Age | Commit message (Collapse) | Author |
|
readlink(3) does not nul-terminate the result it sticks
into the supplied buffer. Consequently, the code
rc = readlink(path, buf, sizeof(buf));
does not necessarily produce a C string.
The code in rc_find_pid() produces some C strings this way
and passes them to strlen() and strcmp(), which can lead
to an out-of-bounds read.
In this case, since the code already takes care to
zero-initialize the buffers before passing them
to readlink(3), only allow sizeof(buf)-1 bytes to
be returned.
(While fixing this issue, I fixed two other locations that
used the same problematic pattern.)
This fixes #270.
|
|
The contents of /proc/<pid>/cmdline are read into
a stack buffer using
bytes = read(fd, buffer, sizeof(buffer));
followed by appending a null terminator to the buffer with
buffer[bytes] = '\0';
If bytes == sizeof(buffer), then this write is out-of-bounds.
Refactor the code to use rc_getfile instead, since PATH_MAX
is not the maximum size of /proc/<pid>/cmdline. (I hit this
issue in practice while compiling Linux; it tripped the
stack-smashing protector.)
This is roughly the same buffer overflow condition
that was fixed by commit 0ddee9b7d2b8dea810e252ca6a95c457876df120
This fixes #269.
|
|
|
|
Use errno != EACCES to fix false-positive for non-root users
with grsecurity kernels.
Fixes: 37e29442721a ("librc: Add check for crashed state")
This fixes #237
|
|
|
|
|
|
|
|
In rc_service_state,, call rc_service_daemons_crashed to check for
a crashed daemon if the service is started.
|
|
|
|
rc_deptree_update_needed would return early as soon as it found
any file newer than the existing dependency cache. Unfortunately,
the first file found may not be the newest one there; so the
clock skew workaround in rc-misc:_rc_deptree_load would be given
a timestamp that was still too old.
This fix forces a full scan of all relevant files, so as to
ensure that we return a timestamp that will allow the clock skew
fix to operate. The runtime cost is no worse than the case where
the cache is up to date (ie. we must check every possible file).
This fixes #161.
|
|
Ignore namespaces if there are errors reading either the pid namespace
for the current process or the process we aare testing.
This fixes https://github.com/openrc/openrc/issues/180.
|
|
This allows the equivalent of "unsetting" a value for a service.
|
|
X-Gentoo-Bug: 634634
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=634634
|
|
openrc-init.c and openrc-shutdown.c are based on code which was written by
James Hammons <jlhamm@acm.org>, so I would like to publically
thank him for his work.
|
|
X-Gentoo-Bug: 604666
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=604666
|
|
This fixes #109.
X-Gentoo-Bug: 558700
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=558700
|
|
The original auto detection of Docker containers assumed the presence of
a container environment variable. However, Docker-1.12 does not
implement this, and I'm not sure which versions of docker implemented
it.
The new test is for the presence of a file named .dockerenv in the
root directory.
|
|
This fixes #43.
|
|
|
|
This probably isn't needed, but it mimics old behavior.
|
|
|
|
This fixes an issue where librc code was calling code that only existed
in the rc binary.
This reverts commits 8addd79 and 9f6e056
This fixes #75.
|
|
This reverts commit 73482cf13a338051606788957cbd0031ac850c70.
|
|
|
|
In the past, OpenRC was a hybrid of a centralized and file-scope
license/copyright structure.
I followed the instructions from the Software Freedom Law Center [1] to
convert to a Centralized structure where possible, for easier future
maintenance.
[1] https://softwarefreedom.org/resources/2012/ManagingCopyrightInformation.html
|
|
|
|
|
|
|
|
|
|
These functions were never meant to be used outside of OpenRC, and they
were added when we thought we were going to do away with the automatic
detection of subsystems. Since the autodetection is not going away, we
can combine these functions into rc_sys.
|
|
The want dependency is similar to the use dependency. If a service
script, for example called service1, adds "want service2" to its depend
function, OpenRC will attempt to start service2, if it exists on the
system, when service1 is started.
However, service1 will start regardless of the status of
service2.
X-Gentoo-Bug: 406021
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=406021
|
|
This also fixes breakage of GNU/hurd builds introduced by commit 3f82edbeb92.
|
|
Rename the rc_conf_override function to describe its purpose better,
drop one conditional compile by making it available everywhere, and move
the call to it after the optional rc.conf.d directory is processed.
|
|
|
|
This makes it possible to override settings in rc.conf by adding a
directory @SYSCONFDIR@/rc.conf.d and putting files in this directory.
The files will be processed in lexical order, and the last setting in
these files will be used.
|
|
If a service has the same name as the runlevel it is in, openrc will
crash on changing to such runlevel. It goes in a recursive madness and
eventually gets a SEGV while in snprintf (don't know why).
This fixes two errors:
1. ls_dir stats files not with full path -> stat always returns != 0
2. ls_dir adds files to list if stat failed
This fixes #53.
X-Gentoo-Bug: 537304
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=537304
|
|
This adds support for running OpenRC in a container created by
the systemd-nspawn utility.
This fixes #52.
X-Gentoo-Bug: 548058
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=548058
|
|
|
|
librc: Fix C90 warning (mixed declaration and code)
rc: Fix warning about discarding const qualifier
Fixes #45.
|
|
This fixes #35.
|
|
This fixes a double free of the pidfile variable. For discussion of this
issue, see the bug.
X-Gentoo-Bug: 531600
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=531600
|
|
Fixes #28.
X-Gentoo-Bug: #527370
X-Gentoo-Bug-Url: https://bugs.gentoo.org/show_bug.cgi?id=527370
|
|
|
|
We are bundling this to allow building on musl-based systems since musl
does not include <sys/queue.h>.
|
|
It is necessary to check for both the kernel and c library because
__FreeBSD_kernel is also defined on native FreeBSD [1].
[1] http://sourceforge.net/p/predef/wiki/OperatingSystems/
|
|
|
|
|
|
|
|
Check for __FreeBSD_kernel instead of __GLIBC__ in source files.
note from William Hubbs:
I was told this is a better check for GNU/kFreeBSD than checking the
C library the source is being compiled against.
GNU/kFreeBSD than checking which library we are using.
|
|
There is no need to redefine __BEGIN_DECLS and __END_DECLS.
We simplify the logic here and avoid undefining these macros.
|