Control: retitle -1 initscripts: Skip killing root-owned process starting with @
On Thu, Feb 13, 2014 at 08:58:33PM +0000, Dimitri John Ledkov wrote: > How about limiting it to processes running as root? > > E.g. pgrep -u root -f "^@" ? > > That way there is no loop-hole opened, since those processes could > have written to /run/sendsigs.omit.d/ already. I concur with this remedy. Can you update your patch or remove the patch tag? > Writing out a pidfile (and or otherwise copying them around is ok) but > it is debian [derivative] specific as far as I can tell. > Where is "@" convention is supported by a larger amount of > distributions and other initsystems (e.g. systemd). > ( http://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons/ ) > Writing out a pid-file should be avoided, especially since that is > optional across all init systems and un-desirable for newer ones. > Also, processes could be started off-root (e.g. initramfs) and/or > otherwise not hold-up unmounting root. > Thus I find "@" convention useful and lightweight self-identification. Thanks for pointing out the rationale and documentation. Did you notice that the referenced documentation explicitly restricts the technique to root-owned processes? Thanks for not introducing a security issue. :) Helmut _______________________________________________ Pkg-sysvinit-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-sysvinit-devel
