On Thu, 2014-10-02 at 22:03:37 +0100, Steven Chamberlain wrote: > On 19:34, Guillem Jover wrote: > > In dpkg 1.17.13 I switched start-stop-daemon on GNU/kFreeBSD to use > > the native kFreeBSD backend using libkvm instead of using the Linux > > backend through linprocfs. > > Ahhh I did wonder about that. start-stop-daemon had problems inside > of jails due to this; KVM needs /dev/mem, and that usually should not > be available inside a jail.
Oh, feel free to file a bug in the future if any such regressions happen again. After checking the s-s-d and libkvm code again now, it seems it does not require any kvm_read(3) at all, so /dev/mem should not be needed either, could you try the attached patch on a jail? (I need to recover my damaged GNU/kFreeBSD system, as now I only have access to porter boxes. :/ ) > > Requiring linprocfs has always seemed > > somewhat wrong to me, more so when on FreeBSD procfs is actually > > optional. > > I'm usually uncomfortable seeing userland use libkvm to look at kernel > internals, because unlike FreeBSD, we need to support mismatching > versions of kernel and userland (e.g. sid chroot on the stable buildds). Sure, although because in this case the code will not end up using kvm_read(3), only stuff returned by sysctl(2), it should be safer, or is that not guaranteed to be compatible either between major versions? > Most of Debian GNU userland expects linprocfs so, even though it seems > kind of lame to a FreeBSD person, it's useful to us as a psuedo-standard > interface that is always available (including jails and any properly- > constructed chroot). Still, I'd prefer for s-s-d not to be the one requiring this. > > This means the library is now part of dpkg's Pre-Depends only on > > GNU/kFreeBSD. But I forgot to bring it up here as per policy ยง3.5 > > before the upload. Doing so now, but if there's no consensus, I'll > > revert the change. Sorry about that. > > No problem. Does that mean you'd happily revert to using linprocfs? If there's no better option, yes. Right now I'm thinking to merge the attached patch for 1.17.14 as a hotfix, and then switch to a pure sysctl(2) implementation for 1.17.15, so that we can get rid of the libkvm dependency. Otherwise revert to linprocfs. Does that sound good? Thanks, Guillem
diff --git a/utils/start-stop-daemon.c b/utils/start-stop-daemon.c index fd08b94..e97e86c 100644 --- a/utils/start-stop-daemon.c +++ b/utils/start-stop-daemon.c @@ -103,6 +103,11 @@ #ifdef HAVE_KVM_H #include <kvm.h> +#if defined(OSFreeBSD) +#define KVM_MEMFILE "/dev/null" +#else +#define KVM_MEMFILE NULL +#endif #endif #ifdef _POSIX_PRIORITY_SCHEDULING @@ -1324,7 +1329,7 @@ pid_is_exec(pid_t pid, const struct stat *esb) char **pid_argv_p; char *start_argv_0_p, *end_argv_0_p; - kd = kvm_openfiles(NULL, NULL, NULL, O_RDONLY, errbuf); + kd = kvm_openfiles(NULL, KVM_MEMFILE, NULL, O_RDONLY, errbuf); if (kd == NULL) errx(1, "%s", errbuf); kp = kvm_getprocs(kd, KERN_PROC_PID, pid, &nentries); @@ -1413,7 +1418,7 @@ pid_is_child(pid_t pid, pid_t ppid) char errbuf[_POSIX2_LINE_MAX]; pid_t proc_ppid; - kd = kvm_openfiles(NULL, NULL, NULL, O_RDONLY, errbuf); + kd = kvm_openfiles(NULL, KVM_MEMFILE, NULL, O_RDONLY, errbuf); if (kd == NULL) errx(1, "%s", errbuf); kp = kvm_getprocs(kd, KERN_PROC_PID, pid, &nentries); @@ -1475,7 +1480,7 @@ pid_is_user(pid_t pid, uid_t uid) struct kinfo_proc *kp; char errbuf[_POSIX2_LINE_MAX]; - kd = kvm_openfiles(NULL, NULL, NULL, O_RDONLY, errbuf); + kd = kvm_openfiles(NULL, KVM_MEMFILE, NULL, O_RDONLY, errbuf); if (kd == NULL) errx(1, "%s", errbuf); kp = kvm_getprocs(kd, KERN_PROC_PID, pid, &nentries); @@ -1562,7 +1567,7 @@ pid_is_cmd(pid_t pid, const char *name) struct kinfo_proc *kp; char errbuf[_POSIX2_LINE_MAX], *process_name; - kd = kvm_openfiles(NULL, NULL, NULL, O_RDONLY, errbuf); + kd = kvm_openfiles(NULL, KVM_MEMFILE, NULL, O_RDONLY, errbuf); if (kd == NULL) errx(1, "%s", errbuf); kp = kvm_getprocs(kd, KERN_PROC_PID, pid, &nentries); @@ -1735,7 +1740,7 @@ do_procinit(void) char errbuf[_POSIX2_LINE_MAX]; enum status_code prog_status = STATUS_DEAD; - kd = kvm_openfiles(NULL, NULL, NULL, O_RDONLY, errbuf); + kd = kvm_openfiles(NULL, KVM_MEMFILE, NULL, O_RDONLY, errbuf); if (kd == NULL) errx(1, "%s", errbuf); kp = kvm_getprocs(kd, KERN_PROC_ALL, 0, &nentries);
