Age | Commit message (Collapse) | Author |
|
This add No New Privs flag for start-stop-daemon and supervise-daemon
by adding --no-new-privs flag. As a result, the user set the No New
Privs flag for the program should run with.
see PR_SET_NO_NEW_PRIVS prctl(2)
|
|
This adds securebits flags for start-stop-daemon and supervise-daemon
by adding --secbits option. As a result, the user can specify
securebits the program should run with. see capabilities(7)
|
|
|
|
This adds capabilities for start-stop-daemon by adding --capabilities
option. As a result, the user can specify the inheritable, ambient and
bounding set by define capabilities in the service script.
This fixes #314.
|
|
This makes the URIs shorter and dynamic: whatever the default branch
the repo uses will be used.
|
|
The old code is moved to a cgroup_fallback_cleanup function and only
called if cgroup2_kill fails.
This fixes #454.
|
|
Currently, we run sv start immediately after linking the service.
The runsv process may not be up at the moment, as a result of which
openrc will mark the service as stopped, even though it may be brought up
by runit at the next scan.
This is documented in the gentoo wiki:
https://wiki.gentoo.org/wiki/Runit#OpenRC.27s_runit_integration_feature
This PR adds a timeout so that correct process state can be reported.
Before:
* Starting netdata-runit ...
fail: /run/openrc/sv/netdata: runsv not running
* Failed to start netdata-runit
After:
* Starting netdata-runit ...
fail: /run/openrc/sv/netdata: runsv not running
ok: run: /run/openrc/sv/netdata: (pid 9042) 0s
This fixes #253.
|
|
Busybox timeout does not support the `-k` flag. As such, invoking fuser
from do_unmount never worked without this patch. This went unnoticed as
standard error is redirected to /dev/null. This patch fixes this by
simply removing the incompatible `-k` flag.
[Ariadne: the `-k` is redundant anyway, since we are sending the KILL
signal to begin with.]
|
|
|
|
Closes #116.
Closes #171.
Closes #172.
Closes #175.
|
|
X-Gentoo-Bug: 804193
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=804193
|
|
X-Gentoo-Bug: 804193
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=804193
|
|
In legacy cgroups mode, we were running `mountinfo -q ""` which was
generating an error message. If we return immediately when
cgroup2_find_path returns an empty value, we avoid this message.
|
|
- fix mount options for /run.
- run restorecon after everything is set up.
X-Gentoo-Bug: 740576
X-Gentoo-Bug-URL: https://bugs.gentoo.org/740576
|
|
Fixes: #407
|
|
This should make cgroup_cleanup work successfully since cgroup_get_pids
no longer uses a subshell.
This fixes #396.
This fixes #397.
|
|
|
|
X-Gentoo-Bug:739274
X-Gentoo-Bug-URL:https://bugs.gentoo.org/739274
|
|
This fixes #328
|
|
use grep -E instead of egrep
check for space or end of line instead of GNU-specific word boundary
This fixes #345
|
|
prior to cgroups getting mounted, /sys/fs/cgroup will still exist,
but attempts to make directories in it will fail, change cgroup2_set_limits() to
verify that cgroups are mounted instead of just checking that /sys/fs/cgroup
exists.
This fixes #307.
This fixes #321.
|
|
This fixes #295.
|
|
This is for #288.
|
|
This time it was done correctly.
I missed a '\' the last time.
|
|
For some reason removing this broke the build.
This reverts commit 5246ea7b6f8c6a247403f725f8301457f6ddfffd.
|
|
We have used /run for some time now and we have had this migration
script for 6 years. Linux users should have upgraded by now to a version
of OpenRC which stores its information in /run.
|
|
I do not know of a need to have the default shell be a build-time
configurable setting. All *nix systems I am aware of have /bin/sh as a
default posix compatible shell.
If some systems running OpenRC do not make that assumption about
/bin/sh, I will consider bringing this back, so feel free to open an
issue.
|
|
This is not a stand-alone script, so it does not need the shebang line.
This also means it is not necessary to run this through sed.
|
|
|
|
Since the pid file is internal to us, start moving toward deprecating it
by not requiring the user to specify it.
In the next release, I plan on working on code to start phasing out the
use of a pid file if this is possible.
|
|
|
|
The pidfile of the supervisor doesn't need to be adjustable by the
service script. It is only used so the supervisor can stop itself when
the --stop option is used.
|
|
This fixes #230.
|
|
Health checks are a way to monitor a service and make sure it stays
healthy.
If a service is not healthy, it will be automatically restarted after
running the unhealthy() function to clean up.
|
|
|
|
This is an old relic from Gentoo baselayout-1.x which should not be used
any longer.
|
|
|
|
|
|
is undefined
|
|
This is handled inside librc, so we don't need the nesting in this
script.
|
|
Remove the IFS manipulation and simplify the loop that processes the
settings.
|
|
Some initramfs mount /run which then ends up with the wrong labels.
Force relabel all of /run right after its mounted to fix.
|
|
/dev/console is relabelled later in the devfs init script, but by then we
have already missed some of the messages, so fix that label early.
|
|
The current check only tries to detect whether /sys/fs/cgroup exists and
whether it is writable or not. But when the init system doesn't mount
cgroups then /sys/fs/cgroup will just be an empty directory. When paired
with unprivileged containers that mount sysfs this will cause misleading
errors to be printed since /sys/fs/cgroup will be owned by user
nobody:nogroup in this case. Independent of this specific problem this
check will also be misleading when the /sys/fs/cgroup exists and is in
fact writable by the init system but isn't actually a mountpoint.
Note from William. "grep -qs" doesn't need to redirect output to
/dev/null since it is completely silent.
This fixes #209.
|
|
This function should only be called once and it does not take any
arguments.
X-Gentoo-Bug: 639166
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=639166
|
|
Add the following variables to expose more arguments that can be passed
to start-stop-daemon or supervise-daemon:
- directory will be passed to --chdir
- error_log will be passed to --stderr
- output_log will be passed to --stdout
- umask will be passed to umask
This is for #184.
|
|
Add the ability to force-kill a service if it does not go down
successfully. Also, adjust the default wait time for an s6 service to go
down to 60 seconds.
|
|
This makes ps show which service the supervisor is monitoring.
|
|
The unsupervised status is to be used when a supervisor of a supervised
service dies but leaves the service daemon itself running.
|
|
|