Branch data Line data Source code
1 : : /*
2 : : * Copyright (c) 2014 Nicira, Inc.
3 : : *
4 : : * Licensed under the Apache License, Version 2.0 (the "License");
5 : : * you may not use this file except in compliance with the License.
6 : : * You may obtain a copy of the License at:
7 : : *
8 : : * http://www.apache.org/licenses/LICENSE-2.0
9 : : *
10 : : * Unless required by applicable law or agreed to in writing, software
11 : : * distributed under the License is distributed on an "AS IS" BASIS,
12 : : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 : : * See the License for the specific language governing permissions and
14 : : * limitations under the License.
15 : : */
16 : : #include <config.h>
17 : : #include "daemon.h"
18 : : #include "daemon-private.h"
19 : : #include <errno.h>
20 : : #include <fcntl.h>
21 : : #include <unistd.h>
22 : : #include "util.h"
23 : : #include "ovs-thread.h"
24 : : #include "openvswitch/vlog.h"
25 : :
26 : 46658 : VLOG_DEFINE_THIS_MODULE(daemon);
27 : :
28 : : /* For each of the standard file descriptors, whether to replace it by
29 : : * /dev/null (if false) or keep it for the daemon to use (if true). */
30 : : static bool save_fds[3];
31 : :
32 : : /* Self Confinement is a security feature that introduces additional
33 : : * layer of defense where OVS in self-denying manner would refuse to connect
34 : : * to or create unix domain sockets outside designated 'run' directory even
35 : : * if remote (or local) OVSDB manager asked it to do so. This feature may
36 : : * be disabled if Mandatory Access Control is used. */
37 : : static bool self_confine = true;
38 : :
39 : : /* Will daemonize() really detach? */
40 : : bool
41 : 30 : get_detach(void)
42 : : {
43 : 30 : return detach;
44 : : }
45 : :
46 : : /* If configured with set_pidfile() or set_detach(), creates the pid file and
47 : : * detaches from the foreground session. */
48 : : void
49 : 3 : daemonize(void)
50 : : {
51 : 3 : daemonize_start(false);
52 : 1 : daemonize_complete();
53 : 1 : }
54 : :
55 : : /* Sets up a following call to daemonize() to create a pidfile named 'name'.
56 : : * If 'name' begins with '/' (or contains ':' in windows), then it is treated
57 : : * as an absolute path. Otherwise, it is taken relative to RUNDIR,
58 : : * which is $(prefix)/var/run by default.
59 : : *
60 : : * If 'name' is null, then program_name followed by ".pid" is used. */
61 : : void
62 : 2136 : set_pidfile(const char *name)
63 : : {
64 : 2136 : assert_single_threaded();
65 : 2136 : free(pidfile);
66 : 2136 : pidfile = make_pidfile_name(name);
67 : 2136 : }
68 : :
69 : : /* Disables self confinement. */
70 : : void
71 : 0 : daemon_disable_self_confinement(void)
72 : : {
73 : 0 : self_confine = false;
74 : 0 : }
75 : :
76 : : /* Returns true, if self-confinement should be enforced.
77 : : * Otherwise, returns false. */
78 : : bool
79 : 3 : daemon_should_self_confine(void)
80 : : {
81 : 3 : return self_confine;
82 : : }
83 : :
84 : : /* A daemon doesn't normally have any use for the file descriptors for stdin,
85 : : * stdout, and stderr after it detaches. To keep these file descriptors from
86 : : * e.g. holding an SSH session open, by default detaching replaces each of
87 : : * these file descriptors by /dev/null. But a few daemons expect the user to
88 : : * redirect stdout or stderr to a file, in which case it is desirable to keep
89 : : * these file descriptors. This function, therefore, disables replacing 'fd'
90 : : * by /dev/null when the daemon detaches. */
91 : : void
92 : 207 : daemon_save_fd(int fd)
93 : : {
94 [ + - ][ + + ]: 207 : ovs_assert(fd == STDIN_FILENO ||
[ + + ][ - + ]
95 : : fd == STDOUT_FILENO ||
96 : : fd == STDERR_FILENO);
97 : 207 : save_fds[fd] = true;
98 : 207 : }
99 : :
100 : : /* Returns a readable and writable fd for /dev/null, if successful, otherwise
101 : : * a negative errno value. The caller must not close the returned fd (because
102 : : * the same fd will be handed out to subsequent callers). */
103 : : static int
104 : 2072 : get_null_fd(void)
105 : : {
106 : : static int null_fd;
107 : : #ifndef _WIN32
108 : 2072 : char *device = "/dev/null";
109 : : #else
110 : : char *device = "nul";
111 : : #endif
112 : :
113 [ + + ]: 2072 : if (!null_fd) {
114 : 2068 : null_fd = open(device, O_RDWR);
115 [ - + ]: 2068 : if (null_fd < 0) {
116 : 0 : int error = errno;
117 [ # # ]: 0 : VLOG_ERR("could not open %s: %s", device, ovs_strerror(error));
118 : 0 : null_fd = -error;
119 : : }
120 : : }
121 : :
122 : 2072 : return null_fd;
123 : : }
124 : :
125 : : /* Close standard file descriptors (except any that the client has requested we
126 : : * leave open by calling daemon_save_fd()). If we're started from e.g. an SSH
127 : : * session, then this keeps us from holding that session open artificially. */
128 : : void
129 : 2072 : close_standard_fds(void)
130 : : {
131 : 2072 : int null_fd = get_null_fd();
132 [ + - ]: 2072 : if (null_fd >= 0) {
133 : : int fd;
134 : :
135 [ + + ]: 8288 : for (fd = 0; fd < 3; fd++) {
136 [ + + ]: 6216 : if (!save_fds[fd]) {
137 : 6010 : dup2(null_fd, fd);
138 : : }
139 : : }
140 : : }
141 : :
142 : : /* Disable logging to stderr to avoid wasting CPU time. */
143 : 2072 : vlog_set_levels(NULL, VLF_CONSOLE, VLL_OFF);
144 : 2072 : }
|
