| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Clean up code indented with mixed tabs and spaces.
No actual code changes.
This fixes #280.
|
|
readlink(3) does not nul-terminate the result it sticks
into the supplied buffer. Consequently, the code
rc = readlink(path, buf, sizeof(buf));
does not necessarily produce a C string.
The code in rc_find_pid() produces some C strings this way
and passes them to strlen() and strcmp(), which can lead
to an out-of-bounds read.
In this case, since the code already takes care to
zero-initialize the buffers before passing them
to readlink(3), only allow sizeof(buf)-1 bytes to
be returned.
(While fixing this issue, I fixed two other locations that
used the same problematic pattern.)
This fixes #270.
|
|
These are not standard.
For more information see issue #279.
This fixes #279.
|
|
The contents of /proc/<pid>/cmdline are read into
a stack buffer using
bytes = read(fd, buffer, sizeof(buffer));
followed by appending a null terminator to the buffer with
buffer[bytes] = '\0';
If bytes == sizeof(buffer), then this write is out-of-bounds.
Refactor the code to use rc_getfile instead, since PATH_MAX
is not the maximum size of /proc/<pid>/cmdline. (I hit this
issue in practice while compiling Linux; it tripped the
stack-smashing protector.)
This is roughly the same buffer overflow condition
that was fixed by commit 0ddee9b7d2b8dea810e252ca6a95c457876df120
This fixes #269.
|
|
Fix misleading indentation and other erroneous whitespace.
This fixes #273.
|
|
The following will cause a segfault due to NULL being
passed to strcmp(3)
$ RC_SVCNAME=foo supervise-daemon
Fix the bounds check on argc in main. If argc<=1, then
it is not safe to dereference argv[1].
|
|
The statement
ll = strlen(applet);
appears twice in the same block without any
intervening assignment to the variables
'll' or 'applet'
Remove the second (duplicate) statement.
|
|
|
|
In order to run healthcheck() and the unhealthy() function, add an
exec_command call to the supervisor.
Another difference is This function also logs errors instead of
attempting to display them.
This is for #271.
|
|
This will make it easier to track down why the supervisor intermittently
hangs after it runs for a long time.
|
|
This fixes #264.
|
|
This fixes #239.
|
|
This fixes #263.
|
|
This is for #263.
|
|
|
|
Since the pid file is internal to us, start moving toward deprecating it
by not requiring the user to specify it.
In the next release, I plan on working on code to start phasing out the
use of a pid file if this is possible.
|
|
|
|
|
|
|
|
|
|
This will allow us to signal the daemon we are supervising as well as
send other commands to the supervisor in the future.
This fixes #227.
|
|
This is needed in preparation for adding support for a fifo to allow us
to communicate with the supervisor to ask it to signal the child it is
supervising.
|
|
This reverts commit 2af0cedd5952d7da71681b7a636dff3540e4295d.
After speaking with Luis Ressel on the Gentoo selinux team, I am reverting
this commit for the following reasons:
- Luis told me that he feels this is not the solution we need to address
the concern with checkpath; I will be working with him on another
solution.
- There are concerns about the way the path variable was handled
and the assert() call.
The path variable should be dynamically allocated using xasprintf
instead of defining a length at compile time. This would eliminate the
need for the assert() call.
- It introduces the definition of _GNU_SOURCE which makes it
easier to introduce portability concerns in the future (see #262).
|
|
This avoids opening directories/files with read permission, which is
sometimes rejected by selinux policy.
Bug: https://bugs.gentoo.org/667122
|
|
|
|
|
|
|
|
|
|
The pidfile of the supervisor doesn't need to be adjustable by the
service script. It is only used so the supervisor can stop itself when
the --stop option is used.
|
|
In start-stop-daemon and rc-schedules, we were printing out a warning if
the nanosleep call was interrupted by a signal, but we did not treat
this as an error situation other than displaying the message, so there
is no need for the message.
|
|
We need to make sure to reap zombies so that we can shut down
successfully.
Fixes #252.
Possibly related to #250.
|
|
|
|
This is for #173.
|
|
X-Gentoo-Bug: 669500
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=669500
|
|
Health checks are a way to monitor a service and make sure it stays
healthy.
If a service is not healthy, it will be automatically restarted after
running the unhealthy() function to clean up.
|
|
You can now schedule a shutdown for a certain time or a cpecific number
of minutes into the future.
When a shutdown is running, you can now cancel it with ^c from the
keyboard or by running "openrc-shutdown -c" from another shell.
|
|
Fix the comparison between respawn_count and respawn_max so that
respawn_max = 1 will allow for one respawn. Since respawn_count is
incremented before the comparison, use a 'greater than' comparison
so that respawn will be triggered when respawn_count is equal to
respawn_max.
Fixes: https://github.com/OpenRC/openrc/issues/247
Fixes: https://github.com/OpenRC/openrc/issues/248
|
|
|
|
|
|
|
|
We will be using sigalrm in this process for health checking, and
sigalrm cannot be used with sleep() safely.
|
|
Nanosleep is the safer call to use in case we need to use alarms
eventually.
|
|
Use errno != EACCES to fix false-positive for non-root users
with grsecurity kernels.
Fixes: 37e29442721a ("librc: Add check for crashed state")
This fixes #237
|
|
This fixes #231.
|
|
|
|
|
|
|
|
|
|
|
