aboutsummaryrefslogtreecommitdiff
path: root/src/shared/selinux.h
diff options
context:
space:
mode:
authorDominique Martinet <dominique.martinet@atmark-techno.com>2023-02-02 10:29:49 +0900
committerWilliam Hubbs <w.d.hubbs@gmail.com>2023-04-24 22:06:41 -0500
commita3c721b6821f1ecbe7ac567becc13df08b416f36 (patch)
tree61def2c54d2a66306cd3970898262cbd7d0e5922 /src/shared/selinux.h
parent3f82d5b1a3e7456571488fd151ae84f9f30ef6cc (diff)
openrc-run: remove kludge in restart --no-deps
restarting a service with --no-deps ran into a "hairy workaround", which had a few problems discussed in [1]: - it ignores --dry-run, really restarting the requested service - if the service was stopped, the program is started but the service status stays stopped. This makes long-lived services impossible to (re)start again (pid already exists and running), and the service also won't stop on shutdown. The kludge had a long comment describing the following situation: - openvpn needs net and dns - net restarts dns - dns needs net If the restart in net handled deps, openrc would deadlock waiting for net in dns' restart, as net won't be started until that is done. Restarting with --nodeps works around the deadlock, but can display errors without the kludge (note that the services did start properly anyway, the problem is that the default service path tries to lock dns twice from openvn's dep's start and net's start's restart): --- alpine:~# rc-service openvn start openvn | * Caching service dependencies ... [ ok ] net |net starting net |dns | * Call to flock failed: Resource temporarily unavailable net |dns | * ERROR: dns stopped by something else net |net started dns |dns started openvn |openvn started alpine:~# rc-status | grep s[1-3] net [ started ] dns [ started ] openvn [ started ] --- Locking again in restart --nodep can fail in two patterns: - openvpn's need dependency start was first, and the restart in net failed (case above): we can just silence locking failures and exit quietly with restart --no-deps, which is not worse than trying to restart while another process hold the lock. - the restart in net's start was first, and openvpn's need dependency start failed: not much can be done here short of adding a new status that a no-deps restart is in progress as in the comment, but this case can actually just be solved by adjusting dependencies -- and it actually has already been fixed: the current openvpn init script in alpine only 'use dns', so it will not try to start it, and that will start just fine with openvpn -> net -> dns only each starting each other once sequentially. Another failure pattern is just starting dns directly: that will start net, which will try to restart dns while we are starting it. Silencing messages on restart also solves this. Link: https://github.com/OpenRC/openrc/issues/224 [1]
Diffstat (limited to 'src/shared/selinux.h')
0 files changed, 0 insertions, 0 deletions