From owner-freebsd-hackers Sun Jan 12 09:54:47 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id JAA07634 for hackers-outgoing; Sun, 12 Jan 1997 09:54:47 -0800 (PST) Received: from sax.sax.de (sax.sax.de [193.175.26.33]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id JAA07593 for ; Sun, 12 Jan 1997 09:54:21 -0800 (PST) Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id SAA21167 for hackers@freebsd.org; Sun, 12 Jan 1997 18:53:49 +0100 Received: (from j@localhost) by uriah.heep.sax.de (8.8.4/8.6.9) id SAA00415; Sun, 12 Jan 1997 18:35:43 +0100 (MET) Message-ID: Date: Sun, 12 Jan 1997 18:35:42 +0100 From: j@uriah.heep.sax.de (J Wunsch) To: hackers@freebsd.org Subject: Re: DEVFS permissions &c. References: <16902.853042470@time.cdrom.com> X-Mailer: Mutt 0.55-PL10 Mime-Version: 1.0 X-Phone: +49-351-2012 669 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) In-Reply-To: ; from Ollivier Robert on Jan 12, 1997 16:03:14 +0100 Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk As Ollivier Robert wrote: > May I remind everyone that I proposed a change for this in 1994 ? :-) Some things need time to get ripe. ;-) Well, i remember that the issue popped up every now and then. During the last discussion, i remember that there has been reached basic agreement that a shutdown script would be a good thing. > In this scheme, init does all the job of bringing the system down and > reboot/halt only send a signal to init instead of doing the job themselves. > The patch for reboot/halt has to be written though. Why do they need to be changed? If somebody says `reboot -q', it doesn't need to go via init. > + /* Try to run the rc.shutdown script */ > + rcdown = runshutdown(); > + if (rcdown) > + stall("Could not run %s, check this please.", _PATH_RUNDOWN); > + I think stall() is the wrong thing to do here. If the shutdown script fails, it's best to log what can be logged, and proceed to really shut down the system to the desired state. Otherwise, considere a machine that's rebooted remotely: you _want_ to have it rebooted, whatever might happen. If it fails to execute part of the shutdown procedure, you can learn this from the log after it rebooted. Having it jumping out to single-user will cause a fatal error since you need an operator on the console afterwards. > + * Exit codes: XXX I should document more > + * 0 good. > + * 1 fatal error > + * 2 some error Same as above. > + /* > + * Copied from single_user(). This is a bit paranoid. > + */ > + do { > + if ((wpid = waitpid(-1, &status, WUNTRACED)) != -1) > + collect_child(wpid); Here's an alarm() missing, to prevent infinite hangs of the shutdown script. Such an infinite hang should be answered with sending rc.shutdown a terminate signal, and by syslogging it. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)