Yep. It is possible we need a better strategy --- like placing *all* original argv in the [priv] title.
trondd <[email protected]> wrote: > Stuart Henderson <[email protected]> wrote: > > > On 2020-12-07, Harald Dunkel <[email protected]> wrote: > > > About the PIDs: Maybe a systctl like > > > > > > kernel.pid_max = 4194303 > > > > > > known from other OSes could help to reduce the risk for PID conflicts. > > > > This doesn't help if you actually want reliability, rather than just > > "reliable most of the time". > > > > There were also some concerns about what software would do with long > > PIDs - even on a very basic level that adds another couple of columns > > to top(1) output. > > > > > If you store the PID files on a volatile file system, so you can be sure > > > they are gone on the next reboot, anyway. > > > > /var/run is cleared at boot anyway - the problem is pid reuse during > > uptime of the system. > > > > One can check that the new pid is owned by a process of the correct name > > - but then the problem returns, the process name doesn't have enough > > information to uniquely identify it. And if that is fixed there's no > > need to save the pid. > > > > So if there's a problem to be fixed, it is to get the information into > > the other process string.. > > I think the user is looking for something like this. Putting the interface > name in the process title. > > Mabe this doesn't work for this use case or there is some other fallout. > And there may be other tweaks needed to support it, I don't have a dog in the > fight to go find them, though. > > Tim. > > > Index: etc/rc.d/pflogd > =================================================================== > RCS file: /cvs/src/etc/rc.d/pflogd,v > retrieving revision 1.3 > diff -u -p -r1.3 pflogd > --- etc/rc.d/pflogd 11 Jan 2018 19:52:12 -0000 1.3 > +++ etc/rc.d/pflogd 7 Dec 2020 18:08:23 -0000 > @@ -6,7 +6,7 @@ daemon="/sbin/pflogd" > > . /etc/rc.d/rc.subr > > -pexp="pflogd: \[priv\]" > +pexp="pflogd: \[priv\].*" > > rc_pre() { > if pfctl -si | grep -q Enabled; then > Index: sbin/pflogd/privsep.c > =================================================================== > RCS file: /cvs/src/sbin/pflogd/privsep.c,v > retrieving revision 1.34 > diff -u -p -r1.34 privsep.c > --- sbin/pflogd/privsep.c 27 Nov 2019 17:49:09 -0000 1.34 > +++ sbin/pflogd/privsep.c 7 Dec 2020 18:08:45 -0000 > @@ -131,7 +131,7 @@ priv_init(int Pflag, int argc, char *arg > signal(SIGINT, sig_pass_to_chld); > signal(SIGQUIT, sig_pass_to_chld); > > - setproctitle("[priv]"); > + setproctitle("[priv] %s", interface); > > if (unveil(_PATH_RESCONF, "r") == -1) > err(1, "unveil"); >
