Please find below a better version and not so intrusive based on
httpd(8)
Index: control.c
===================================================================
RCS file: /cvs/src/usr.sbin/switchd/control.c,v
retrieving revision 1.8
diff -u -p -u -r1.8 control.c
--- control.c 17 Jan 2017 22:10:56 -0000 1.8
+++ control.c 2 Aug 2018 14:11:06 -0000
@@ -70,11 +70,10 @@ control_run(struct privsep *ps, struct p
/*
* pledge in the control process:
* stdio - for malloc and basic I/O including events.
- * cpath - for managing the control socket.
* unix - for the control socket.
* recvfd - for the proc fd exchange.
*/
- if (pledge("stdio cpath unix recvfd", NULL) == -1)
+ if (pledge("stdio unix recvfd", NULL) == -1)
fatal("pledge");
}
@@ -203,7 +202,6 @@ control_cleanup(struct control_sock *cs)
return;
event_del(&cs->cs_ev);
event_del(&cs->cs_evt);
- (void)unlink(cs->cs_name);
}
/* ARGSUSED */
Index: switchd.c
===================================================================
RCS file: /cvs/src/usr.sbin/switchd/switchd.c,v
retrieving revision 1.15
diff -u -p -u -r1.15 switchd.c
--- switchd.c 9 Jan 2017 14:49:22 -0000 1.15
+++ switchd.c 2 Aug 2018 14:11:06 -0000
@@ -196,11 +196,12 @@ main(int argc, char *argv[])
* stdio - for malloc and basic I/O including events.
* rpath - for reload to open and read the configuration files.
* wpath - for accessing the /dev/switch device.
+ * cpath - for managing the control socket.
* inet - for opening OpenFlow and device sockets.
* dns - for resolving host in the configuration files.
* sendfd - send sockets to child processes on reload.
*/
- if (pledge("stdio rpath wpath inet dns sendfd", NULL) == -1)
+ if (pledge("stdio rpath wpath cpath inet dns sendfd", NULL) == -1)
fatal("pledge");
event_init();
@@ -472,6 +473,9 @@ parent_dispatch_control(int fd, struct p
void
parent_shutdown(struct switchd *sc)
{
+ if (sc->sc_ps.ps_csock.cs_name != NULL)
+ (void)unlink(sc->sc_ps.ps_csock.cs_name);
+
proc_kill(&sc->sc_ps);
free(sc);
On 10:42 Thu 02 Aug , Ricardo Mestre wrote:
> Hi,
>
> It seems that switchd(8) suffers from the same issue I reported yesterday
> about
> eigrpd(8), the daemon when it's shutdown never deletes the unix control socket
> because that is being done from a chrooted process.
>
> This one nevertheless took a little bit more effort since I had to disentangle
> 2 struct event and 1 fd from struct control_sock into their own
> struct control_state, just like we have on other daemons.
>
> Also updated the pledge(2)s accordingly moving "cpath" from the chrooted proc
> to the main proc.
>
> Regression tests passed without issues and switchctl(8) also didn't complain.
>
> Comments? OK?
>
