Merge pull request #10530 from Icinga/kill-drop-permissions

Send signals as Icinga user in safe-reload and logrotate
2026-02-03 20:40:17 -05:00 · 2025-10-08 14:29:27 +02:00 · 2025-10-08 14:29:27 +02:00 · ce600ce01c
commit ce600ce01c
parent 8aafeb48a3 51ec73cbd9
3 changed files with 4 additions and 2 deletions
--- a/etc/initsystem/safe-reload.cmake
+++ b/etc/initsystem/safe-reload.cmake
@ -43,7 +43,7 @@ if [ ! -e "$ICINGA2_PID_FILE" ]; then
 fi

 pid=`cat "$ICINGA2_PID_FILE"`
-if ! kill -HUP "$pid" >/dev/null 2>&1; then
+if ! "$DAEMON" internal signal --sig SIGHUP --pid "$pid" >/dev/null 2>&1; then
 	echo "Error: Icinga not running"
 	exit 7
 fi
--- a/etc/logrotate.d/icinga2.cmake
+++ b/etc/logrotate.d/icinga2.cmake
@ -6,7 +6,7 @@
 	missingok
 	notifempty@LOGROTATE_CREATE@
 	postrotate
-		/bin/kill -USR1 $(cat @ICINGA2_INITRUNDIR@/icinga2.pid 2> /dev/null) 2> /dev/null || true
+		@CMAKE_INSTALL_FULL_SBINDIR@/icinga2 internal signal --sig SIGUSR1 --pid "$(cat @ICINGA2_INITRUNDIR@/icinga2.pid 2> /dev/null)" 2> /dev/null || true
 	endscript
 }

--- a/lib/cli/internalsignalcommand.cpp
+++ b/lib/cli/internalsignalcommand.cpp
@ -57,6 +57,8 @@ int InternalSignalCommand::Run(const boost::program_options::variables_map& vm,
 		return kill(vm["pid"].as<int>(), SIGCHLD);
 	if (signal == "SIGHUP")
 		return kill(vm["pid"].as<int>(), SIGHUP);
+	if (signal == "SIGUSR1")
+		return kill(vm["pid"].as<int>(), SIGUSR1);

 	Log(LogCritical, "cli") << "Unsupported signal \"" << signal << "\"";
 #else