src - FreeBSD source tree

diff options

author	Mariusz Zaborski <oshogbo@FreeBSD.org>	2021-06-24 18:14:31 +0000
committer	Mariusz Zaborski <oshogbo@FreeBSD.org>	2021-06-24 18:14:31 +0000
commit	6ba108e52d175b6833437c8627ae5d0546a4e102 (patch)
tree	9f376672241d19fcf41784f4e31a3e8166edd528
parent	779b70a2264fa187beb232dad2f018d41c31e34a (diff)
download	src-6ba108e52d175b6833437c8627ae5d0546a4e102.tar.gz src-6ba108e52d175b6833437c8627ae5d0546a4e102.zip

rc.subr: use _pidcmd to determine pid for protect

This is a more reliable method that accounts for existing pidfiles, procname and interpreter settings. Current method of obtaining the pid for oomprotect="YES"|"ALL" processes in certain cases fails to find a unique pid. One such case are rc.d scripts defining command as: command="daemon" which results in all processes started via daemon being selected and passed to protect(1) which fails and prints usage: $ /etc/rc.d/exampled restart Stopping exampled. Starting exampled. usage: protect [-i] command protect [-cdi] -g pgrp | -p pid Running the same with -x reveals what happens: + pid='3051 4268 4390 4421 4427 4470 4588 4733 4740 4870 4949 4954 4979 5835 5866 55487 55583 56525 57643 57789 57882 58072 58167 99419' + /usr/bin/protect -p 3051 4268 4390 4421 4427 4470 4588 4733 4740 4870 4949 4954 4979 5835 5866 55487 55583 56525 57643 57789 57882 58072 58167 99419 usage: protect [-i] command protect [-cdi] -g pgrp | -p pid We have a more reliable way of obtaining pid already defined in rc.subr and available when protect(1) needs it. We can simply `eval $_pidcmd` which also invokes `check_process` but properly accounts for existing pidfile, procname and interpreter settings. With the change the pidfile is properly obtained. Submitted by: Adam Wolk <a.wolk at fudosecurity.com> Sponsored by: Fudo Security Differential Revision: https://reviews.freebsd.org/D30367

Diffstat

-rw-r--r--

libexec/rc/rc.subr

1 files changed, 3 insertions, 3 deletions


context:
space:
mode: