Monday, December 07, 2020

Re: pflogd write /var/run/mypflogdinstance.pid?

Stuart Henderson <stu@spacehopper.org> wrote:

> On 2020-12-07, Harald Dunkel <harri@afaics.de> wrote:
> > About the PIDs: Maybe a systctl like
> >
> > kernel.pid_max = 4194303
> >
> > known from other OSes could help to reduce the risk for PID conflicts.
>
> This doesn't help if you actually want reliability, rather than just
> "reliable most of the time".
>
> There were also some concerns about what software would do with long
> PIDs - even on a very basic level that adds another couple of columns
> to top(1) output.
>
> > If you store the PID files on a volatile file system, so you can be sure
> > they are gone on the next reboot, anyway.
>
> /var/run is cleared at boot anyway - the problem is pid reuse during
> uptime of the system.
>
> One can check that the new pid is owned by a process of the correct name
> - but then the problem returns, the process name doesn't have enough
> information to uniquely identify it. And if that is fixed there's no
> need to save the pid.
>
> So if there's a problem to be fixed, it is to get the information into
> the other process string..

I think the user is looking for something like this. Putting the interface
name in the process title.

Mabe this doesn't work for this use case or there is some other fallout.
And there may be other tweaks needed to support it, I don't have a dog in the
fight to go find them, though.

Tim.


Index: etc/rc.d/pflogd
===================================================================
RCS file: /cvs/src/etc/rc.d/pflogd,v
retrieving revision 1.3
diff -u -p -r1.3 pflogd
--- etc/rc.d/pflogd 11 Jan 2018 19:52:12 -0000 1.3
+++ etc/rc.d/pflogd 7 Dec 2020 18:08:23 -0000
@@ -6,7 +6,7 @@ daemon="/sbin/pflogd"

. /etc/rc.d/rc.subr

-pexp="pflogd: \[priv\]"
+pexp="pflogd: \[priv\].*"

rc_pre() {
if pfctl -si | grep -q Enabled; then
Index: sbin/pflogd/privsep.c
===================================================================
RCS file: /cvs/src/sbin/pflogd/privsep.c,v
retrieving revision 1.34
diff -u -p -r1.34 privsep.c
--- sbin/pflogd/privsep.c 27 Nov 2019 17:49:09 -0000 1.34
+++ sbin/pflogd/privsep.c 7 Dec 2020 18:08:45 -0000
@@ -131,7 +131,7 @@ priv_init(int Pflag, int argc, char *arg
signal(SIGINT, sig_pass_to_chld);
signal(SIGQUIT, sig_pass_to_chld);

- setproctitle("[priv]");
+ setproctitle("[priv] %s", interface);

if (unveil(_PATH_RESCONF, "r") == -1)
err(1, "unveil");

No comments:

Post a Comment