Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 5 Aug 2013 13:13:10 +0200
From:      =?iso-8859-2?Q?Edward_Tomasz_Napiera=B3a?= <trasz@FreeBSD.org>
To:        Jilles Tjoelker <jilles@stack.nl>
Cc:        freebsd-arch@freebsd.org
Subject:   Re: Reliable process tracking
Message-ID:  <CDFF8851-0883-4D27-851A-36A9585499E6@FreeBSD.org>
In-Reply-To: <20130804134658.GC35080@stack.nl>
References:  <20130804134658.GC35080@stack.nl>
next in thread | previous in thread | raw e-mail | index | archive | help 

Wiadomość napisana przez Jilles Tjoelker <jilles@stack.nl> w dniu 4 sie 2013, o godz. 15:46:
> When shutting down a service or requesting status, rc.subr currently
> uses a combination of pidfiles and process names. This is fairly but not
> completely reliable once it is set up correctly (which can take a lot of
> work and possibly patching the daemon to use pidfile(3) from our
> libutil). It is also incapable of killing multiprocess daemons such as
> CGI web servers without cooperation of the daemon.
> 
> I think what is needed here is a facility that marks a process and all
> of its descendants. Removing the mark should be a privileged or at least
> an unusual operation; no unprivileged function specified by POSIX such
> as setsid() should do this.

I've actually thought about that when I added setloginclass(2).  It's trivial
to modify rc.subr to use su(8) to set login class for each service.  It should
be trivial to modify pkill(1) and killall(1) to add "-c" option to kill all processes
in a given login class.  Two caveats:

1. Login classes, just like UIDs, are global, not per jail.  This means when
   you want to kill all processees in a login class, you should probably use
   "-j" option to limit it to a given jail, e.g. jail 0.

2. I'm not sure if pkill(1) has any special way of handling this, but there is
   an obvious race condition between iterating over processes in userland
   in pkill(1) and quickly forking processes to kill.  Perhaps we should have
   some kind of syscall to do it in a race-free way?

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CDFF8851-0883-4D27-851A-36A9585499E6>