]>
Commit | Line | Data |
---|---|---|
d6bc33f3 GS |
1 | /* |
2 | * Copyright (c) 2014 Nicira, Inc. | |
3 | * | |
4 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
5 | * you may not use this file except in compliance with the License. | |
6 | * You may obtain a copy of the License at: | |
7 | * | |
8 | * http://www.apache.org/licenses/LICENSE-2.0 | |
9 | * | |
10 | * Unless required by applicable law or agreed to in writing, software | |
11 | * distributed under the License is distributed on an "AS IS" BASIS, | |
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
13 | * See the License for the specific language governing permissions and | |
14 | * limitations under the License. | |
15 | */ | |
16 | #include <config.h> | |
17 | #include "daemon.h" | |
3834bcf2 | 18 | #include "daemon-private.h" |
d6bc33f3 GS |
19 | #include <errno.h> |
20 | #include <fcntl.h> | |
21 | #include <unistd.h> | |
e6211adc TG |
22 | #include "util.h" |
23 | #include "ovs-thread.h" | |
24 | #include "openvswitch/vlog.h" | |
d6bc33f3 GS |
25 | |
26 | VLOG_DEFINE_THIS_MODULE(daemon); | |
27 | ||
28 | /* For each of the standard file descriptors, whether to replace it by | |
29 | * /dev/null (if false) or keep it for the daemon to use (if true). */ | |
30 | static bool save_fds[3]; | |
31 | ||
81d2f75c AA |
32 | /* Self Confinement is a security feature that introduces additional |
33 | * layer of defense where OVS in self-denying manner would refuse to connect | |
34 | * to or create unix domain sockets outside designated 'run' directory even | |
35 | * if remote (or local) OVSDB manager asked it to do so. This feature may | |
36 | * be disabled if Mandatory Access Control is used. */ | |
37 | static bool self_confine = true; | |
38 | ||
3834bcf2 GS |
39 | /* Will daemonize() really detach? */ |
40 | bool | |
41 | get_detach(void) | |
42 | { | |
43 | return detach; | |
44 | } | |
45 | ||
46 | /* If configured with set_pidfile() or set_detach(), creates the pid file and | |
47 | * detaches from the foreground session. */ | |
48 | void | |
49 | daemonize(void) | |
50 | { | |
e91b927d | 51 | daemonize_start(false); |
3834bcf2 GS |
52 | daemonize_complete(); |
53 | } | |
54 | ||
55 | /* Sets up a following call to daemonize() to create a pidfile named 'name'. | |
56 | * If 'name' begins with '/' (or contains ':' in windows), then it is treated | |
57 | * as an absolute path. Otherwise, it is taken relative to RUNDIR, | |
58 | * which is $(prefix)/var/run by default. | |
59 | * | |
60 | * If 'name' is null, then program_name followed by ".pid" is used. */ | |
61 | void | |
62 | set_pidfile(const char *name) | |
63 | { | |
64 | assert_single_threaded(); | |
65 | free(pidfile); | |
66 | pidfile = make_pidfile_name(name); | |
67 | } | |
68 | ||
81d2f75c AA |
69 | /* Disables self confinement. */ |
70 | void | |
71 | daemon_disable_self_confinement(void) | |
72 | { | |
73 | self_confine = false; | |
74 | } | |
75 | ||
76 | /* Returns true, if self-confinement should be enforced. | |
77 | * Otherwise, returns false. */ | |
78 | bool | |
79 | daemon_should_self_confine(void) | |
80 | { | |
81 | return self_confine; | |
82 | } | |
83 | ||
d6bc33f3 GS |
84 | /* A daemon doesn't normally have any use for the file descriptors for stdin, |
85 | * stdout, and stderr after it detaches. To keep these file descriptors from | |
86 | * e.g. holding an SSH session open, by default detaching replaces each of | |
87 | * these file descriptors by /dev/null. But a few daemons expect the user to | |
88 | * redirect stdout or stderr to a file, in which case it is desirable to keep | |
89 | * these file descriptors. This function, therefore, disables replacing 'fd' | |
90 | * by /dev/null when the daemon detaches. */ | |
91 | void | |
92 | daemon_save_fd(int fd) | |
93 | { | |
94 | ovs_assert(fd == STDIN_FILENO || | |
95 | fd == STDOUT_FILENO || | |
96 | fd == STDERR_FILENO); | |
97 | save_fds[fd] = true; | |
98 | } | |
99 | ||
100 | /* Returns a readable and writable fd for /dev/null, if successful, otherwise | |
101 | * a negative errno value. The caller must not close the returned fd (because | |
102 | * the same fd will be handed out to subsequent callers). */ | |
103 | static int | |
104 | get_null_fd(void) | |
105 | { | |
106 | static int null_fd; | |
107 | #ifndef _WIN32 | |
108 | char *device = "/dev/null"; | |
109 | #else | |
110 | char *device = "nul"; | |
111 | #endif | |
112 | ||
113 | if (!null_fd) { | |
114 | null_fd = open(device, O_RDWR); | |
115 | if (null_fd < 0) { | |
116 | int error = errno; | |
117 | VLOG_ERR("could not open %s: %s", device, ovs_strerror(error)); | |
118 | null_fd = -error; | |
119 | } | |
120 | } | |
121 | ||
122 | return null_fd; | |
123 | } | |
124 | ||
125 | /* Close standard file descriptors (except any that the client has requested we | |
126 | * leave open by calling daemon_save_fd()). If we're started from e.g. an SSH | |
127 | * session, then this keeps us from holding that session open artificially. */ | |
128 | void | |
129 | close_standard_fds(void) | |
130 | { | |
131 | int null_fd = get_null_fd(); | |
132 | if (null_fd >= 0) { | |
133 | int fd; | |
134 | ||
135 | for (fd = 0; fd < 3; fd++) { | |
136 | if (!save_fds[fd]) { | |
137 | dup2(null_fd, fd); | |
138 | } | |
139 | } | |
140 | } | |
141 | ||
142 | /* Disable logging to stderr to avoid wasting CPU time. */ | |
143 | vlog_set_levels(NULL, VLF_CONSOLE, VLL_OFF); | |
144 | } |