[Pkg-sysvinit-devel] Bug#738855: initscripts: Skip killing process starting with @
Dimitri John Ledkov
xnox at debian.org
Thu Feb 13 20:58:33 UTC 2014
On 13 February 2014 15:05, Helmut Grohne <helmut at subdivi.de> wrote:
> Hi Dimitri,
> On Thu, Feb 13, 2014 at 01:58:23PM +0000, Dmitrijs Ledkovs wrote:
>> There is convention starting that processes whos name starts with '@'
>> shouldn't be killed. It is used to indicate that process is needed to
>> manage root device / cleanly unmount the root filesystem.
>> At least mdadm supports it for it's 'mdmon' process which is daemon
>> needed to manage containers (aka fakeraid controllers - Intel Matrix
>> Raid and DDF).
>> I've implemented a patch using pgrep, thus it's optional code in
>> sendsigs if pgrep is not available.
> Are you sure that the described behaviour is desirable at all?
> I argue that evading sendsigs should be a privileged operation. If it
> isn't, I can simply rename my process to start with an '@' and block
> umounting filesystems possibly causing data loss (due to failing
> umount). I am not sure that the drafted scenario can actually happen in
> practise, but from a first glance it seems to be the case. Thus applying
> your patch would open up the possibility for data loss.
> Do you concur with this reasoning?
> Yes -> Please close this bug.
> No -> Please explain in what way my argument is flawed.
Yes, but no don't close this bug-report.
How about limiting it to processes running as root?
E.g. pgrep -u root -f "^@" ?
That way there is no loop-hole opened, since those processes could
have written to /run/sendsigs.omit.d/ already.
> Maybe mdmon should use the existing mechanism and write its PID to
> /run/sendsigs.omit.d/mdmon instead?
This is what is currently done in mdadm/stop init script.
Writing out a pidfile (and or otherwise copying them around is ok) but
it is debian [derivative] specific as far as I can tell.
Where is "@" convention is supported by a larger amount of
distributions and other initsystems (e.g. systemd).
( http://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons/ )
Writing out a pid-file should be avoided, especially since that is
optional across all init systems and un-desirable for newer ones.
Also, processes could be started off-root (e.g. initramfs) and/or
otherwise not hold-up unmounting root.
Thus I find "@" convention useful and lightweight self-identification.
More information about the Pkg-sysvinit-devel