results in the child process being killed with SIGHUP (SI_KERNEL).

Theoretically this bug was present ever since the file was created in
5af58b4514 ("Rewrite the core parts in C. We now provide...")
(or even before that), but it should have been only a minor issue before
45bd125dcc ("Use a pty for prefixed output instead of pipes for...").
Not sure why nobody has had the issue so far (it has been present for
almost 15 years).

As here setsid() is the last call before execve(), the most natural
locking mechanism is vfork(), as it gives back control to parent
process only after execve() or process termination.
So this way the bug can be fixed by adding a single letter. :-)

Another way to ensure this would be using an O_CLOEXEC file descriptor
or some custom lock, which would need to be released not before setsid().

Fixes: 5af58b4514 ("Rewrite the core parts in C. We now provide...")
Fixes #532.
2022-09-02 12:41:09 -05:00
xdavidwu
95dc83bfbc openrc: fix help messages
The two lines seem to both belong to --override, but made into seperate
array elements accidentally, making options after --override and their
help mismatch. This fixes it.
2022-07-21 03:53:42 -04:00
psykose
14b153c1a4 fix quoting of loggers in start-stop-daemon
previously broken in 6034866d1c
caused *_logger options to be passed unquoted, so
`error_logger="logger -t .."` would pass -t to s-s-d and fail to start
the service.

Fixes: #531
2022-07-03 12:40:34 -05:00
William Hubbs
3cc4c01485 remove trailing space 2022-06-28 17:21:54 -05:00
William Hubbs
414f398498 modules.in: always return 0, make loading more verbose 2022-06-27 17:32:42 -05:00
William Hubbs
107b23819d restore the init symlink for sysvinit mode
This symlink got lost in the transition to meson.

X-Gentoo-Bug: 850754
X-Gentoo-Bug-URL: https://bugs.gentoo.org/850754
2022-06-10 10:28:57 -05:00