| Age | Commit message (Collapse) | Author | 
|---|
|  | readlink(3) does not nul-terminate the result it sticks
into the supplied buffer. Consequently, the code
  rc = readlink(path, buf, sizeof(buf));
does not necessarily produce a C string.
The code in rc_find_pid() produces some C strings this way
and passes them to strlen() and strcmp(), which can lead
to an out-of-bounds read.
In this case, since the code already takes care to
zero-initialize the buffers before passing them
to readlink(3), only allow sizeof(buf)-1 bytes to
be returned.
(While fixing this issue, I fixed two other locations that
used the same problematic pattern.)
This fixes #270. | 
|  | These are not standard.
For more information see issue #279.
This fixes #279. | 
|  | The contents of /proc/<pid>/cmdline are read into
a stack buffer using
  bytes = read(fd, buffer, sizeof(buffer));
followed by appending a null terminator to the buffer with
  buffer[bytes] = '\0';
If bytes == sizeof(buffer), then this write is out-of-bounds.
Refactor the code to use rc_getfile instead, since PATH_MAX
is not the maximum size of /proc/<pid>/cmdline. (I hit this
issue in practice while compiling Linux; it tripped the
stack-smashing protector.)
This is roughly the same buffer overflow condition
that was fixed by commit 0ddee9b7d2b8dea810e252ca6a95c457876df120
This fixes #269. | 
|  | Fix misleading indentation and other erroneous whitespace.
This fixes #273. | 
|  | The following will cause a segfault due to NULL being
passed to strcmp(3)
$ RC_SVCNAME=foo supervise-daemon
Fix the bounds check on argc in main. If argc<=1, then
it is not safe to dereference argv[1]. | 
|  | The statement
  ll = strlen(applet);
appears twice in the same block without any
intervening assignment to the variables
'll' or 'applet'
Remove the second (duplicate) statement. | 
|  |  | 
|  | In order to run healthcheck() and the unhealthy() function, add an
exec_command call to the supervisor.
Another difference is This function also logs errors instead of
attempting to display them.
This is for #271. | 
|  | This will make it easier to track down why the supervisor intermittently
hangs after it runs for a long time. | 
|  | This fixes #264. | 
|  | This fixes #239. | 
|  | This fixes #263. | 
|  | This is for #263. | 
|  |  | 
|  | Since the pid file is internal to us, start moving toward deprecating it
by not requiring the user to specify it.
In the next release, I plan on working on code to start phasing out the
use of a pid file if this is possible. | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | This will allow us to signal the daemon we are supervising as well as
send other commands to the supervisor in the future.
This fixes #227. | 
|  | This is needed in preparation for adding support for a fifo to allow us
to communicate with the supervisor to ask it to signal the child it is
supervising. | 
|  | This reverts commit 2af0cedd5952d7da71681b7a636dff3540e4295d.
After speaking with Luis Ressel on the Gentoo selinux team, I am reverting
this commit for the following reasons:
- Luis told me that he feels this is not the solution we need to address
  the concern with checkpath; I will be working with him on another
  solution.
- There are concerns about the way the path variable was handled
  and the assert() call.
  The path variable should be dynamically allocated using xasprintf
  instead of defining a length at compile time. This would eliminate the
  need for the assert() call.
- It introduces the definition of _GNU_SOURCE which makes it
  easier to introduce portability concerns in the future (see #262). | 
|  | This avoids opening directories/files with read permission, which is
sometimes rejected by selinux policy.
Bug: https://bugs.gentoo.org/667122 | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | The pidfile of the supervisor doesn't need to be adjustable by the
service script. It is only used so the supervisor can stop itself when
the --stop option is used. | 
|  | In start-stop-daemon and rc-schedules, we were printing out a warning if
the nanosleep call was interrupted by a signal, but we did not treat
this as an error situation other than displaying the message, so there
is no need for the message. | 
|  | We need to make sure to reap zombies so that we can shut down
successfully.
Fixes #252.
Possibly related to #250. | 
|  |  | 
|  | This is for #173. | 
|  | X-Gentoo-Bug: 669500
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=669500 | 
|  | Health checks are a way to monitor a service and make sure it stays
healthy.
If a service is not healthy, it will be automatically restarted after
running the unhealthy() function to clean up. | 
|  | You can now schedule a shutdown for a certain time or a cpecific number
of minutes into the future.
When a shutdown is running, you can now cancel it with ^c from the
keyboard or by running "openrc-shutdown -c" from another shell. | 
|  | Fix the comparison between respawn_count and respawn_max so that
respawn_max = 1 will allow for one respawn. Since respawn_count is
incremented before the comparison, use a 'greater than' comparison
so that respawn will be triggered when respawn_count is equal to
respawn_max.
Fixes: https://github.com/OpenRC/openrc/issues/247
Fixes: https://github.com/OpenRC/openrc/issues/248 | 
|  |  | 
|  |  | 
|  |  | 
|  | We will be using sigalrm in this process for health checking, and
sigalrm cannot be used with sleep() safely. | 
|  | Nanosleep is the safer call to use in case we need to use alarms
eventually. | 
|  | Use errno != EACCES to fix false-positive for non-root users
with grsecurity kernels.
Fixes: 37e29442721a ("librc: Add check for crashed state")
This fixes #237 | 
|  | This fixes #231. | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  |