rc-selinux.c: In function ‘selinux_setup’:
rc-selinux.c:361:9: warning: assignment discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
curr_t = context_type_get(curr_con);
^
The --retry option for supervise-daemon defines how the supervisor will
attempt to stop the child process it is monitoring. It is defined when
the supervisor is started since stopping the supervisor just sends a
signal to the active supervisor.
This fixes#160.
How to reproduce 1-byte overflow:
```
$ FEATURES=-test CFLAGS="-fsanitize=address -O0 -ggdb3" emerge -1 openrc
=================================================================
==1==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff0efd8710
at pc 0x000000402076 bp 0x7fff0efd7d50 sp 0x7fff0efd7d40
WRITE of size 1 at 0x7fff0efd8710 thread T0
#0 0x402075 (/sbin/openrc-init+0x402075)
#1 0x3cf6e2070f in __libc_start_main (/lib64/libc.so.6+0x3cf6e2070f)
#2 0x4013b8 (/sbin/openrc-init+0x4013b8)
Address 0x7fff0efd8710 is located in stack of thread T0 at offset 2432 in frame
#0 0x401cfb (/sbin/openrc-init+0x401cfb)
This frame has 3 object(s):
[32, 160) 'signals'
[192, 344) 'sa'
[384, 2432) 'buf' <== Memory access at offset 2432 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 ??
```
The problem here is in the code handling reads from 'init.ctl':
```
int main(int argc, char **argv) {
...
char buf[2048];
for (;;) {
/* This will block until a command is sent down the pipe... */
fifo = fopen(RC_INIT_FIFO, "r");
count = fread(buf, 1, 2048, fifo);
buf[count] = 0;
...
}
```
`buf[count] = 0;` writes outside the buffer when `fread()` returns non-truncated read.
This fixes#138.
Only close the log if we successfully opened it.
Reported-by: Brian Evans <grknight@gentoo.org>
Tested-by: Brian Evans <grknight@gentoo.org>
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
This creates --respawn-delay, --respawn-max and --respawn-period. It was
suggested that it would be easier to follow if the options were
separated.
This is for #126.
Allow limiting the number of times supervise-daemon will attempt to respawn a
daemon once it has died to prevent infinite respawning. Also, set a
reasonable default limit (10 times in a 5 second period).
This is for issue #126.
openrc-init.c and openrc-shutdown.c are based on code which was written by
James Hammons <jlhamm@acm.org>, so I would like to publically
thank him for his work.
Since deptree2dot and the perl requirement are completely optional, we
can move this tool to the support folder. This gives the user the option
of using it if they have perl installed, and means we do not have an
optional runtime dependency on perl.
Documentation for this tool has also been added to the support folder.
X-Gentoo-Bug: 600742
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=600742
This path should not be hard coded in the open call.
Linux prior to 2.4.19 did not have /proc/self/mounts, so for now I'm
making this value /proc/mounts everywhere, but that may change to
/proc/self/mounts on linux; I'm not sure we should care about <2.4.19.
X-Gentoo-Bug: 604646
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=604646
