powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1041 Commits
1 Branch
0 Tags
390 MiB
 
 
 
 
 
 
Tree: 79342afd8b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '79342afd8b'
${ noResults }
base/SOURCES/glibc-rh1048123.patch

515 lines
15 KiB
Raw Blame History

commit 0582f6b3d6fab2128ee43a06250571922ee7c1e3
Author: Andreas Schwab <schwab@suse.de>
Date: Sun Dec 23 09:45:07 2012 +0100
nscd: don't fork twice
commit 532a60357ef4c5852cc1bf836cfd9d6f093ef204
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date: Mon Mar 3 22:51:39 2014 +0530
nscd: Improved support for tracking startup failure in nscd service (BZ #16639)
Currently, the nscd parent process parses commandline options and
configuration, forks on startup and immediately exits with a success.
If the child process encounters some error after this, it goes
undetected and any services started up after it may have to repeatedly
check to make sure that the nscd service did actually start up and is
serving requests.
To make this process more reliable, I have added a pipe between the
parent and child process, through which the child process sends a
notification to the parent informing it of its status. The parent
waits for this status and once it receives it, exits with the
corresponding exit code. So if the child service sends a success
status (0), the parent exits with a success status. Similarly for
error conditions, the child sends the non-zero status code, which the
parent passes on as the exit code.
This, along with setting the nscd service type to forking in its
systemd configuration file, allows systemd to be certain that the nscd
service is ready and is accepting connections.
diff --git glibc-2.17-c758a686/nscd/connections.c glibc-2.17-c758a686/nscd/connections.c
index f463f45..180ae77 100644
--- glibc-2.17-c758a686/nscd/connections.c
+++ glibc-2.17-c758a686/nscd/connections.c
@@ -649,8 +649,8 @@ cannot create read-only descriptor for \"%s\"; no mmap"),
close (fd);
}
else if (errno == EACCES)
- error (EXIT_FAILURE, 0, _("cannot access '%s'"),
- dbs[cnt].db_filename);
+ do_exit (EXIT_FAILURE, 0, _("cannot access '%s'"),
+ dbs[cnt].db_filename);
}
if (dbs[cnt].head == NULL)
@@ -699,8 +699,7 @@ cannot create read-only descriptor for \"%s\"; no mmap"),
{
dbg_log (_("database for %s corrupted or simultaneously used; remove %s manually if necessary and restart"),
dbnames[cnt], dbs[cnt].db_filename);
- // XXX Correct way to terminate?
- exit (1);
+ do_exit (1, 0, NULL);
}
if (dbs[cnt].persistent)
@@ -867,7 +866,7 @@ cannot set socket to close on exec: %s; disabling paranoia mode"),
if (sock < 0)
{
dbg_log (_("cannot open socket: %s"), strerror (errno));
- exit (errno == EACCES ? 4 : 1);
+ do_exit (errno == EACCES ? 4 : 1, 0, NULL);
}
/* Bind a name to the socket. */
struct sockaddr_un sock_addr;
@@ -876,7 +875,7 @@ cannot set socket to close on exec: %s; disabling paranoia mode"),
if (bind (sock, (struct sockaddr *) &sock_addr, sizeof (sock_addr)) < 0)
{
dbg_log ("%s: %s", _PATH_NSCDSOCKET, strerror (errno));
- exit (errno == EACCES ? 4 : 1);
+ do_exit (errno == EACCES ? 4 : 1, 0, NULL);
}
#ifndef __ASSUME_SOCK_CLOEXEC
@@ -888,7 +887,7 @@ cannot set socket to close on exec: %s; disabling paranoia mode"),
{
dbg_log (_("cannot change socket to nonblocking mode: %s"),
strerror (errno));
- exit (1);
+ do_exit (1, 0, NULL);
}
/* The descriptor needs to be closed on exec. */
@@ -896,7 +895,7 @@ cannot set socket to close on exec: %s; disabling paranoia mode"),
{
dbg_log (_("cannot set socket to close on exec: %s"),
strerror (errno));
- exit (1);
+ do_exit (1, 0, NULL);
}
}
#endif
@@ -909,7 +908,7 @@ cannot set socket to close on exec: %s; disabling paranoia mode"),
{
dbg_log (_("cannot enable socket to accept connections: %s"),
strerror (errno));
- exit (1);
+ do_exit (1, 0, NULL);
}
#ifdef HAVE_NETLINK
@@ -953,7 +952,7 @@ cannot set socket to close on exec: %s; disabling paranoia mode"),
dbg_log (_("\
cannot change socket to nonblocking mode: %s"),
strerror (errno));
- exit (1);
+ do_exit (1, 0, NULL);
}
/* The descriptor needs to be closed on exec. */
@@ -962,7 +961,7 @@ cannot change socket to nonblocking mode: %s"),
{
dbg_log (_("cannot set socket to close on exec: %s"),
strerror (errno));
- exit (1);
+ do_exit (1, 0, NULL);
}
}
# endif
@@ -2392,7 +2391,7 @@ start_threads (void)
if (pthread_cond_init (&dbs[i].prune_cond, &condattr) != 0)
{
dbg_log (_("could not initialize conditional variable"));
- exit (1);
+ do_exit (1, 0, NULL);
}
pthread_t th;
@@ -2400,7 +2399,7 @@ start_threads (void)
&& pthread_create (&th, &attr, nscd_run_prune, (void *) i) != 0)
{
dbg_log (_("could not start clean-up thread; terminating"));
- exit (1);
+ do_exit (1, 0, NULL);
}
}
@@ -2414,13 +2413,17 @@ start_threads (void)
if (i == 0)
{
dbg_log (_("could not start any worker thread; terminating"));
- exit (1);
+ do_exit (1, 0, NULL);
}
break;
}
}
+ /* Now it is safe to let the parent know that we're doing fine and it can
+ exit. */
+ notify_parent (0);
+
/* Determine how much room for descriptors we should initially
allocate. This might need to change later if we cap the number
with MAXCONN. */
@@ -2465,8 +2468,8 @@ begin_drop_privileges (void)
if (pwd == NULL)
{
dbg_log (_("Failed to run nscd as user '%s'"), server_user);
- error (EXIT_FAILURE, 0, _("Failed to run nscd as user '%s'"),
- server_user);
+ do_exit (EXIT_FAILURE, 0,
+ _("Failed to run nscd as user '%s'"), server_user);
}
server_uid = pwd->pw_uid;
@@ -2483,7 +2486,8 @@ begin_drop_privileges (void)
{
/* This really must never happen. */
dbg_log (_("Failed to run nscd as user '%s'"), server_user);
- error (EXIT_FAILURE, errno, _("initial getgrouplist failed"));
+ do_exit (EXIT_FAILURE, errno,
+ _("initial getgrouplist failed"));
}
server_groups = (gid_t *) xmalloc (server_ngroups * sizeof (gid_t));
@@ -2492,7 +2496,7 @@ begin_drop_privileges (void)
== -1)
{
dbg_log (_("Failed to run nscd as user '%s'"), server_user);
- error (EXIT_FAILURE, errno, _("getgrouplist failed"));
+ do_exit (EXIT_FAILURE, errno, _("getgrouplist failed"));
}
}
@@ -2510,7 +2514,7 @@ finish_drop_privileges (void)
if (setgroups (server_ngroups, server_groups) == -1)
{
dbg_log (_("Failed to run nscd as user '%s'"), server_user);
- error (EXIT_FAILURE, errno, _("setgroups failed"));
+ do_exit (EXIT_FAILURE, errno, _("setgroups failed"));
}
int res;
@@ -2521,8 +2525,7 @@ finish_drop_privileges (void)
if (res == -1)
{
dbg_log (_("Failed to run nscd as user '%s'"), server_user);
- perror ("setgid");
- exit (4);
+ do_exit (4, errno, "setgid");
}
if (paranoia)
@@ -2532,8 +2535,7 @@ finish_drop_privileges (void)
if (res == -1)
{
dbg_log (_("Failed to run nscd as user '%s'"), server_user);
- perror ("setuid");
- exit (4);
+ do_exit (4, errno, "setuid");
}
#if defined HAVE_LIBAUDIT && defined HAVE_LIBCAP
diff --git glibc-2.17-c758a686/nscd/nscd.c glibc-2.17-c758a686/nscd/nscd.c
index 63d9d83..5680378 100644
--- glibc-2.17-c758a686/nscd/nscd.c
+++ glibc-2.17-c758a686/nscd/nscd.c
@@ -39,6 +39,8 @@
#include <sys/stat.h>
#include <sys/uio.h>
#include <sys/un.h>
+#include <sys/wait.h>
+#include <stdarg.h>
#include "dbg_log.h"
#include "nscd.h"
@@ -101,6 +103,7 @@ gid_t old_gid;
static int check_pid (const char *file);
static int write_pid (const char *file);
+static int monitor_child (int fd);
/* Name and version of program. */
static void print_version (FILE *stream, struct argp_state *state);
@@ -142,6 +145,7 @@ static struct argp argp =
/* True if only statistics are requested. */
static bool get_stats;
+static int parent_fd = -1;
int
main (int argc, char **argv)
@@ -196,11 +200,27 @@ main (int argc, char **argv)
/* Behave like a daemon. */
if (run_mode == RUN_DAEMONIZE)
{
+ int fd[2];
+
+ if (pipe (fd) != 0)
+ error (EXIT_FAILURE, errno,
+ _("cannot create a pipe to talk to the child"));
+
pid = fork ();
if (pid == -1)
error (EXIT_FAILURE, errno, _("cannot fork"));
if (pid != 0)
- exit (0);
+ {
+ /* The parent only reads from the child. */
+ close (fd[1]);
+ exit (monitor_child (fd[0]));
+ }
+ else
+ {
+ /* The child only writes to the parent. */
+ close (fd[0]);
+ parent_fd = fd[1];
+ }
}
int nullfd = open (_PATH_DEVNULL, O_RDWR);
@@ -242,7 +262,8 @@ main (int argc, char **argv)
char *endp;
long int fdn = strtol (dirent->d_name, &endp, 10);
- if (*endp == '\0' && fdn != dfdn && fdn >= min_close_fd)
+ if (*endp == '\0' && fdn != dfdn && fdn >= min_close_fd
+ && fdn != parent_fd)
close ((int) fdn);
}
@@ -250,22 +271,14 @@ main (int argc, char **argv)
}
else
for (i = min_close_fd; i < getdtablesize (); i++)
- close (i);
+ if (i != parent_fd)
+ close (i);
- if (run_mode == RUN_DAEMONIZE)
- {
- pid = fork ();
- if (pid == -1)
- error (EXIT_FAILURE, errno, _("cannot fork"));
- if (pid != 0)
- exit (0);
- }
-
setsid ();
if (chdir ("/") != 0)
- error (EXIT_FAILURE, errno,
- _("cannot change current working directory to \"/\""));
+ do_exit (EXIT_FAILURE, errno,
+ _("cannot change current working directory to \"/\""));
openlog ("nscd", LOG_CONS | LOG_ODELAY, LOG_DAEMON);
@@ -592,3 +614,79 @@ write_pid (const char *file)
return result;
}
+
+static int
+monitor_child (int fd)
+{
+ int child_ret = 0;
+ int ret = read (fd, &child_ret, sizeof (child_ret));
+
+ /* The child terminated with an error, either via exit or some other abnormal
+ method, like a segfault. */
+ if (ret <= 0 || child_ret != 0)
+ {
+ int err = wait (&child_ret);
+
+ if (err < 0)
+ {
+ fprintf (stderr, _("wait failed"));
+ return 1;
+ }
+
+ fprintf (stderr, _("child exited with status %d"),
+ WEXITSTATUS (child_ret));
+ if (WIFSIGNALED (child_ret))
+ fprintf (stderr, _(", terminated by signal %d.\n"),
+ WTERMSIG (child_ret));
+ else
+ fprintf (stderr, ".\n");
+ }
+
+ /* We have the child status, so exit with that code. */
+ close (fd);
+
+ return child_ret;
+}
+
+void
+do_exit (int child_ret, int errnum, const char *format, ...)
+{
+ if (parent_fd != -1)
+ {
+ int ret = write (parent_fd, &child_ret, sizeof (child_ret));
+ assert (ret == sizeof (child_ret));
+ close (parent_fd);
+ }
+
+ if (format != NULL)
+ {
+ /* Emulate error() since we don't have a va_list variant for it. */
+ va_list argp;
+
+ fflush (stdout);
+
+ fprintf (stderr, "%s: ", program_invocation_name);
+
+ va_start (argp, format);
+ vfprintf (stderr, format, argp);
+ va_end (argp);
+
+ fprintf (stderr, ": %s\n", strerror (errnum));
+ fflush (stderr);
+ }
+
+ /* Finally, exit. */
+ exit (child_ret);
+}
+
+void
+notify_parent (int child_ret)
+{
+ if (parent_fd == -1)
+ return;
+
+ int ret = write (parent_fd, &child_ret, sizeof (child_ret));
+ assert (ret == sizeof (child_ret));
+ close (parent_fd);
+ parent_fd = -1;
+}
diff --git glibc-2.17-c758a686/nscd/nscd.h glibc-2.17-c758a686/nscd/nscd.h
index 972f462..529b3f5 100644
--- glibc-2.17-c758a686/nscd/nscd.h
+++ glibc-2.17-c758a686/nscd/nscd.h
@@ -205,6 +205,8 @@ extern gid_t old_gid;
/* nscd.c */
extern void termination_handler (int signum) __attribute__ ((__noreturn__));
extern int nscd_open_socket (void);
+void notify_parent (int child_ret);
+void do_exit (int child_ret, int errnum, const char *format, ...);
/* connections.c */
extern void nscd_init (void);
diff --git glibc-2.17-c758a686/nscd/selinux.c glibc-2.17-c758a686/nscd/selinux.c
index e477254..46b0ea9 100644
--- glibc-2.17-c758a686/nscd/selinux.c
+++ glibc-2.17-c758a686/nscd/selinux.c
@@ -179,7 +179,7 @@ preserve_capabilities (void)
if (prctl (PR_SET_KEEPCAPS, 1) == -1)
{
dbg_log (_("Failed to set keep-capabilities"));
- error (EXIT_FAILURE, errno, _("prctl(KEEPCAPS) failed"));
+ do_exit (EXIT_FAILURE, errno, _("prctl(KEEPCAPS) failed"));
/* NOTREACHED */
}
@@ -194,7 +194,7 @@ preserve_capabilities (void)
cap_free (tmp_caps);
dbg_log (_("Failed to initialize drop of capabilities"));
- error (EXIT_FAILURE, 0, _("cap_init failed"));
+ do_exit (EXIT_FAILURE, 0, _("cap_init failed"));
}
/* There is no reason why these should not work. */
@@ -216,7 +216,7 @@ preserve_capabilities (void)
{
cap_free (new_caps);
dbg_log (_("Failed to drop capabilities"));
- error (EXIT_FAILURE, 0, _("cap_set_proc failed"));
+ do_exit (EXIT_FAILURE, 0, _("cap_set_proc failed"));
}
return new_caps;
@@ -233,7 +233,7 @@ install_real_capabilities (cap_t new_caps)
{
cap_free (new_caps);
dbg_log (_("Failed to drop capabilities"));
- error (EXIT_FAILURE, 0, _("cap_set_proc failed"));
+ do_exit (EXIT_FAILURE, 0, _("cap_set_proc failed"));
/* NOTREACHED */
}
@@ -242,7 +242,7 @@ install_real_capabilities (cap_t new_caps)
if (prctl (PR_SET_KEEPCAPS, 0) == -1)
{
dbg_log (_("Failed to unset keep-capabilities"));
- error (EXIT_FAILURE, errno, _("prctl(KEEPCAPS) failed"));
+ do_exit (EXIT_FAILURE, errno, _("prctl(KEEPCAPS) failed"));
/* NOTREACHED */
}
}
@@ -258,7 +258,7 @@ nscd_selinux_enabled (int *selinux_enabled)
if (*selinux_enabled < 0)
{
dbg_log (_("Failed to determine if kernel supports SELinux"));
- exit (EXIT_FAILURE);
+ do_exit (EXIT_FAILURE, 0, NULL);
}
}
@@ -272,7 +272,7 @@ avc_create_thread (void (*run) (void))
rc =
pthread_create (&avc_notify_thread, NULL, (void *(*) (void *)) run, NULL);
if (rc != 0)
- error (EXIT_FAILURE, rc, _("Failed to start AVC thread"));
+ do_exit (EXIT_FAILURE, rc, _("Failed to start AVC thread"));
return &avc_notify_thread;
}
@@ -294,7 +294,7 @@ avc_alloc_lock (void)
avc_mutex = malloc (sizeof (pthread_mutex_t));
if (avc_mutex == NULL)
- error (EXIT_FAILURE, errno, _("Failed to create AVC lock"));
+ do_exit (EXIT_FAILURE, errno, _("Failed to create AVC lock"));
pthread_mutex_init (avc_mutex, NULL);
return avc_mutex;
@@ -334,7 +334,7 @@ nscd_avc_init (void)
avc_entry_ref_init (&aeref);
if (avc_init ("avc", NULL, &log_cb, &thread_cb, &lock_cb) < 0)
- error (EXIT_FAILURE, errno, _("Failed to start AVC"));
+ do_exit (EXIT_FAILURE, errno, _("Failed to start AVC"));
else
dbg_log (_("Access Vector Cache (AVC) started"));
#ifdef HAVE_LIBAUDIT
--- glibc-2.17-c758a686/releng/nscd.service 2012-11-06 03:03:19.000000000 +0530
+++ glibc-2.17-c758a686/releng/nscd.service 2014-02-28 16:59:51.096630222 +0530
@@ -1,10 +1,13 @@
+# systemd service file for nscd
+
[Unit]
Description=Name Service Cache Daemon
After=syslog.target
[Service]
+Type=forking
EnvironmentFile=-/etc/sysconfig/nscd
-ExecStart=/usr/sbin/nscd --foreground $NSCD_OPTIONS
+ExecStart=/usr/sbin/nscd $NSCD_OPTIONS
ExecStop=/usr/sbin/nscd --shutdown
ExecReload=/usr/sbin/nscd -i passwd
ExecReload=/usr/sbin/nscd -i group
@@ -12,6 +14,7 @@
ExecReload=/usr/sbin/nscd -i services
ExecReload=/usr/sbin/nscd -i netgroup
Restart=always
+PIDFile=/run/nscd/nscd.pid
[Install]
WantedBy=multi-user.target