Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 13 Oct 2006 08:59:44 +0200
From:      Laurent LEVIER <llevier@argosnet.com>
To:        Cheng-Lung Sung <clsung@FreeBSD.org>,bug-followup@FreeBSD.org
Cc:        freebsd-current@freebsd.org, freebsd-rc@FreeBSD.org
Subject:   Re: conf/102913: /etc/rc.d/named killall in jailed OS
Message-ID:  <7.0.1.0.2.20061013085800.01e91dc0@argosnet.com>
In-Reply-To: <20061013033408.GA30695@FreeBSD.csie.nctu.edu.tw>
References:  <20061013033408.GA30695@FreeBSD.csie.nctu.edu.tw>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi Cheng-Lung Sung

At 05:34 13/10/2006, Cheng-Lung Sung wrote:
>try this patch?
thanks,

I already patched my script.
Now it kills pid, then if it fails, gets all named out of jail (J 
flag) and kill these.

The bug report was just so you are aware of this and can take 
corrective action for next release ;-)

And between you & me, this bug is nothing comparing to the other one 
I submitted months ago about IDE driver bug.

Thanks!!

Brgrds

>Index: etc/rc.d/named
>===================================================================
>RCS file: /home/ncvs/src/etc/rc.d/named,v
>retrieving revision 1.26
>diff -u -r1.26 named
>--- etc/rc.d/named      20 Apr 2006 12:30:12 -0000      1.26
>+++ etc/rc.d/named      13 Oct 2006 03:30:41 -0000
>@@ -91,9 +91,28 @@
>         if rndc stop 2>/dev/null; then
>                 echo .
>         else
>-               echo -n ": rndc failed, trying killall: "
>-               if killall named; then
>-                       echo .
>+               echo -n ": rndc failed, trying "
>+               # If we are not inside a jail, killall will kill named in jail
>+               # If we are inside a jail, killall is safe
>+               #
>+               if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then
>+                       echo -n "killall: "
>+                       if killall named; then
>+                               echo .
>+                       fi
>+               else
>+                       # If we're not in a jail, try to kill named 
>from pidfile
>+                       # Otherwise see if we can get from ps
>+                       echo -n "kill pid: "
>+                       if [ -f ${pidfile} ]; then
>+                               kill -TERM `cat ${pidfile}`
>+                               echo .
>+                       else
>+                               for i in `ps -axo command,pid,jid | 
>awk '/^[^ ]+named/{if ($NF == 0) {print $(NF-1)}}'`; do
>+                                       kill -TERM ${i}
>+                                       echo .
>+                               done
>+                       fi
>                 fi
>         fi
>  }
>
>--
>Cheng-Lung Sung - clsung@

Laurent LEVIER
Systems & Networks Security Expert, CISSP CISM

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7.0.1.0.2.20061013085800.01e91dc0>