summaryrefslogtreecommitdiff
path: root/nscd/selinux.c
diff options
context:
space:
mode:
authorSiddhesh Poyarekar <siddhesh@redhat.com>2014-03-03 22:51:39 +0530
committerSiddhesh Poyarekar <siddhesh@redhat.com>2014-03-03 23:18:31 +0530
commit532a60357ef4c5852cc1bf836cfd9d6f093ef204 (patch)
treeaaeea80df876694911a2058beec5a8004acebe78 /nscd/selinux.c
parentd6285c9f0b3972369356554727b1ede5a6eb0731 (diff)
downloadglibc-532a60357ef4c5852cc1bf836cfd9d6f093ef204.tar.gz
nscd: Improved support for tracking startup failure in nscd service (BZ #16639)
Currently, the nscd parent process parses commandline options and configuration, forks on startup and immediately exits with a success. If the child process encounters some error after this, it goes undetected and any services started up after it may have to repeatedly check to make sure that the nscd service did actually start up and is serving requests. To make this process more reliable, I have added a pipe between the parent and child process, through which the child process sends a notification to the parent informing it of its status. The parent waits for this status and once it receives it, exits with the corresponding exit code. So if the child service sends a success status (0), the parent exits with a success status. Similarly for error conditions, the child sends the non-zero status code, which the parent passes on as the exit code. This, along with setting the nscd service type to forking in its systemd configuration file, allows systemd to be certain that the nscd service is ready and is accepting connections.
Diffstat (limited to 'nscd/selinux.c')
-rw-r--r--nscd/selinux.c18
1 files changed, 9 insertions, 9 deletions
diff --git a/nscd/selinux.c b/nscd/selinux.c
index e477254251..46b0ea9779 100644
--- a/nscd/selinux.c
+++ b/nscd/selinux.c
@@ -179,7 +179,7 @@ preserve_capabilities (void)
if (prctl (PR_SET_KEEPCAPS, 1) == -1)
{
dbg_log (_("Failed to set keep-capabilities"));
- error (EXIT_FAILURE, errno, _("prctl(KEEPCAPS) failed"));
+ do_exit (EXIT_FAILURE, errno, _("prctl(KEEPCAPS) failed"));
/* NOTREACHED */
}
@@ -194,7 +194,7 @@ preserve_capabilities (void)
cap_free (tmp_caps);
dbg_log (_("Failed to initialize drop of capabilities"));
- error (EXIT_FAILURE, 0, _("cap_init failed"));
+ do_exit (EXIT_FAILURE, 0, _("cap_init failed"));
}
/* There is no reason why these should not work. */
@@ -216,7 +216,7 @@ preserve_capabilities (void)
{
cap_free (new_caps);
dbg_log (_("Failed to drop capabilities"));
- error (EXIT_FAILURE, 0, _("cap_set_proc failed"));
+ do_exit (EXIT_FAILURE, 0, _("cap_set_proc failed"));
}
return new_caps;
@@ -233,7 +233,7 @@ install_real_capabilities (cap_t new_caps)
{
cap_free (new_caps);
dbg_log (_("Failed to drop capabilities"));
- error (EXIT_FAILURE, 0, _("cap_set_proc failed"));
+ do_exit (EXIT_FAILURE, 0, _("cap_set_proc failed"));
/* NOTREACHED */
}
@@ -242,7 +242,7 @@ install_real_capabilities (cap_t new_caps)
if (prctl (PR_SET_KEEPCAPS, 0) == -1)
{
dbg_log (_("Failed to unset keep-capabilities"));
- error (EXIT_FAILURE, errno, _("prctl(KEEPCAPS) failed"));
+ do_exit (EXIT_FAILURE, errno, _("prctl(KEEPCAPS) failed"));
/* NOTREACHED */
}
}
@@ -258,7 +258,7 @@ nscd_selinux_enabled (int *selinux_enabled)
if (*selinux_enabled < 0)
{
dbg_log (_("Failed to determine if kernel supports SELinux"));
- exit (EXIT_FAILURE);
+ do_exit (EXIT_FAILURE, 0, NULL);
}
}
@@ -272,7 +272,7 @@ avc_create_thread (void (*run) (void))
rc =
pthread_create (&avc_notify_thread, NULL, (void *(*) (void *)) run, NULL);
if (rc != 0)
- error (EXIT_FAILURE, rc, _("Failed to start AVC thread"));
+ do_exit (EXIT_FAILURE, rc, _("Failed to start AVC thread"));
return &avc_notify_thread;
}
@@ -294,7 +294,7 @@ avc_alloc_lock (void)
avc_mutex = malloc (sizeof (pthread_mutex_t));
if (avc_mutex == NULL)
- error (EXIT_FAILURE, errno, _("Failed to create AVC lock"));
+ do_exit (EXIT_FAILURE, errno, _("Failed to create AVC lock"));
pthread_mutex_init (avc_mutex, NULL);
return avc_mutex;
@@ -334,7 +334,7 @@ nscd_avc_init (void)
avc_entry_ref_init (&aeref);
if (avc_init ("avc", NULL, &log_cb, &thread_cb, &lock_cb) < 0)
- error (EXIT_FAILURE, errno, _("Failed to start AVC"));
+ do_exit (EXIT_FAILURE, errno, _("Failed to start AVC"));
else
dbg_log (_("Access Vector Cache (AVC) started"));
#ifdef HAVE_LIBAUDIT