mirror of
https://github.com/opnsense/src.git
synced 2026-05-26 11:12:39 -04:00
a6bc861c20
This is a more reliable method that accounts for existing pidfiles,
procname and interpreter settings.
Current method of obtaining the pid for oomprotect="YES"|"ALL" processes
in certain cases fails to find a unique pid.
One such case are rc.d scripts defining command as:
command="daemon"
which results in all processes started via daemon being selected and
passed to protect(1) which fails and prints usage:
$ /etc/rc.d/exampled restart
Stopping exampled.
Starting exampled.
usage: protect [-i] command
protect [-cdi] -g pgrp | -p pid
Running the same with -x reveals what happens:
+ pid='3051 4268 4390 4421 4427 4470 4588 4733 4740 4870 4949 4954 4979
5835 5866 55487 55583 56525 57643 57789 57882 58072 58167 99419'
+ /usr/bin/protect -p 3051 4268 4390 4421 4427 4470 4588 4733 4740 4870
4949 4954 4979 5835 5866 55487 55583 56525 57643 57789 57882 58072 58167
99419
usage: protect [-i] command
protect [-cdi] -g pgrp | -p pid
We have a more reliable way of obtaining pid already defined in rc.subr
and available when protect(1) needs it. We can simply `eval $_pidcmd`
which also invokes `check_process` but properly accounts for existing
pidfile, procname and interpreter settings.
With the change the pidfile is properly obtained.
Submitted by: Adam Wolk <a.wolk at fudosecurity.com>
Sponsored by: Fudo Security
Differential Revision: https://reviews.freebsd.org/D30367
Approved by: oshogbo
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| rc.d | ||
| Makefile | ||
| netstart | ||
| network.subr | ||
| pccard_ether | ||
| rc | ||
| rc.bsdextended | ||
| rc.conf | ||
| rc.firewall | ||
| rc.initdiskless | ||
| rc.resume | ||
| rc.sendmail | ||
| rc.shutdown | ||
| rc.subr | ||
| rc.suspend | ||