summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--jaildaemon.c53
1 files changed, 28 insertions, 25 deletions
diff --git a/jaildaemon.c b/jaildaemon.c
index 9e2f6f7..a4e2d8d 100644
--- a/jaildaemon.c
+++ b/jaildaemon.c
@@ -112,26 +112,26 @@ static void fork_slave( int master_fd ) {
112 sigemptyset(&sa.sa_mask); 112 sigemptyset(&sa.sa_mask);
113 sa.sa_flags = SA_NOCLDWAIT; 113 sa.sa_flags = SA_NOCLDWAIT;
114 if( sigaction(SIGCHLD, &sa, NULL) == -1 ) 114 if( sigaction(SIGCHLD, &sa, NULL) == -1 )
115 exerr( "when trying to enable auto reap" ); 115 exerr( "Error: Can not enable auto reap." );
116 116
117 /* Wait for command from master */ 117 /* Wait for command from master */
118 while(1) { 118 while(1) {
119 switch( read( master_fd, g_ipc_packet, sizeof(g_ipc_packet) ) ) { 119 switch( read( master_fd, g_ipc_packet, sizeof(g_ipc_packet) ) ) {
120 case -1: 120 case -1:
121 exerr( "reading commands from master's socket" ); 121 exerr( "Error: Can not read command from master's socket." );
122 case IPC_PACKETSIZE: 122 case IPC_PACKETSIZE:
123 /* Decode packet and throw a forked child */ 123 /* Decode packet and throw a forked child */
124 *(pid_t*)g_ipc_packet = fork_and_jail( 124 *(pid_t*)g_ipc_packet = fork_and_jail(
125 g_ipc_packet_int[0], g_ipc_packet + sizeof(int) ); 125 g_ipc_packet_int[0], g_ipc_packet + sizeof(int) );
126 if( write( master_fd, g_ipc_packet, sizeof(pid_t) ) != 126 if( write( master_fd, g_ipc_packet, sizeof(pid_t) ) !=
127 sizeof(pid_t) ) 127 sizeof(pid_t) )
128 exerr( "replying to master" ); 128 exerr( "Error: Can not reply to master." );
129 break; 129 break;
130 case 0: 130 case 0:
131 /* Remote end closed, bye */ 131 /* Remote end closed, bye */
132 exit(0); 132 exit(0);
133 default: 133 default:
134 exerr( "ignoring corrupt command packet" ); 134 exerr( "Error: Received corrupt command packet." );
135 break; 135 break;
136 } 136 }
137 } 137 }
@@ -141,12 +141,12 @@ static int fork_fork_slave( ) {
141 int sockets[2]; 141 int sockets[2];
142 142
143 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockets) < 0) 143 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockets) < 0)
144 exerr( "opening stream socket pair"); 144 exerr( "Error: Can not open stream socket pair." );
145 145
146 switch( fork() ) { 146 switch( fork() ) {
147 case -1: 147 case -1:
148 pidfile_remove( g_pidfilehandle ); 148 pidfile_remove( g_pidfilehandle );
149 exerr( "forking fork slave"); 149 exerr( "Error: Can not fork fork slave." );
150 break; 150 break;
151 case 0: 151 case 0:
152 /* I am child, close master's socket fd */ 152 /* I am child, close master's socket fd */
@@ -202,7 +202,7 @@ static pid_t fork_and_jail( int jid, char * proctitle ) {
202 202
203 /* Throw ourself into the jail */ 203 /* Throw ourself into the jail */
204 if( jail_attach( jid ) ) 204 if( jail_attach( jid ) )
205 exerr( "when attaching to jail %d", jid ); 205 exerr( "Error: Can not attach process to jail %d.", jid );
206 206
207 /* wait for SIGHUP */ 207 /* wait for SIGHUP */
208 sigemptyset(&sigset); 208 sigemptyset(&sigset);
@@ -334,11 +334,11 @@ static int add_task_to_kqueue( int kq, daemon_task * t_in ) {
334 IPC_PACKETSIZE - sizeof(int) ); 334 IPC_PACKETSIZE - sizeof(int) );
335 if( write( g_fork_slave_fd, g_ipc_packet, IPC_PACKETSIZE ) != 335 if( write( g_fork_slave_fd, g_ipc_packet, IPC_PACKETSIZE ) !=
336 IPC_PACKETSIZE ) 336 IPC_PACKETSIZE )
337 exerr( "sending task to fork slave" ); 337 exerr( "Error: Can not send task to fork slave." );
338 338
339 if( read( g_fork_slave_fd, g_ipc_packet, sizeof(pid_t) ) < 339 if( read( g_fork_slave_fd, g_ipc_packet, sizeof(pid_t) ) <
340 (ssize_t)sizeof(pid_t) ) 340 (ssize_t)sizeof(pid_t) )
341 exerr( "receiving pid from fork slave" ); 341 exerr( "Error: Can not receive pid from fork slave." );
342 342
343 /* Expect reply from fork slave */ 343 /* Expect reply from fork slave */
344 pid = *(pid_t*)g_ipc_packet; 344 pid = *(pid_t*)g_ipc_packet;
@@ -405,7 +405,7 @@ int main( int argc, char **argv ) {
405 /* If we are not started from root, there is not much we can do, 405 /* If we are not started from root, there is not much we can do,
406 neither access the unix domain socket.*/ 406 neither access the unix domain socket.*/
407 if( getuid() != 0 ) 407 if( getuid() != 0 )
408 exerr( "when starting. Need to run as root." ); 408 exerr( "Error: Need to run as root." );
409 409
410 i=1; 410 i=1;
411 while(i) { 411 while(i) {
@@ -430,7 +430,7 @@ int main( int argc, char **argv ) {
430 430
431 /* Setup unix domain socket descriptors */ 431 /* Setup unix domain socket descriptors */
432 if( ( g_uds = socket( AF_UNIX, SOCK_DGRAM, 0 ) ) < 0 ) 432 if( ( g_uds = socket( AF_UNIX, SOCK_DGRAM, 0 ) ) < 0 )
433 exerr( "Can not create control channel." ); 433 exerr( "Error: Can not create control channel." );
434 434
435 /* Allow huge packets on our unix domain socket */ 435 /* Allow huge packets on our unix domain socket */
436 setsockopt( g_uds, SOL_SOCKET, SO_SNDBUF, &ipc_bytes, sizeof(ipc_bytes) ); 436 setsockopt( g_uds, SOL_SOCKET, SO_SNDBUF, &ipc_bytes, sizeof(ipc_bytes) );
@@ -458,7 +458,7 @@ int main( int argc, char **argv ) {
458 458
459 if( text_off + 2 + o_command_len + o_proctitle_len > 459 if( text_off + 2 + o_command_len + o_proctitle_len >
460 g_ipc_packet + IPC_PACKETSIZE ) 460 g_ipc_packet + IPC_PACKETSIZE )
461 exerr( "Command line and proc title too long" ); 461 exerr( "Error: Command line and proc title are too long" );
462 462
463 g_ipc_packet_int[0] = o_respawn; 463 g_ipc_packet_int[0] = o_respawn;
464 g_ipc_packet_int[1] = o_jid; 464 g_ipc_packet_int[1] = o_jid;
@@ -473,7 +473,8 @@ int main( int argc, char **argv ) {
473 ipc_bytes = sendto( g_uds, g_ipc_packet, IPC_PACKETSIZE, 0, 473 ipc_bytes = sendto( g_uds, g_ipc_packet, IPC_PACKETSIZE, 0,
474 (struct sockaddr*)&addr, sizeof(addr) ); 474 (struct sockaddr*)&addr, sizeof(addr) );
475 if( ipc_bytes != IPC_PACKETSIZE ) 475 if( ipc_bytes != IPC_PACKETSIZE )
476 exerr( "sending command to daemon. Maybe it is not running?" ); 476 exerr( "Error: Can not send command to daemon."
477 " Maybe it is not running?" );
477 478
478 exit(0); 479 exit(0);
479 } 480 }
@@ -482,7 +483,8 @@ int main( int argc, char **argv ) {
482 483
483 if( !( g_pidfilehandle = pidfile_open(o_pidfile, 0600, &second_pid ) ) ) { 484 if( !( g_pidfilehandle = pidfile_open(o_pidfile, 0600, &second_pid ) ) ) {
484 if (errno == EEXIST) 485 if (errno == EEXIST)
485 exerr( "jaildaemon already running." ); 486 exerr( "Error: %s already running (pid %d).", argv[0],
487 (int)second_pid );
486 488
487 /* If we cannot create pidfile from other reasons, only warn. */ 489 /* If we cannot create pidfile from other reasons, only warn. */
488 warn( "Cannot open or create pidfile" ); 490 warn( "Cannot open or create pidfile" );
@@ -494,8 +496,9 @@ int main( int argc, char **argv ) {
494 if( sendto( g_uds, g_ipc_packet, 0, 0, 496 if( sendto( g_uds, g_ipc_packet, 0, 0,
495 (struct sockaddr*)&addr, sizeof(addr) ) == 0 ) { 497 (struct sockaddr*)&addr, sizeof(addr) ) == 0 ) {
496 if( !o_force_daemon ) 498 if( !o_force_daemon )
497 exerr( "Found command channel. Refusing to overwrite a working one." 499 exerr( "Error: Detected a working command channel on %s.\n"
498 " Another server may be running. Force with -F."); 500 "Refusing to overwrite a working one. Another server may"
501 " be running. Force with -F.", g_uds_path );
499 else 502 else
500 warn( "Forcing start of daemon despite working command channel." ); 503 warn( "Forcing start of daemon despite working command channel." );
501 } 504 }
@@ -504,7 +507,7 @@ int main( int argc, char **argv ) {
504 initialized memory yet. Communicate with this slave via socketpair */ 507 initialized memory yet. Communicate with this slave via socketpair */
505 if( daemon(1,0) == -1 ) { 508 if( daemon(1,0) == -1 ) {
506 pidfile_remove(g_pidfilehandle); 509 pidfile_remove(g_pidfilehandle);
507 exerr( "daemonzing" ); 510 exerr( "Error: Can not daemonize" );
508 } 511 }
509 512
510 pidfile_write(g_pidfilehandle); 513 pidfile_write(g_pidfilehandle);
@@ -527,24 +530,24 @@ int main( int argc, char **argv ) {
527 syslog, now */ 530 syslog, now */
528 unlink(g_uds_path); 531 unlink(g_uds_path);
529 if (bind(g_uds, (struct sockaddr*)&addr, sizeof(addr)) == -1) 532 if (bind(g_uds, (struct sockaddr*)&addr, sizeof(addr)) == -1)
530 exerr( "binding to command channel. Maybe another daemon is running?" ); 533 exerr( "Error: Can not create command channel." );
531 534
532 /* We do not care for the spawned process -- it is checked for in our 535 /* We do not care for the spawned process -- it is checked for in our
533 kqueue filter. So just ignore SIGCHLD */ 536 kqueue filter. So just ignore SIGCHLD */
534 memset( &sa, 0, sizeof( sa ) ); 537 memset( &sa, 0, sizeof( sa ) );
535 sa.sa_flags = SA_NOCLDWAIT; 538 sa.sa_flags = SA_NOCLDWAIT;
536 if( sigaction(SIGCHLD, &sa, NULL) == -1 ) 539 if( sigaction(SIGCHLD, &sa, NULL) == -1 )
537 exerr( "when trying to enable auto reap" ); 540 exerr( "Error: Can not enabling auto reap." );
538 541
539 /* When dying gracefully, this signal handler sends TERM signals to all 542 /* When dying gracefully, this signal handler sends TERM signals to all
540 probes */ 543 probes */
541 sa.sa_handler = term_handler; 544 sa.sa_handler = term_handler;
542 if( sigaction(SIGTERM, &sa, NULL) == -1 ) 545 if( sigaction(SIGTERM, &sa, NULL) == -1 )
543 exerr( "when trying to install TERM handler" ); 546 exerr( "Error: Can not install TERM handler." );
544 547
545 /* Create our kqueue */ 548 /* Create our kqueue */
546 if( ( kq = kqueue( ) ) == -1 ) 549 if( ( kq = kqueue( ) ) == -1 )
547 exerr( "when create kqueue" ); 550 exerr( "Error: Can not create kqueue." );
548 551
549 /* Add our command uds to our kevent list */ 552 /* Add our command uds to our kevent list */
550 memset( &ke, 0, sizeof(ke) ); 553 memset( &ke, 0, sizeof(ke) );
@@ -565,7 +568,7 @@ int main( int argc, char **argv ) {
565 g_probes = malloc( sizeof(pid_t) * PROBES_VECTOR_SIZE ); 568 g_probes = malloc( sizeof(pid_t) * PROBES_VECTOR_SIZE );
566 g_probes_size = PROBES_VECTOR_SIZE; 569 g_probes_size = PROBES_VECTOR_SIZE;
567 if( !g_probes ) 570 if( !g_probes )
568 exerr( "allocating memory." ); 571 exerr( "Error: Out of memory." );
569 memset( g_probes, 0, sizeof(pid_t) * PROBES_VECTOR_SIZE ); 572 memset( g_probes, 0, sizeof(pid_t) * PROBES_VECTOR_SIZE );
570 atexit( kill_all_probes ); 573 atexit( kill_all_probes );
571 574
@@ -576,7 +579,7 @@ int main( int argc, char **argv ) {
576 case -1: 579 case -1:
577 if( errno == EINTR ) 580 if( errno == EINTR )
578 continue; 581 continue;
579 exerr( "when reading from kqueue" ); 582 exerr( "Error: Can not read from kqueue." );
580 case 0: 583 case 0:
581 continue; 584 continue;
582 default: 585 default:
@@ -666,14 +669,14 @@ int main( int argc, char **argv ) {
666 or that something strange is going on over there. For now 669 or that something strange is going on over there. For now
667 we only warn, we may switch to exerr() in the future. */ 670 we only warn, we may switch to exerr() in the future. */
668 if( ke.flags == EV_EOF ) 671 if( ke.flags == EV_EOF )
669 exerr( "Fork slave died. We die, too." ); 672 exerr( "Error: Fork slave died. We die, too." );
670 else 673 else
671 warn( "Spurious packet from fork slave." ); 674 warn( "Spurious packet from fork slave." );
672 } 675 }
673 break; 676 break;
674 case EVFILT_VNODE: 677 case EVFILT_VNODE:
675 if( (int)ke.ident == g_uds && ke.fflags == NOTE_DELETE ) 678 if( (int)ke.ident == g_uds && ke.fflags == NOTE_DELETE )
676 exerr( "Control channel was deleted. Quitting." ); 679 exerr( "Error: Control channel was deleted. Quitting." );
677 break; 680 break;
678 default: 681 default:
679 break; 682 break;
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 04:58:26 +0000