Commit Graph

3283 Commits

Author SHA1 Message Date
philhofer
084877eb52 src/librc/librc-daemon.c: fix buffer overrun in pid_is_argv
The contents of /proc/<pid>/cmdline are read into
a stack buffer using

  bytes = read(fd, buffer, sizeof(buffer));

followed by appending a null terminator to the buffer with

  buffer[bytes] = '\0';

If bytes == sizeof(buffer), then this write is out-of-bounds.

Refactor the code to use rc_getfile instead, since PATH_MAX
is not the maximum size of /proc/<pid>/cmdline. (I hit this
issue in practice while compiling Linux; it tripped the
stack-smashing protector.)

This is roughly the same buffer overflow condition
that was fixed by commit 0ddee9b7d2
This fixes #269.
2018-12-24 11:55:48 -06:00
philhofer
97e74f9734 src/rc/supervise-daemon.c: formatting fixes
Fix misleading indentation and other erroneous whitespace.
This fixes #273.
2018-12-24 10:36:12 -06:00
William Hubbs
d328de198d remove /run migration script again
This time it was done correctly.
I missed a '\' the last time.
2018-12-23 21:04:00 -06:00
philhofer
a9fc26ac13 src/rc/supervise-daemon.c: do not pass NULL to strcmp
The following will cause a segfault due to NULL being
passed to strcmp(3)

$ RC_SVCNAME=foo supervise-daemon

Fix the bounds check on argc in main. If argc<=1, then
it is not safe to dereference argv[1].
2018-12-23 21:01:39 -05:00
philhofer
40f7046696 src/rc/openrc-run.c: remove duplicate statement
The statement

  ll = strlen(applet);

appears twice in the same block without any
intervening assignment to the variables
'll' or 'applet'

Remove the second (duplicate) statement.
2018-12-23 20:27:06 -05:00
William Hubbs
894995176e Revert "remove /run migration script"
For some reason removing this broke the build.

This reverts commit 5246ea7b6f.
2018-12-23 18:13:06 -06:00
William Hubbs
5246ea7b6f remove /run migration script
We have used /run for some time now and we have had this migration
script for 6 years. Linux users should have upgraded by now to a version
of OpenRC which stores its information in /run.
2018-12-23 17:49:34 -06:00
William Hubbs
ed8b768c4a fix compiler warnings 2018-12-21 12:06:15 -06:00
William Hubbs
825caa14de supervise-daemon: do not use the exec_service() function
In order to run healthcheck() and the unhealthy() function, add an
exec_command call to the supervisor.
Another difference is This function also logs errors instead of
attempting to display them.

This is for #271.
2018-12-20 17:39:31 -06:00
William Hubbs
d5c396cbfc Add debug logging to start-stop-daemon and rc-supervisor
This will make it easier to track down why the supervisor intermittently
hangs after it runs for a long time.
2018-12-18 11:29:26 -06:00
William Hubbs
5427783fdf standardize the default shell
I do not know of a need to have the default shell be a build-time
configurable setting. All *nix systems I am aware of have /bin/sh as a
default posix compatible shell.
If some systems running OpenRC do not make that assumption about
/bin/sh, I will consider bringing this back, so feel free to open an
issue.
2018-12-08 12:06:26 -06:00
William Hubbs
d95425b08a rc-cgroup.sh: remove shebang line
This is not a stand-alone script, so it does not need the shebang line.
This also means it is not necessary to run this through sed.
2018-12-07 15:31:13 -06:00
William Hubbs
76420d9849 init.d/agetty: set default respawn period to 60 seconds
Without a respawn period setting, the supervisor will give up on
respawning agetty after it is respawned respawn_max times. For most
daemons giving up like this is reasonable, but not for agettys. Agettys
should always be respawned unless they are respawning too fafst,.

If an agetty is respawning faster than 10 times in 60 seconds, this
seems to be too fast.
2018-12-06 16:37:40 -06:00
William Hubbs
bebc604438 supervise-daemon: fix busy loop
This fixes #264.
2018-12-06 16:22:15 -06:00
Alexander Zubkov
9dae4f2e38 supervise-daemon: redirect std{in,out,err} to /dev/null after demonizing
This fixes #239.
2018-12-04 16:53:39 -06:00
William Hubbs
d126542dc6 version 0.41 2018-12-03 18:14:34 -06:00
William Hubbs
ab6c8d56f1 Update ChangeLog 2018-12-03 15:56:19 -06:00
Austin English
fb4dd351c7 misc: make checks always fatal
This fixes #263.
2018-12-03 15:26:42 -06:00
Austin English
10dc65cc46 src/rc/supervise-daemon.c: fix style issue
This is for #263.
2018-12-03 15:26:20 -06:00
William Hubbs
9a2115f762 rc-status: show status for supervised services instead of a list 2018-12-03 15:16:17 -06:00
William Hubbs
eeba6df476 Update supervise-daemon man page 2018-12-03 13:08:25 -06:00
William Hubbs
ac42e81a64 supervise-daemon.sh: drop the unused stopsig variable 2018-12-03 12:43:12 -06:00
William Hubbs
af70862a7a supervise-daemon: use a default pid file if one is not specified
Since the pid file is internal to us, start moving toward deprecating it
by not requiring the user to specify it.
In the next release, I plan on working on code to start phasing out the
use of a pid file if this is possible.
2018-12-03 12:41:29 -06:00
William Hubbs
fa6611b5af rc-status: add --supervised option to show supervised services 2018-12-02 18:33:25 -06:00
William Hubbs
db01442580 rc-status: show failed services as failed 2018-12-02 18:33:25 -06:00
William Hubbs
ebf79db79e supervise-daemon: mark a service failed if it respawns too many times 2018-12-02 18:33:25 -06:00
William Hubbs
1b5a3b4ef4 supervise-daemon: make respawn-max and respawn-period independent settings 2018-12-02 18:33:25 -06:00
William Hubbs
77262c359c supervise-daemon: add support for a fifo
This will allow us to signal the daemon we are supervising as well as
send other commands to the supervisor in the future.

This fixes #227.
2018-12-02 18:33:25 -06:00
William Hubbs
7f23e0461d supervise-daemon: rework signal handling and main loop
This is needed in preparation for adding support for a fifo to allow us
to communicate with the supervisor to ask it to signal the child it is
supervising.
2018-12-02 18:33:25 -06:00
William Hubbs
ff4af908a5 Revert "checkpath: use O_PATH when available"
This reverts commit 2af0cedd59.

After speaking with Luis Ressel on the Gentoo selinux team, I am reverting
this commit for the following reasons:

- Luis told me that he feels this is not the solution we need to address
  the concern with checkpath; I will be working with him on another
  solution.

- There are concerns about the way the path variable was handled
  and the assert() call.
  The path variable should be dynamically allocated using xasprintf
  instead of defining a length at compile time. This would eliminate the
  need for the assert() call.

- It introduces the definition of _GNU_SOURCE which makes it
  easier to introduce portability concerns in the future (see #262).
2018-12-02 16:08:42 -06:00
Mike Gilbert
2af0cedd59 checkpath: use O_PATH when available
This avoids opening directories/files with read permission, which is
sometimes rejected by selinux policy.

Bug: https://bugs.gentoo.org/667122
2018-12-01 21:43:18 -08:00
William Hubbs
ee41e444ad rc.conf: typo fix
X-Gentoo-Bug: 670874
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=670874
2018-11-29 08:19:56 -06:00
William Hubbs
b7828651ba supervise-daemon: fix type of exiting flag 2018-11-28 16:06:07 -06:00
Austin English
e96f7d5658 src/tests/runtests.sh: add a FATAL_CHECKS variable to make whitespace/etc. fatal 2018-11-27 21:22:29 -05:00
Austin English
28b73fc524 src/rc/openrc-shutdown.c: fix style 2018-11-27 21:22:29 -05:00
Austin English
7a00c63420 fix misc whitespace issues 2018-11-27 21:22:29 -05:00
Austin English
f4597c546a give TravisCI a try 2018-11-27 21:22:29 -05:00
Austin English
e10afc8e75 sh/functions.sh.in: return a different value for invalid input in yesno() 2018-11-18 13:22:59 -05:00
William Hubbs
0f704402a2 supervise-daemon: make the pidfile an implementation detail
The pidfile of the supervisor doesn't need to be adjustable by the
service script. It is only used so the supervisor can stop itself when
the --stop option is used.
2018-11-15 14:15:15 -06:00
William Hubbs
2504a2c25b Do not complain if interrupted by a signal
In start-stop-daemon and rc-schedules, we were printing out a warning if
the nanosleep call was interrupted by a signal, but we did not treat
this as an error situation other than displaying the message, so there
is no need for the message.
2018-11-15 14:03:06 -06:00
William Hubbs
7eb3975543 Create save-keymaps and save-ktermencoding services
These services represent the parts of the keymaps and termencoding
services which saved the settings back to the root file system so they
can be loaded very early in the boot process.
These are needed to allow keymaps and termencoding to run earlier in the
boot sequence.

X-Gentoo-Bug: 446018
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=446018
2018-11-07 08:55:44 -06:00
William Hubbs
60e60dc9bb supervise-daemon.sh: drop invalid --signal switch
This fixes #230.
2018-11-06 10:54:02 -06:00
William Hubbs
008c9d0036 supervise-daemon: reap zombies
We need to make sure to reap zombies so that we can shut down
successfully.

Fixes #252.
Possibly related to #250.
2018-11-05 21:35:00 -06:00
William Hubbs
025c9693cc rc-service: fix help output 2018-11-05 11:39:39 -06:00
William Hubbs
ee3c4afdb7 openrc-init: add SELinux support
This is for #173.
2018-11-02 18:22:11 -05:00
William Hubbs
e2416d0893 openrc-shutdown: do not require a time for -w switch
X-Gentoo-Bug: 669500
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=669500
2018-10-24 15:24:40 -05:00
William Hubbs
a2bcfeb428 version 0.40 2018-10-24 15:18:10 -05:00
William Hubbs
53f7afd3b3 Update ChangeLog 2018-10-23 17:14:01 -05:00
William Hubbs
75e9b66f6f news.md: add information about the modules service changes 2018-10-23 16:59:20 -05:00
William Hubbs
d70b1c55b6 modules: Add --first-time switch to modprobe commands
On Linux, kernel modules should be loaded once during boot, either in an
initramfs or by this service.

This does not change anything other than printing out messages if a
module is loaded more than once.

X-Gentoo-Bug: 659530
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=659530
2018-10-23 16:47:37 -05:00