conf/102913: /etc/rc.d/named killall in jailed OS
Yar Tikhiy
yar at comp.chem.msu.su
Sat Oct 14 20:00:53 UTC 2006
The following reply was made to PR conf/102913; it has been noted by GNATS.
From: Yar Tikhiy <yar at comp.chem.msu.su>
To: Cheng-Lung Sung <clsung at freebsd.org>
Cc: bug-followup at freebsd.org, llevier at argosnet.com
Subject: Re: conf/102913: /etc/rc.d/named killall in jailed OS
Date: Sat, 14 Oct 2006 23:57:29 +0400
On Fri, Oct 13, 2006 at 11:34:08AM +0800, Cheng-Lung Sung wrote:
> try this patch?
>
> Index: etc/rc.d/named
> ===================================================================
> RCS file: /home/ncvs/src/etc/rc.d/named,v
> retrieving revision 1.26
> diff -u -r1.26 named
> --- etc/rc.d/named 20 Apr 2006 12:30:12 -0000 1.26
> +++ etc/rc.d/named 13 Oct 2006 03:30:41 -0000
> @@ -91,9 +91,28 @@
> if rndc stop 2>/dev/null; then
> echo .
> else
> - echo -n ": rndc failed, trying killall: "
> - if killall named; then
Is it possible to use pkill(1) instead of killall(1)? The former
was moved to /bin specifically for the benefit of rc.d scripts.
> - echo .
> + echo -n ": rndc failed, trying "
> + # If we are not inside a jail, killall will kill named in jail
> + # If we are inside a jail, killall is safe
> + #
> + if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then
> + echo -n "killall: "
> + if killall named; then
Ditto here.
> + echo .
> + fi
> + else
> + # If we're not in a jail, try to kill named from pidfile
> + # Otherwise see if we can get from ps
> + echo -n "kill pid: "
> + if [ -f ${pidfile} ]; then
> + kill -TERM `cat ${pidfile}`
> + echo .
> + else
> + for i in `ps -axo command,pid,jid | awk '/^[^ ]+named/{if ($NF == 0) {print $(NF-1)}}'`; do
Hmm, pkill(1) can match a process by its jid, but 0 means any
non-zero jid to it. Looks like a deficiency in the otherwise
convenient tool.
> + kill -TERM ${i}
> + echo .
> + done
> + fi
> fi
> fi
> }
--
Yar
More information about the freebsd-rc
mailing list