aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-12-27fix potential out-of-bounds readsphilhofer
readlink(3) does not nul-terminate the result it sticks into the supplied buffer. Consequently, the code rc = readlink(path, buf, sizeof(buf)); does not necessarily produce a C string. The code in rc_find_pid() produces some C strings this way and passes them to strlen() and strcmp(), which can lead to an out-of-bounds read. In this case, since the code already takes care to zero-initialize the buffers before passing them to readlink(3), only allow sizeof(buf)-1 bytes to be returned. (While fixing this issue, I fixed two other locations that used the same problematic pattern.) This fixes #270.
2018-12-25Do not use UT_LINESIZE or __UT_LINESIZEWilliam Hubbs
These are not standard. For more information see issue #279. This fixes #279.
2018-12-24src/librc/librc-daemon.c: fix buffer overrun in pid_is_argvphilhofer
The contents of /proc/<pid>/cmdline are read into a stack buffer using bytes = read(fd, buffer, sizeof(buffer)); followed by appending a null terminator to the buffer with buffer[bytes] = '\0'; If bytes == sizeof(buffer), then this write is out-of-bounds. Refactor the code to use rc_getfile instead, since PATH_MAX is not the maximum size of /proc/<pid>/cmdline. (I hit this issue in practice while compiling Linux; it tripped the stack-smashing protector.) This is roughly the same buffer overflow condition that was fixed by commit 0ddee9b7d2b8dea810e252ca6a95c457876df120 This fixes #269.
2018-12-24src/rc/supervise-daemon.c: formatting fixesphilhofer
Fix misleading indentation and other erroneous whitespace. This fixes #273.
2018-12-23remove /run migration script againWilliam Hubbs
This time it was done correctly. I missed a '\' the last time.
2018-12-23src/rc/supervise-daemon.c: do not pass NULL to strcmpphilhofer
The following will cause a segfault due to NULL being passed to strcmp(3) $ RC_SVCNAME=foo supervise-daemon Fix the bounds check on argc in main. If argc<=1, then it is not safe to dereference argv[1].
2018-12-23src/rc/openrc-run.c: remove duplicate statementphilhofer
The statement ll = strlen(applet); appears twice in the same block without any intervening assignment to the variables 'll' or 'applet' Remove the second (duplicate) statement.
2018-12-23Revert "remove /run migration script"William Hubbs
For some reason removing this broke the build. This reverts commit 5246ea7b6f8c6a247403f725f8301457f6ddfffd.
2018-12-23remove /run migration scriptWilliam Hubbs
We have used /run for some time now and we have had this migration script for 6 years. Linux users should have upgraded by now to a version of OpenRC which stores its information in /run.
2018-12-21fix compiler warningsWilliam Hubbs
2018-12-20supervise-daemon: do not use the exec_service() functionWilliam Hubbs
In order to run healthcheck() and the unhealthy() function, add an exec_command call to the supervisor. Another difference is This function also logs errors instead of attempting to display them. This is for #271.
2018-12-18Add debug logging to start-stop-daemon and rc-supervisorWilliam Hubbs
This will make it easier to track down why the supervisor intermittently hangs after it runs for a long time.
2018-12-08standardize the default shellWilliam Hubbs
I do not know of a need to have the default shell be a build-time configurable setting. All *nix systems I am aware of have /bin/sh as a default posix compatible shell. If some systems running OpenRC do not make that assumption about /bin/sh, I will consider bringing this back, so feel free to open an issue.
2018-12-07rc-cgroup.sh: remove shebang lineWilliam Hubbs
This is not a stand-alone script, so it does not need the shebang line. This also means it is not necessary to run this through sed.
2018-12-06init.d/agetty: set default respawn period to 60 secondsWilliam Hubbs
Without a respawn period setting, the supervisor will give up on respawning agetty after it is respawned respawn_max times. For most daemons giving up like this is reasonable, but not for agettys. Agettys should always be respawned unless they are respawning too fafst,. If an agetty is respawning faster than 10 times in 60 seconds, this seems to be too fast.
2018-12-06supervise-daemon: fix busy loopWilliam Hubbs
This fixes #264.
2018-12-04supervise-daemon: redirect std{in,out,err} to /dev/null after demonizingAlexander Zubkov
This fixes #239.
2018-12-03version 0.41William Hubbs
2018-12-03Update ChangeLogWilliam Hubbs
2018-12-03misc: make checks always fatalAustin English
This fixes #263.
2018-12-03src/rc/supervise-daemon.c: fix style issueAustin English
This is for #263.
2018-12-03rc-status: show status for supervised services instead of a listWilliam Hubbs
2018-12-03Update supervise-daemon man pageWilliam Hubbs
2018-12-03supervise-daemon.sh: drop the unused stopsig variableWilliam Hubbs
2018-12-03supervise-daemon: use a default pid file if one is not specifiedWilliam Hubbs
Since the pid file is internal to us, start moving toward deprecating it by not requiring the user to specify it. In the next release, I plan on working on code to start phasing out the use of a pid file if this is possible.
2018-12-02rc-status: add --supervised option to show supervised servicesWilliam Hubbs
2018-12-02rc-status: show failed services as failedWilliam Hubbs
2018-12-02supervise-daemon: mark a service failed if it respawns too many timesWilliam Hubbs
2018-12-02supervise-daemon: make respawn-max and respawn-period independent settingsWilliam Hubbs
2018-12-02supervise-daemon: add support for a fifoWilliam Hubbs
This will allow us to signal the daemon we are supervising as well as send other commands to the supervisor in the future. This fixes #227.
2018-12-02supervise-daemon: rework signal handling and main loopWilliam Hubbs
This is needed in preparation for adding support for a fifo to allow us to communicate with the supervisor to ask it to signal the child it is supervising.
2018-12-02Revert "checkpath: use O_PATH when available"William Hubbs
This reverts commit 2af0cedd5952d7da71681b7a636dff3540e4295d. After speaking with Luis Ressel on the Gentoo selinux team, I am reverting this commit for the following reasons: - Luis told me that he feels this is not the solution we need to address the concern with checkpath; I will be working with him on another solution. - There are concerns about the way the path variable was handled and the assert() call. The path variable should be dynamically allocated using xasprintf instead of defining a length at compile time. This would eliminate the need for the assert() call. - It introduces the definition of _GNU_SOURCE which makes it easier to introduce portability concerns in the future (see #262).
2018-12-01checkpath: use O_PATH when availableMike Gilbert
This avoids opening directories/files with read permission, which is sometimes rejected by selinux policy. Bug: https://bugs.gentoo.org/667122
2018-11-29rc.conf: typo fixWilliam Hubbs
X-Gentoo-Bug: 670874 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=670874
2018-11-28supervise-daemon: fix type of exiting flagWilliam Hubbs
2018-11-27src/tests/runtests.sh: add a FATAL_CHECKS variable to make whitespace/etc. fatalAustin English
2018-11-27src/rc/openrc-shutdown.c: fix styleAustin English
2018-11-27fix misc whitespace issuesAustin English
2018-11-27give TravisCI a tryAustin English
2018-11-18sh/functions.sh.in: return a different value for invalid input in yesno()Austin English
2018-11-15supervise-daemon: make the pidfile an implementation detailWilliam Hubbs
The pidfile of the supervisor doesn't need to be adjustable by the service script. It is only used so the supervisor can stop itself when the --stop option is used.
2018-11-15Do not complain if interrupted by a signalWilliam Hubbs
In start-stop-daemon and rc-schedules, we were printing out a warning if the nanosleep call was interrupted by a signal, but we did not treat this as an error situation other than displaying the message, so there is no need for the message.
2018-11-07Create save-keymaps and save-ktermencoding servicesWilliam Hubbs
These services represent the parts of the keymaps and termencoding services which saved the settings back to the root file system so they can be loaded very early in the boot process. These are needed to allow keymaps and termencoding to run earlier in the boot sequence. X-Gentoo-Bug: 446018 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=446018
2018-11-06supervise-daemon.sh: drop invalid --signal switchWilliam Hubbs
This fixes #230.
2018-11-05supervise-daemon: reap zombiesWilliam Hubbs
We need to make sure to reap zombies so that we can shut down successfully. Fixes #252. Possibly related to #250.
2018-11-05rc-service: fix help outputWilliam Hubbs
2018-11-02openrc-init: add SELinux supportWilliam Hubbs
This is for #173.
2018-10-24openrc-shutdown: do not require a time for -w switchWilliam Hubbs
X-Gentoo-Bug: 669500 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=669500
2018-10-24version 0.40William Hubbs
2018-10-23Update ChangeLogWilliam Hubbs