Add fallback for the close_range syscall wrapper. This is needed for
musl libc, which currently does not have a close_range wrapper.
Also set errno on errors.
Set file descriptors to CLOEXEC instead of closing them before exec,
similar to what we do in supervise-daemon.
Use the share cloexec_fds_from() helper for this.
closefrom() is no longer used so remove the test.
Move logic to set file descriptors to a cloexec_fds_from() function in
misc.c so it can be shared by both supervisor-daemon and
start-stop-daemon, and hide the details behind.
Use HAVE_CLOSE_RANGE to tell if system provides a close_range(2)
wrapper, which better explains the purpose.
Add a compat inline which returns -1 if close_range is unavailable.
`>=glibc-2.38` implements strlcpy, strlcat, etc so check for those functions
with Meson and don't provide conflicting prototypes.
Technically, it doesn't need _GNU_SOURCE, but it's easier because it's not
clear right now what glibc wants to guard it with. Note that these are in
POSIX next anyway.
Fixes: https://github.com/OpenRC/openrc/issues/643
Signed-off-by: Sam James <sam@gentoo.org>
Commit fc4f15d6cd broke the automatic restart of
services having runlevel-specific conf.d files.
The double dirname() was not a mistake, but the way of getting from the
service script in init.d to the upper directory containing the conf.d
directory. dirname() modifies the argument in-place, so the second call
operated on a modified value. To make it more obvious what is going on,
have the second call operate on the returned value from the first call.
Fixes: fc4f15d ("openrc: fix double-assignment to dir")
Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
This was originally introduced in 14625346c0 with
an example list (just one for rc_parallel) of options. Let's add in rc_interactive
as it's a pretty obvious thing one might want to override.
See https://forums.gentoo.org/viewtopic-p-8694588.html.
svc_exec waits until SIGCHLD comes in to close its input, but in
rc_parallel case the SIGCHLD might be unrelated.
Checking the proper pid is found in signal handler and only signaling
signal_pipe the status code directly avoids this problem.
restarting a service with --no-deps ran into a "hairy workaround", which
had a few problems discussed in [1]:
- it ignores --dry-run, really restarting the requested service
- if the service was stopped, the program is started but the service
status stays stopped. This makes long-lived services impossible to
(re)start again (pid already exists and running), and the service also
won't stop on shutdown.
The kludge had a long comment describing the following situation:
- openvpn needs net and dns
- net restarts dns
- dns needs net
If the restart in net handled deps, openrc would deadlock waiting for
net in dns' restart, as net won't be started until that is done.
Restarting with --nodeps works around the deadlock, but can display
errors without the kludge (note that the services did start properly
anyway, the problem is that the default service path tries to lock dns
twice from openvn's dep's start and net's start's restart):
---
alpine:~# rc-service openvn start
openvn | * Caching service dependencies ... [ ok ]
net |net starting
net |dns | * Call to flock failed: Resource temporarily unavailable
net |dns | * ERROR: dns stopped by something else
net |net started
dns |dns started
openvn |openvn started
alpine:~# rc-status | grep s[1-3]
net [ started ]
dns [ started ]
openvn [ started ]
---
Locking again in restart --nodep can fail in two patterns:
- openvpn's need dependency start was first, and the restart in net
failed (case above): we can just silence locking failures and exit quietly
with restart --no-deps, which is not worse than trying to restart while
another process hold the lock.
- the restart in net's start was first, and openvpn's need dependency
start failed: not much can be done here short of adding a new status
that a no-deps restart is in progress as in the comment, but this case
can actually just be solved by adjusting dependencies -- and it actually
has already been fixed: the current openvpn init script in alpine only
'use dns', so it will not try to start it, and that will start just
fine with openvpn -> net -> dns only each starting each other once
sequentially.
Another failure pattern is just starting dns directly: that will start
net, which will try to restart dns while we are starting it.
Silencing messages on restart also solves this.
Link: https://github.com/OpenRC/openrc/issues/224 [1]
according to the linux manpage, the "safe" variant may not be available
on all platform. however we bundle our own `queue.h` so this should not
be an issue.
the pid list will be accessed inside the SIGCHLD signal handler. so we
must ensure SIGCHLD handler doesn't get invoked while the list is at an
inconsistent state making it unsafe to interact with.
Co-authored-by: Dominique MARTINET <dominique.martinet@atmark-techno.com>
Bug: https://github.com/OpenRC/openrc/issues/589#issuecomment-1406588576
`free` is not async-signal-safe and calling it inside a signal handler
can have bad effects, as reported in the musl ML:
https://www.openwall.com/lists/musl/2023/01/23/1
the solution:
- keep track of weather remove_pid() is being called from inside a
signal handler or not.
- if it's inside a signal handler then DO NOT call free - instead put
that pointer into a "to be freed later" list.
- if it's not inside a signal handler then take the "to be freed later"
list and free anything in it.
Bug: https://github.com/OpenRC/openrc/issues/589
Reported-by: Dominique MARTINET <dominique.martinet@atmark-techno.com>
problem:
* vfork has been removed from POSIX [0].
* clang-tidy flags the `strerror` and `eerror` call inside the vfork-ed
child as undefined behavior.
solution: use posix_spawnp, which is serves similar purpose and is
specified in posix. and as an added bonus, it's also easier to use and
less lines of code.
[0]: https://www.man7.org/linux/man-pages/man2/vfork.2.html#CONFORMING_TO
`seed_dir` gets allocated via xstrdup but never gets freed - which
clang-tidy flags as a memory leak.
instead of free-ing the allocation, just don't allocate to begin with
since there's no need for it.
also bump the copyright year.