From owner-dev-commits-src-all@freebsd.org  Thu Jun 24 18:15:49 2021
Return-Path: <owner-dev-commits-src-all@freebsd.org>
Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1DB516520B1;
 Thu, 24 Jun 2021 18:15:49 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4G9pGY07VYz3GDB;
 Thu, 24 Jun 2021 18:15:49 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:5])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E10511C741;
 Thu, 24 Jun 2021 18:15:48 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
 by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 15OIFmnn026416;
 Thu, 24 Jun 2021 18:15:48 GMT (envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
 by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 15OIFmVm026415;
 Thu, 24 Jun 2021 18:15:48 GMT (envelope-from git)
Date: Thu, 24 Jun 2021 18:15:48 GMT
Message-Id: <202106241815.15OIFmVm026415@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
 dev-commits-src-main@FreeBSD.org
From: Mariusz Zaborski <oshogbo@FreeBSD.org>
Subject: git: 6ba108e52d17 - main - rc.subr: use _pidcmd to determine pid for
 protect
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: oshogbo
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 6ba108e52d175b6833437c8627ae5d0546a4e102
Auto-Submitted: auto-generated
X-BeenThere: dev-commits-src-all@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commit messages for all branches of the src repository
 <dev-commits-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-src-all/>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Help: <mailto:dev-commits-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all>, 
 <mailto:dev-commits-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jun 2021 18:15:49 -0000

The branch main has been updated by oshogbo:

URL: https://cgit.FreeBSD.org/src/commit/?id=6ba108e52d175b6833437c8627ae5d0546a4e102

commit 6ba108e52d175b6833437c8627ae5d0546a4e102
Author:     Mariusz Zaborski <oshogbo@FreeBSD.org>
AuthorDate: 2021-06-24 18:14:31 +0000
Commit:     Mariusz Zaborski <oshogbo@FreeBSD.org>
CommitDate: 2021-06-24 18:14:31 +0000

    rc.subr: use _pidcmd to determine pid for protect
    
    This is a more reliable method that accounts for existing pidfiles,
    procname and interpreter settings.
    
    Current method of obtaining the pid for oomprotect="YES"|"ALL" processes
    in certain cases fails to find a unique pid.
    
    One such case are rc.d scripts defining command as:
    command="daemon"
    
    which results in all processes started via daemon being selected and
    passed to protect(1) which fails and prints usage:
    
    $ /etc/rc.d/exampled restart
    Stopping exampled.
    Starting exampled.
    usage: protect [-i] command
       protect [-cdi] -g pgrp | -p pid
    
    Running the same with -x reveals what happens:
    
    + pid='3051 4268 4390 4421 4427 4470 4588 4733 4740 4870 4949 4954 4979
    5835 5866 55487 55583 56525 57643 57789 57882 58072 58167 99419'
    + /usr/bin/protect -p 3051 4268 4390 4421 4427 4470 4588 4733 4740 4870
    4949 4954 4979 5835 5866 55487 55583 56525 57643 57789 57882 58072 58167
    99419
    usage: protect [-i] command
       protect [-cdi] -g pgrp | -p pid
    
    We have a more reliable way of obtaining pid already defined in rc.subr
    and available when protect(1) needs it. We can simply `eval $_pidcmd`
    which also invokes `check_process` but properly accounts for existing
    pidfile, procname and interpreter settings.
    
    With the change the pidfile is properly obtained.
    
    Submitted by:   Adam Wolk <a.wolk at fudosecurity.com>
    Sponsored by:   Fudo Security
    Differential Revision:  https://reviews.freebsd.org/D30367
---
 libexec/rc/rc.subr | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr
index e859ae06962f..b027fa5facf4 100644
--- a/libexec/rc/rc.subr
+++ b/libexec/rc/rc.subr
@@ -1272,13 +1272,13 @@ $command $rc_flags $command_args"
 			# We cannot use protect(1) inside jails.
 			if [ -n "$_oomprotect" ] && [ -f "${PROTECT}" ] &&
 			    [ "$(sysctl -n security.jail.jailed)" -eq 0 ]; then
-				pid=$(check_process $command)
+				[ -z "${rc_pid}" ] && eval $_pidcmd
 				case $_oomprotect in
 				[Aa][Ll][Ll])
-					${PROTECT} -i -p ${pid}
+					${PROTECT} -i -p ${rc_pid}
 					;;
 				[Yy][Ee][Ss])
-					${PROTECT} -p ${pid}
+					${PROTECT} -p ${rc_pid}
 					;;
 				esac
 			fi