[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: spiped process matching on OpenBSD



Aside from "make OpenBSD support pid files" (which I'm guessing is not an
option) and "match the source address", the other option which occurs to me
is to fake argv[0].  The spiped daemon doesn't care what you put there (aside
from using it when printing warnings) so if you have something like djb's
argv0 utility you could have several spiped processes with different "daemon
names".  (For that matter, even without argv0 you could create links to let
you invoke spiped with different names.)

But yes, setproctitle is ugly and not likely to happen.

Colin Percival

On 4/8/23 20:33, Jared Harper wrote:
Yes, I ended up successfully escaping the square brackets before. However,
your suggestion makes me realize that my target of matching the whole
daemon+daemon_flags set is probably unnecessary, all I need to match is the
-s, which should be unique on the host.

Thanks!

P.S. I looked at `setproctitle` a bit more and realized that it's really,
_really_ un-portable so that's definitely not an option.

On Sat, Apr 8, 2023, at 7:32 PM, Graham Percival wrote:
Hi Jared,

Sorry if this seems like "too obvious" of a solution, but have you tried
escaping the square brackets with \ ?  i.e.

     pexp="${daemon} -s \[127.0.0.1\] .*"

or something like that?

I'm not familiar with rc files, so it's possible that they use a different
character for escaping, but I'm certain they have that capability somehow.

Cheers,
- Graham

On Sat, Apr 08, 2023 at 03:22:25PM -0700, Jared Harper wrote:
I have spiped running on two OpenBSD 7.2 hosts, installed via `pkg_add`,
and it works great.

The port's rc script for spiped, however, is only usable for a single
instance because it sets `pexp="${daemon} .*"`[1], which will match
every running instance of spiped.

(For those unfamiliar with `pexp`, it is the regex used to identify a
running process via `pgrep`. OpenBSD's rc system relies on this process
matching method and does not support pid files.)

I spent some time trying to configure the pexp to not be so greedy by
using the default `${daemon} ${daemon_flags}`.  This approach is
unsuccessful due to the brackets surrounding the IP address (e.g.,
`[127.0.0.1]`) becoming a regex matching list.

Some options I could use to workaround this limitation:

1) Use hostnames and no brackets; This apparently works but it limits
usefulness.

2) Manually set `pexp`; This does work but requires that I remember to
update it whenever the `daemon_flags` change. Also, across multiple
processes this becomes borderline umaintainable.

(Unfortunately, using the pidfile is a no-go because of how the rc
subroutines use `pexp` in multiple places.)

Since the primary author of spiped is a long-time contributor to
FreeBSD, and FreeBSD supports pidfiles in their rc-system[2], I want to
be clear I'm not saying that spiped does anything wrong, or that OpenBSD
is doing something right. I just want to come up with a solution that I
can contribute to the OpenBSD port so that we don't have to have this
issue.

A potential solution I can see would be to support `setproctitle(3)`[3]
via a flag, such as `--name <name>`, which could result in a process
title like `spiped: myname`.  What's the appetite for this sort of
change?

However, since I'm new to a lot of these technologies, I'm fairly
certain I've missed something obvious or easy (other than "switch to
FreeBSD" ;). Do you have any other ideas?

Thanks in advance.

[1]: https://github.com/openbsd/ports/blob/master/security/spiped/pkg/spiped.rc#L9
[2]: https://man.freebsd.org/cgi/man.cgi?rc.subr(8)
[3]: https://man.freebsd.org/cgi/man.cgi?query=setproctitle&sektion=3&format=html

-jh


--
Colin Percival
FreeBSD Deputy Release Engineer & EC2 platform maintainer
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid