]>
git.proxmox.com Git - mirror_ovs.git/blob - lib/daemon.c
2 * Copyright (c) 2014 Nicira, Inc.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 #include "daemon-private.h"
23 #include "ovs-thread.h"
24 #include "openvswitch/vlog.h"
26 VLOG_DEFINE_THIS_MODULE(daemon
);
28 /* For each of the standard file descriptors, whether to replace it by
29 * /dev/null (if false) or keep it for the daemon to use (if true). */
30 static bool save_fds
[3];
32 /* Self Confinement is a security feature that introduces additional
33 * layer of defense where OVS in self-denying manner would refuse to connect
34 * to or create unix domain sockets outside designated 'run' directory even
35 * if remote (or local) OVSDB manager asked it to do so. This feature may
36 * be disabled if Mandatory Access Control is used. */
37 static bool self_confine
= true;
39 /* Will daemonize() really detach? */
46 /* If configured with set_pidfile() or set_detach(), creates the pid file and
47 * detaches from the foreground session. */
51 daemonize_start(false);
55 /* Sets up a following call to daemonize() to create a pidfile named 'name'.
56 * If 'name' begins with '/' (or contains ':' in windows), then it is treated
57 * as an absolute path. Otherwise, it is taken relative to RUNDIR,
58 * which is $(prefix)/var/run by default.
60 * If 'name' is null, then program_name followed by ".pid" is used. */
62 set_pidfile(const char *name
)
64 assert_single_threaded();
66 pidfile
= make_pidfile_name(name
);
69 /* Disables self confinement. */
71 daemon_disable_self_confinement(void)
76 /* Returns true, if self-confinement should be enforced.
77 * Otherwise, returns false. */
79 daemon_should_self_confine(void)
84 /* A daemon doesn't normally have any use for the file descriptors for stdin,
85 * stdout, and stderr after it detaches. To keep these file descriptors from
86 * e.g. holding an SSH session open, by default detaching replaces each of
87 * these file descriptors by /dev/null. But a few daemons expect the user to
88 * redirect stdout or stderr to a file, in which case it is desirable to keep
89 * these file descriptors. This function, therefore, disables replacing 'fd'
90 * by /dev/null when the daemon detaches. */
92 daemon_save_fd(int fd
)
94 ovs_assert(fd
== STDIN_FILENO
||
95 fd
== STDOUT_FILENO
||
100 /* Returns a readable and writable fd for /dev/null, if successful, otherwise
101 * a negative errno value. The caller must not close the returned fd (because
102 * the same fd will be handed out to subsequent callers). */
108 char *device
= "/dev/null";
110 char *device
= "nul";
114 null_fd
= open(device
, O_RDWR
);
117 VLOG_ERR("could not open %s: %s", device
, ovs_strerror(error
));
125 /* Close standard file descriptors (except any that the client has requested we
126 * leave open by calling daemon_save_fd()). If we're started from e.g. an SSH
127 * session, then this keeps us from holding that session open artificially. */
129 close_standard_fds(void)
131 int null_fd
= get_null_fd();
135 for (fd
= 0; fd
< 3; fd
++) {
142 /* Disable logging to stderr to avoid wasting CPU time. */
143 vlog_set_levels(NULL
, VLF_CONSOLE
, VLL_OFF
);