While running `rc-service start docker` on Gentoo,
I found that the command does not start the service 90% of the time,
with an enigmatic 'service crashed' message.
The root cause of this is apparently rc-service spawning a pty,
running start-stop-daemon inside that pty, and exitting,
before start-stop-daemon child process calls setsid(),
which results in the child process being killed with SIGHUP (SI_KERNEL).
Theoretically this bug was present ever since the file was created in
5af58b4514 ("Rewrite the core parts in C. We now provide...")
(or even before that), but it should have been only a minor issue before
45bd125dcc ("Use a pty for prefixed output instead of pipes for...").
Not sure why nobody has had the issue so far (it has been present for
almost 15 years).
As here setsid() is the last call before execve(), the most natural
locking mechanism is vfork(), as it gives back control to parent
process only after execve() or process termination.
So this way the bug can be fixed by adding a single letter. :-)
Another way to ensure this would be using an O_CLOEXEC file descriptor
or some custom lock, which would need to be released not before setsid().
Fixes: 5af58b4514 ("Rewrite the core parts in C. We now provide...")
Fixes#532.
The two lines seem to both belong to --override, but made into seperate
array elements accidentally, making options after --override and their
help mismatch. This fixes it.
previously broken in 6034866d1c
caused *_logger options to be passed unquoted, so
`error_logger="logger -t .."` would pass -t to s-s-d and fail to start
the service.
Fixes: #531
- use _ throw-away variable to get rid of a shellcheck warning
- remove tests for /etc/hostname and just try to read it
- drop reference to bash HOSTNAME variable.
- make source of host name more accurate
X-Gentoo-Bug: 850577
X-Gentoo-Bug-URL: https://bugs.gentoo.org/850577
```
=================================================================
==22862==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 4096 byte(s) in 1 object(s) allocated from:
#0 0x7f1fd5b12cb7 in __interceptor_malloc /usr/src/debug/sys-devel/gcc-11.2.1_p20220312/gcc-11-20220312/libsanitizer/asan/asan_malloc_linux.cpp:145
#1 0x55556abecea7 in xmalloc ../src/includes/helpers.h:64
#2 0x55556abecea7 in xasprintf ../src/includes/helpers.h:149
#3 0x55556abeb6fb in do_check ../src/rc/checkpath.c:206
#4 0x55556abeb6fb in main ../src/rc/checkpath.c:443
#5 0x7f1fd58576cf in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
SUMMARY: AddressSanitizer: 4096 byte(s) leaked in 1 allocation(s).
```
Signed-off-by: Sam James <sam@gentoo.org>
```
Direct leak of 4 byte(s) in 1 object(s) allocated from:
#0 0x7f49539534a7 in __interceptor_strdup /usr/src/debug/sys-devel/gcc-11.2.1_p20220312/gcc-11-20220312/libsanitizer/asan/asan_interceptors.cpp:454
#1 0x55d76fa66867 in xstrdup ../src/includes/helpers.h:91
#2 0x55d76fa66867 in get_dirfd ../src/rc/checkpath.c:111
#3 0x55d76fa66867 in do_check ../src/rc/checkpath.c:206
#4 0x55d76fa66867 in main ../src/rc/checkpath.c:442
#5 0x7f49536f06cf in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
```
Signed-off-by: Sam James <sam@gentoo.org>
(This is analogous to the rc_stringlist change.)
This gives a hint to the compiler that allocations (return values)
from this function should be paired with a corresponding dealloc/free
function.
Signed-off-by: Sam James <sam@gentoo.org>
This gives a hint to the compiler that allocations (return values)
from this function should be paired with a corresponding dealloc/free
function
In this case, it means that every rc_stringlist that rc_stringlist_new()
returns should eventually be freed by calling rc_stringlist_free(ptr)
where ptr is the relevant rc_stringlist.
We have to add a test for this into the build system
because only GCC supports this for now. In future, we might
be able to use meson's has_function_attribute (it does support
'malloc', just not AFAICT 'malloc with arguments').
Signed-off-by: Sam James <sam@gentoo.org>
'services' is still referenced by the list
which gets returned. We can't free it.
Thanks to GCC 11's -fanalyzer.
Signed-off-by: Sam James <sam@gentoo.org>
Seen on running rc-status.
```
=================================================================
==14636==ERROR: LeakSanitizer: detected memory leaks
Indirect leak of 72 byte(s) in 3 object(s) allocated from:
#0 0x7f443412dcb7 in __interceptor_malloc /usr/src/debug/sys-devel/gcc-11.2.1_p20220312/gcc-11-20220312/libsanitizer/asan/asan_malloc_linux.cpp:145
#1 0x7f443400c727 in xmalloc ../src/includes/helpers.h:64
#2 0x7f443400d1f4 in rc_stringlist_add ../src/librc/librc-stringlist.c:32
#3 0x7f4433fecc34 in get_runlevel_chain ../src/librc/librc.c:390
#4 0x7f4433fedc00 in rc_runlevel_stacks ../src/librc/librc.c:519
#5 0x7f4433ff1d8e in rc_services_in_runlevel_stacked ../src/librc/librc.c:976
#6 0x55be0e8f9517 in main ../src/rc/rc-status.c:407
#7 0x7f44334736cf in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
```
Signed-off-by: Sam James <sam@gentoo.org>
The value of ${seed_dir} may have spaces in it, making the current
argument string building method unsafe. Instead, use positional
parameters to pass these arguments safely.
There have been a number of subtle improvements and cleanups to seedrng,
including using openat and locking the directory fd instead of a
separate lock file. Also various stylistic cleanups.
This fixes#519.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* rewrite tests to work with meson
This ports our tests to meson and makes them able to be run in parallel.
* add tests to ci
* rewrite test/check-trailing-newlines in bash
This test was using a GNU sed command which does not work on Alpine Linux.
- drop old build system
- move shared include and source files to common directory
- drop "rc-" prefix from shared include and source files
- move executable-specific code to individual directories under src
- adjust top-level .gitignore file for new build system
This closes#489.
The RNG can't actually be seeded from a shell script, due to the
reliance on ioctls. For this reason, the seedrng project provides a
basic script meant to be copy and pasted into projects like OpenRC and
tweaked as needed: https://git.zx2c4.com/seedrng/about/
This commit imports it into OpenRC and wires up /etc/init.d/urandom to
call it. It shouldn't be called by other things on the system, so it
lives in rc_sbindir.
Closes#506.
Closes#507.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>