[rsyslog] Privilege drop makes stopping it (via Ubuntu upstart) to hang

Rainer Gerhards rgerhards at hq.adiscon.com
Wed Jan 9 12:16:01 CET 2013


> -----Original Message-----
> From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
> bounces at lists.adiscon.com] On Behalf Of Radu Gheorghe
> Sent: Wednesday, January 09, 2013 12:14 PM
> To: rsyslog-users
> Subject: Re: [rsyslog] Privilege drop makes stopping it (via Ubuntu
> upstart) to hang
> 
> 2013/1/9 Rainer Gerhards <rgerhards at hq.adiscon.com>
> 
> > Radu,
> >
> > please help me getting this straight. Are you saying I should provide
> a
> > facility to write a second pid file, which contains the pid of the
> forked
> > rsyslog process (the one that actually carries out the work)? And
> Andre
> > must use that second pid file somewhere inside his Ubuntu package?
> >
> 
> That seems to be one option. Not sure if it's be best one. I was
> planning
> to poke you about this topic once I had some more time to look at it
> (this
> week, anyway). But thanks for bringing it up!
> 
> The problem seems to be a bit wider than that - as I think I ran into
> it
> with CentOS as well. And I guess it would apply to anything that tries
> to
> stop an rsyslog instance which started with dropped privileges. But of
> course the solution shouldn't break init/upstart scripts that start
> rsyslog
> without dropping privileges...
> 
> 
> >
> > Sorry for trying to not digging to deep into the Ubuntu-specifics,
> mine
> > are probably very basic questions ;)
> >
> 
> As you can probably see, I don't have things figured out either. So I
> suggest I'll come back with some clear(er) suggestions or questions
> later
> this week.

Sure, no need to hurry. I just try to clean out my 2012 todo list ;-)

> 
> Unless you have a solution which you know is OK, in which case I will
> only
> have to test it and report back if it works :D

Definitely not :-(

Rainer
> 
> Best regards,
> Radu
> 
> 
> >
> > Rainer
> >
> > > -----Original Message-----
> > > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
> > > bounces at lists.adiscon.com] On Behalf Of Radu Gheorghe
> > > Sent: Friday, December 21, 2012 4:53 PM
> > > To: rsyslog-users
> > > Subject: Re: [rsyslog] Privilege drop makes stopping it (via Ubuntu
> > > upstart) to hang
> > >
> > > Hi Andre,
> > >
> > > Yes, I think that's the best way to go. I think we should discuss
> this
> > > again after the holidays :)
> > >
> > > Best regards,
> > > Radu
> > >
> > >
> > > 2012/12/21 Andre Lorbach <alorbach at ro1.adiscon.com>
> > >
> > > > In this case I will postpone adding the changed upstart script
> into
> > > the
> > > > packages.
> > > > However it seems save legit to remove the "-c5" parameter from
> > > > rsyslog.default so far.
> > > >
> > > > Best regards,
> > > > Andre Lorbach
> > > >
> > > > > -----Original Message-----
> > > > > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
> > > > > bounces at lists.adiscon.com] On Behalf Of Radu Gheorghe
> > > > > Sent: Freitag, 21. Dezember 2012 12:53
> > > > > To: rsyslog-users
> > > > > Subject: Re: [rsyslog] Privilege drop makes stopping it (via
> Ubuntu
> > > > upstart) to
> > > > > hang
> > > > >
> > > > > Right! Thanks for your input, Michael!
> > > > >
> > > > > I was just about to send the files when I thought if my changes
> > > wouldn't
> > > > > break the "traditional" init script. And it would - init script
> > > waits
> > > > indefinitely.
> > > > > So I've added "-n" to the upstart conf instead of the
> /etc/default
> > > file,
> > > > to
> > > > > prevent such issues.
> > > > >
> > > > > Attached you can find the two modified files. But as Michael
> > > pointed
> > > > out, this
> > > > > seems a bit hackish. For example, the init script doesn't work
> with
> > > > dropped
> > > > > privileges, either. It just stands there indefinitely.
> > > > >
> > > > > Sure, we can add --background to start-stop-daemon in there,
> but
> > > we'd
> > > > have
> > > > > the same issues as with the upstart script. What's more, it
> > > wouldn't know
> > > > > whether rsyslog started successfully (got that from `man start-
> > > stop-
> > > > > daemon`).
> > > > >
> > > > > Would it be an option to write the parent PID in the PID file
> in
> > > case of
> > > > > dropped privileges? I think that would help the restarting part
> and
> > > > scripts can
> > > > > remain untouched.
> > > > >
> > > > > Best regards,
> > > > > Radu
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > 2012/12/21 Michael Biebl <mbiebl at gmail.com>
> > > > >
> > > > > > 2012/12/21 Radu Gheorghe <radu0gheorghe at gmail.com>:
> > > > > > > Thanks Rainer! It actually works like that, if you comment
> out
> > > > > > > "expect fork" from /etc/init/rsyslog.conf
> > > > > >
> > > > > > Just wanted to mention that removing the forking has an
> > > unpleasant
> > > > > > side-effect:
> > > > > >
> > > > > > Forking in daemons is usually a way to signal that it has
> setup
> > > its
> > > > > > communication channels (sockets to read from etc).
> > > > > > Upstart would only fire the "rsyslog started" event once that
> > > fork
> > > > > > happened.
> > > > > > Now, removing forking from the upstart job file means,
> upstart
> > > fires
> > > > > > "rsyslog started" as soon as the binary has been spawned but
> this
> > > > > > doesn't necessarily mean it is ready yet to listen on
> /dev/log.
> > > > > > Subsequent daemons relying on syslog are possibly started too
> > > early
> > > > > > and there is a chance that you lose syslog messages as the
> > > startup
> > > > > > sequence has become racy.
> > > > > > So removing the forking from the upstart job file has some
> > > > > > consequences you need to be aware of.
> > > > > > (fwiw, systemd solves that problem rather nicely).
> > > > > >
> > > > > > Cheers,
> > > > > > Michael
> > > > > >
> > > > > > --
> > > > > > Why is it that all of the instruments seeking intelligent
> life in
> > > the
> > > > > > universe are pointed away from Earth?
> > > > > > _______________________________________________
> > > > > > rsyslog mailing list
> > > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > > > > http://www.rsyslog.com/professional-services/
> > > > > > What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE
> > > > > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> > > myriad of
> > > > > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
> if
> > > you
> > > > > > DON'T LIKE THAT.
> > > > > >
> > > > _______________________________________________
> > > > rsyslog mailing list
> > > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > > http://www.rsyslog.com/professional-services/
> > > > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> > > myriad
> > > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
> if
> > > you
> > > > DON'T LIKE THAT.
> > > >
> > > _______________________________________________
> > > rsyslog mailing list
> > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > http://www.rsyslog.com/professional-services/
> > > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> > > myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
> POST
> > > if you DON'T LIKE THAT.
> > _______________________________________________
> > rsyslog mailing list
> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> myriad
> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
> you
> > DON'T LIKE THAT.
> >
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
> if you DON'T LIKE THAT.


More information about the rsyslog mailing list