Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 14 Oct 2006 20:00:52 GMT
From:      Yar Tikhiy <yar@comp.chem.msu.su>
To:        freebsd-rc@FreeBSD.org
Subject:   Re: conf/102913: /etc/rc.d/named killall in jailed OS
Message-ID:  <200610142000.k9EK0qvM006113@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR conf/102913; it has been noted by GNATS.

From: Yar Tikhiy <yar@comp.chem.msu.su>
To: Cheng-Lung Sung <clsung@freebsd.org>
Cc: bug-followup@freebsd.org, llevier@argosnet.com
Subject: Re: conf/102913: /etc/rc.d/named killall in jailed OS
Date: Sat, 14 Oct 2006 23:57:29 +0400

 On Fri, Oct 13, 2006 at 11:34:08AM +0800, Cheng-Lung Sung wrote:
 > try this patch?
 > 
 > Index: etc/rc.d/named
 > ===================================================================
 > RCS file: /home/ncvs/src/etc/rc.d/named,v
 > retrieving revision 1.26
 > diff -u -r1.26 named
 > --- etc/rc.d/named	20 Apr 2006 12:30:12 -0000	1.26
 > +++ etc/rc.d/named	13 Oct 2006 03:30:41 -0000
 > @@ -91,9 +91,28 @@
 >  	if rndc stop 2>/dev/null; then
 >  		echo .
 >  	else
 > -		echo -n ": rndc failed, trying killall: "
 > -		if killall named; then
 
 Is it possible to use pkill(1) instead of killall(1)?  The former
 was moved to /bin specifically for the benefit of rc.d scripts.
 
 > -			echo .
 > +		echo -n ": rndc failed, trying "
 > +		# If we are not inside a jail, killall will kill named in jail
 > +		# If we are inside a jail, killall is safe
 > +		# 
 > +		if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then
 > +			echo -n "killall: "
 > +			if killall named; then
 
 Ditto here.
 
 > +				echo .
 > +			fi
 > +		else
 > +			# If we're not in a jail, try to kill named from pidfile
 > +			# Otherwise see if we can get from ps
 > +			echo -n "kill pid: "
 > +			if [ -f ${pidfile} ]; then
 > +				kill -TERM `cat ${pidfile}`
 > +				echo .
 > +			else
 > +				for i in `ps -axo command,pid,jid | awk '/^[^ ]+named/{if ($NF == 0) {print $(NF-1)}}'`; do
 
 Hmm, pkill(1) can match a process by its jid, but 0 means any
 non-zero jid to it.  Looks like a deficiency in the otherwise
 convenient tool.
 
 > +					kill -TERM ${i}
 > +					echo .
 > +				done
 > +			fi
 >  		fi
 >  	fi
 >  }
 
 -- 
 Yar

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610142000.k9EK0qvM006113>