436 Commits

Author SHA1 Message Date
William Hubbs
61905bfcf5 Clean up cgroups v2 code
Remove the IFS manipulation and simplify the loop that processes the
settings.
2018-03-11 21:41:01 -05:00
Jason Zaman
5bb6f9aa31 init.sh: apply SELinux label for /run early in boot
Some initramfs mount /run which then ends up with the wrong labels.
Force relabel all of /run right after its mounted to fix.
2018-02-28 12:42:58 -06:00
Jason Zaman
1ab8541a6c init-early.sh.Linux.in: apply the selinux label to /dev/console early
/dev/console is relabelled later in the devfs init script, but by then we
have already missed some of the messages, so fix that label early.
2018-02-28 11:24:55 -06:00
Christian Brauner
16ff3cd8df check whether /sys/fs/cgroup is a mountpoint
The current check only tries to detect whether /sys/fs/cgroup exists and
whether it is writable or not. But when the init system doesn't mount
cgroups then /sys/fs/cgroup will just be an empty directory. When paired
with unprivileged containers that mount sysfs this will cause misleading
errors to be printed since /sys/fs/cgroup will be owned by user
nobody:nogroup in this case. Independent of this specific problem this
check will also be misleading when the /sys/fs/cgroup exists and is in
fact writable by the init system but isn't actually a mountpoint.

Note from William. "grep -qs" doesn't need to redirect output to
/dev/null since it is completely silent.

This fixes #209.
2018-02-23 15:51:12 -06:00
William Hubbs
cee3919908 Clean up the calls to group_add_service
This function should only be called once and it does not take any
arguments.

X-Gentoo-Bug: 639166
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=639166
2017-12-01 15:43:09 -06:00
Julien Reichardt
ddbdb69658 add more variables for start-stop-daemon and supervise-daemon options
Add the following variables to expose more arguments that can be passed
to start-stop-daemon or supervise-daemon:

- directory will be passed to --chdir
- error_log will be passed to --stderr
- output_log will be passed to --stdout
- umask will be passed to umask

This is for #184.
2017-11-29 15:06:06 -06:00
William Hubbs
e805c74d31 s6 supervisor fixes
Add the ability to force-kill a service if it does not go down
successfully. Also, adjust the default wait time for an s6 service to go
down to 60 seconds.
2017-11-16 15:35:35 -06:00
William Hubbs
913b2ca537 supervise-daemon: use RC_SVCNAME as the first argument to the daemon
This makes ps show which service the supervisor is monitoring.
2017-10-27 19:22:09 -05:00
William Hubbs
82da844b42 implement "unsupervised" status
The unsupervised status is to be used when a supervisor of a supervised
service dies but leaves the service daemon itself running.
2017-10-26 13:11:12 -05:00
William Hubbs
6f3e2e2d7d supervise-daemon.sh: fix status function with no namespaces 2017-10-25 21:20:15 -05:00
Patrick McLean
35b88fb42b cgroups_cleanup: clean up shutdown signaling
- do not sleep for the full 90 seconds if processes are dead
- re-arrange the order of signals we attempt to send to the processes
2017-10-25 21:19:15 -05:00
William Hubbs
a428c325a9 add "unsupervised" status and return code 64 to supervise-daemon status function
This is to be used if the service is being supervised and the
supervisor is somehow killed.

Currently, this is very linux specific, but I will expand to other
platforms, patches are welcome.
2017-10-25 15:09:42 -05:00
William Hubbs
7f3b413111 use printf consistently in cgroups handling
This makes the cgroups handling consistent between cgroups v1 and v2.
Also, it fixes #167.
2017-09-29 12:51:12 -05:00
William Hubbs
1ccba05658 sh/rc-functions.sh: add need_if_exists convenience function 2017-09-22 17:22:50 -05:00
William Hubbs
cd5722aca5 cgroup2_find_path: use legacy mode if cgroup2 is not in the kernel
This is related to #164.
2017-09-16 16:49:22 -05:00
William Hubbs
25b45a5a23 cgroup_cleanup: try to remove the cgroup version 2 cgroup
If we were able to kill all the processes in the cgroup, it should be
removed.
2017-09-15 14:22:34 -05:00
William Hubbs
4651b8c7e9 rc-cgroup.sh: cgroup_cleanup fix error handling
cgroup_cleanup should warn if it is unable to clean up all processes in
the control group, but it will always return success.
2017-09-15 13:42:50 -05:00
William Hubbs
50608b54ed rc-cgroup.sh: fix signal names
The "SIG" prefix on signal names passed to kill -s isn't portable.
2017-09-15 13:28:15 -05:00
William Hubbs
6a5ca2ab36 make the procedure for killing child processes of services configurable 2017-09-14 16:17:20 -05:00
William Hubbs
2b0345165e Make cgroup_cleanup send only one sigterm and sigkill
Instead of looping and sending multiple signals to child processes in
cgroup_cleanup, we send sigterm followed by sleeping one second then
sigkill.

This brings us more in line with systemd's "control group" killmode
setting.

Also, this commit includes several shellcheck cleanups.
2017-09-14 10:55:06 -05:00
William Hubbs
8885580986 rc-cgroup.sh: move cgroup_cleanup to the end of the file 2017-09-14 10:44:52 -05:00
William Hubbs
457f928e79 add support for control groups version 2
This is for #94.
2017-09-14 10:38:10 -05:00
William Hubbs
17b5cc78d3 add retry option to supervise-daemon
The --retry option for supervise-daemon defines how the supervisor will
attempt to stop the child process it is monitoring. It is defined when
the supervisor is started since stopping the supervisor just sends a
signal to the active supervisor.

This fixes #160.
2017-09-06 17:22:21 -05:00
William Hubbs
66ed8082d0 sh/openrc-run: source service script before ulimit is processed
This is needed to allow the service script author to set a default for
rc_ulimit inside the service script.
2017-08-15 17:15:14 -05:00
William Hubbs
4c89e3f5fa supervise-daemon:create multiple options from --respawn-limit
This creates --respawn-delay, --respawn-max and --respawn-period. It was
suggested that it would be easier to follow if the options were
separated.

This is for #126.
2017-05-10 18:13:23 -05:00
William Hubbs
3673040722 supervise-daemon: add a --respawn-limit option
Allow limiting the number of times supervise-daemon will attempt to respawn a
daemon once it has died to prevent infinite respawning. Also, set a
reasonable default limit (10 times in a 5 second period).

This is for issue #126.
2017-05-09 18:30:08 -05:00
William Hubbs
50fccf47d4 sh/gendepends.sh.in: fix detection of service scripts
We do not need to care about the path on the shebang line of a service
script as long as the shebang line ends with "openrc-run".
This fixes #119 and #120.
2017-03-23 13:17:11 -05:00
William Hubbs
1cb44092fc sh/rc-functions.sh.in: add get_bootparam_value function 2017-02-23 18:16:15 -06:00
William Hubbs
d3f833179b sh/init.sh.Linux.in: remove unused check for Gnu/KFreeBSD
This script only runs on Linux, so the check will always be false.
2016-12-18 11:53:12 -06:00
Doug Freed
856eafb006 sh/init.sh.Linux.in: skip /proc test if no md5sum
This will also warn users if md5sum is missing, which serves as a pretty
good indicator that /usr is not mounted.
2016-12-17 23:27:37 +00:00
Robin H. Johnson
f27d60add9
sh/openrc-run.sh: expose default start/stop/status
Supervisor setups break easily when start/stop/status functions are not
default.

Applications that write multiple PIDs to a pidfile (eg HAProxy as
described in bug 601540), can also benefit from being able to call the
default start/stop/status with modified environment variables.

Expose the default start/stop/status functions as
default_start/stop/status, and use them for the defaults
start/stop/status.

Trivial usage example:
```
  stop()
  {
    t=$(mktemp)
    for pid in $(cat $pidfile) ; do
      echo $pid >$t
      pidfile=$t default_stop
    done
    rm -f $t
  }
```

X-Gentoo-Bug: 601540
X-Gentoo-Bug-URL: https://bugs.gentoo.org/601540
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
2016-12-17 14:50:11 -08:00
Doug Freed
8ad460c54c Fix typos
Fixes #99
2016-12-17 18:41:02 +00:00
William Hubbs
e0ac661419 split tmpfiles processing into opentmpfiles
The openntmpfiles package is designed so that it can be used on systems
independently of whether openrc is used.
2016-12-01 12:04:54 -06:00
William Hubbs
bbf98befb8 sh/init.sh.Linux.in: update test for live /proc to use md5sum
This allows us to avoid the warnings from bash-4.4 about null bytes in
command substitutions.

If you have separate /usr, are not using an initramfs, and have a file
called /proc/self/environ on your root file system, this will break.
X-Gentoo-Bug: 594534
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=594534
2016-09-22 17:37:09 -05:00
William Hubbs
d6c30ab12a Revert "Remove eval calls from supervisor start functions"
This reverts commit 0d1f1010c299a95332f224c3be9e8dfdd85eec54.
We need the eval in case someone uses something like:
command_args="this \"is a\" test"

This is related to #77.
2016-09-20 11:33:56 -05:00
William Hubbs
0d1f1010c2 Remove eval calls from supervisor start functions
This fixes #77.
2016-09-19 18:03:57 -05:00
William Hubbs
c146b96691 Add command_progress variable
If this is set to yes, 1, true, or on, start-stop-daemon will display a
progress meter while waiting for a daemon to stop.
2016-09-16 14:23:09 -05:00
William Hubbs
c4d7e02abd Fix permission checks for cgroups
This is needed because containers may give read access to cgroups but
not allow the settings to be changed.
2016-09-14 12:34:42 -05:00
William Hubbs
8a8032478a Make use of name vs RC_SVCNAME consistent in supervisor scripts
This fixes #79.
2016-09-13 12:52:10 -05:00
William Hubbs
ac53c9a658 sh/init.sh: fix the test for cache restoration
This fixes the test for cache restoration since we are no longer caching
the dependency tree.
2016-09-12 12:58:31 -05:00
William Hubbs
d4d5593238 sh/openrc-run.sh: read global configuration settings first
X-Gentoo-Bug: 503134
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=503134
2016-09-06 13:34:25 -05:00
William Hubbs
f62253b833 Add support for runit
X-Gentoo-Bug: 501364
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=501364
2016-07-27 16:26:26 -05:00
Martin Väth
0c229faf7e tmpfiles.sh: Support lines with q Q h H
btrfs support is not implemented yet (for q Q v), but at least tmpfiles.sh
no longer chokes about tmpfiles.d lines of recent systemd versions

This fixes #87.
2016-07-26 10:53:54 -05:00
Mike Gilbert
3092e310ac tmpfiles: Accept filenames as command line arguments
This brings us closer to being able to use tmpfiles.sh as a full
replacement for systemd-tmpfiles.

This closes #83.
2016-07-25 15:37:18 -05:00
Mike Gilbert
671911762d tmpfiles: Process command line before gathering config files
This is part of #83.
2016-07-25 15:37:02 -05:00
Mike Gilbert
7d68839e9e tmpfiles: Make unrecognized options fatal
This is part of #83.
2016-07-25 15:36:44 -05:00
William Hubbs
3351c8b4c3 supervise-daemon.sh: add support for chroot variable 2016-05-19 17:59:40 -05:00
William Hubbs
a8214af2fe start-stop-daemon.sh: fix regression in chroot support
The support for the chroot variable was broken in 0.16, this fixes that
breakage.
2016-05-19 17:58:14 -05:00
William Hubbs
62410eaf4b add daemon supervisor
The supervise-daemon process is meant to be a lightweight supervisor
which can monitor and restart a daemon if it crashes.
2016-04-27 11:13:50 -05:00
Dustin C. Hatch
beaa71df0a binfmt.sh: use read in raw mode
The read builtin in most shells will interpret backslash characters
as escapes, and they are lost when reading binfmt files line-by-line.
This causes magic strings containing backslashes to be mangled and
become invalid, resulting in erroneous 'invalid entry' messages.

The -r option to read disables special handling of backslashes and
keeps all lines intact.

X-Gentoo-Bug: 575114
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=575114
2016-02-19 15:25:53 -06:00