diff options
author | Fabiano Fidêncio <fidencio@redhat.com> | 2017-01-08 23:27:57 +0100 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2017-01-25 12:33:12 +0100 |
commit | 087162b85e191af51637904702813969b35eaadc (patch) | |
tree | 56d4933d5c8cf9dae7cec107c32866b10ce2d6a3 /src/monitor | |
parent | 9657c178fb22bcbd3755db6d6fc2ec5f2e114841 (diff) | |
download | sssd-087162b85e191af51637904702813969b35eaadc.tar.gz sssd-087162b85e191af51637904702813969b35eaadc.tar.xz sssd-087162b85e191af51637904702813969b35eaadc.zip |
SERVER: Set the process group during server_setup()
By calling setpgid() in server_setup() we are able to kill the process
in the watchdog by simply doing kill(-getpid(), SIGTERM).
However, in order to have it working properly the SELinux policy for
SSSD has to be updated and unless SSSD is ran with SELinux on permissive
mode, each of the responders and the monitor will trigger a similar
message:
Jan 09 14:31:50 client1.ipa.example audit[11630]: AVC avc: denied
{ setpgid } for pid=11630 comm="sssd_pac"
scontext=system_u:system_r:sssd_t:s0
tcontext=system_u:system_r:sssd_t:s0 tclass=process permissive=0
It's important to say that till SELinux policy is fixed, we might end up
leaking some processes.
Related:
https://fedorahosted.org/sssd/ticket/3266
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src/monitor')
-rw-r--r-- | src/monitor/monitor.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index b7ca0ccd4..b82c6e5fb 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -1468,7 +1468,7 @@ static void monitor_quit(struct mt_ctx *mt_ctx, int ret) "Terminating [%s][%d]\n", svc->name, svc->pid); do { errno = 0; - kret = kill(svc->pid, SIGTERM); + kret = kill(-svc->pid, SIGTERM); if (kret < 0) { error = errno; DEBUG(SSSDBG_CRIT_FAILURE, "Couldn't kill [%s][%d]: [%s]\n", @@ -1489,7 +1489,7 @@ static void monitor_quit(struct mt_ctx *mt_ctx, int ret) "[%d][%s] while waiting for [%s]\n", error, strerror(error), svc->name); /* Forcibly kill this child */ - kill(svc->pid, SIGKILL); + kill(-svc->pid, SIGKILL); break; } } else if (pid != 0) { @@ -1504,7 +1504,7 @@ static void monitor_quit(struct mt_ctx *mt_ctx, int ret) DEBUG(SSSDBG_FATAL_FAILURE, "Child [%s] did not exit cleanly\n", svc->name); /* Forcibly kill this child */ - kill(svc->pid, SIGKILL); + kill(-svc->pid, SIGKILL); } killed = true; } |