startup: open /dev/null before chroot
before people had to create a /dev/null inside the chroot to make redirection work.
This commit is contained in:
Florian Westphal
parent
01e40f4b55
commit
a02bc9cc6f
|
|
@ -67,7 +67,7 @@ static void Pidfile_Delete PARAMS(( void ));
|
||||||
|
|
||||||
static void Fill_Version PARAMS(( void ));
|
static void Fill_Version PARAMS(( void ));
|
||||||
|
|
||||||
static void Setup_FDStreams PARAMS(( void ));
|
static void Setup_FDStreams PARAMS(( int fd ));
|
||||||
|
|
||||||
static bool NGIRCd_Init PARAMS(( bool ));
|
static bool NGIRCd_Init PARAMS(( bool ));
|
||||||
|
|
||||||
|
|
@ -646,27 +646,16 @@ Pidfile_Create(pid_t pid)
|
||||||
* Redirect stdin, stdout and stderr to apropriate file handles.
|
* Redirect stdin, stdout and stderr to apropriate file handles.
|
||||||
*/
|
*/
|
||||||
static void
|
static void
|
||||||
Setup_FDStreams( void )
|
Setup_FDStreams(int fd)
|
||||||
{
|
{
|
||||||
int fd;
|
if (fd < 0)
|
||||||
|
|
||||||
/* Test if we can open /dev/null for reading and writing. If not
|
|
||||||
* we are most probably chrooted already and the server has been
|
|
||||||
* restarted. So we simply don't try to redirect stdXXX ... */
|
|
||||||
fd = open( "/dev/null", O_RDWR );
|
|
||||||
if ( fd < 0 ) {
|
|
||||||
Log(LOG_WARNING, "Could not open /dev/null: %s", strerror(errno));
|
|
||||||
return;
|
return;
|
||||||
}
|
|
||||||
|
|
||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
fflush(stderr);
|
fflush(stderr);
|
||||||
|
|
||||||
/* Create new stdin(0), stdout(1) and stderr(2) descriptors */
|
/* Create new stdin(0), stdout(1) and stderr(2) descriptors */
|
||||||
dup2( fd, 0 ); dup2( fd, 1 ); dup2( fd, 2 );
|
dup2( fd, 0 ); dup2( fd, 1 ); dup2( fd, 2 );
|
||||||
|
|
||||||
/* Close newly opened file descriptor if not stdin/out/err */
|
|
||||||
if( fd > 2 ) close( fd );
|
|
||||||
} /* Setup_FDStreams */
|
} /* Setup_FDStreams */
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -709,12 +698,19 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
|
||||||
bool chrooted = false;
|
bool chrooted = false;
|
||||||
struct passwd *pwd;
|
struct passwd *pwd;
|
||||||
struct group *grp;
|
struct group *grp;
|
||||||
int real_errno;
|
int real_errno, fd = -1;
|
||||||
pid_t pid;
|
pid_t pid;
|
||||||
|
|
||||||
if (initialized)
|
if (initialized)
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
|
if (!NGIRCd_NoDaemon) {
|
||||||
|
/* open /dev/null before chroot() */
|
||||||
|
fd = open( "/dev/null", O_RDWR);
|
||||||
|
if (fd < 0)
|
||||||
|
Log(LOG_WARNING, "Could not open /dev/null: %s", strerror(errno));
|
||||||
|
}
|
||||||
|
|
||||||
if (!ConnSSL_InitLibrary())
|
if (!ConnSSL_InitLibrary())
|
||||||
Log(LOG_WARNING,
|
Log(LOG_WARNING,
|
||||||
"Warning: Error during SSL initialization, continuing ...");
|
"Warning: Error during SSL initialization, continuing ...");
|
||||||
|
|
@ -722,15 +718,14 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
|
||||||
if( Conf_Chroot[0] ) {
|
if( Conf_Chroot[0] ) {
|
||||||
if( chdir( Conf_Chroot ) != 0 ) {
|
if( chdir( Conf_Chroot ) != 0 ) {
|
||||||
Log( LOG_ERR, "Can't chdir() in ChrootDir (%s): %s", Conf_Chroot, strerror( errno ));
|
Log( LOG_ERR, "Can't chdir() in ChrootDir (%s): %s", Conf_Chroot, strerror( errno ));
|
||||||
return false;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
if( chroot( Conf_Chroot ) != 0 ) {
|
if( chroot( Conf_Chroot ) != 0 ) {
|
||||||
if (errno != EPERM) {
|
if (errno != EPERM) {
|
||||||
Log( LOG_ERR, "Can't change root directory to \"%s\": %s",
|
Log( LOG_ERR, "Can't change root directory to \"%s\": %s",
|
||||||
Conf_Chroot, strerror( errno ));
|
Conf_Chroot, strerror( errno ));
|
||||||
|
goto out;
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
chrooted = true;
|
chrooted = true;
|
||||||
|
|
@ -744,7 +739,7 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
|
||||||
if (! NGIRCd_getNobodyID(&Conf_UID, &Conf_GID)) {
|
if (! NGIRCd_getNobodyID(&Conf_UID, &Conf_GID)) {
|
||||||
Log(LOG_WARNING, "Could not get user/group ID of user \"nobody\": %s",
|
Log(LOG_WARNING, "Could not get user/group ID of user \"nobody\": %s",
|
||||||
errno ? strerror(errno) : "not found" );
|
errno ? strerror(errno) : "not found" );
|
||||||
return false;
|
goto out;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -754,7 +749,7 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
|
||||||
real_errno = errno;
|
real_errno = errno;
|
||||||
Log( LOG_ERR, "Can't change group ID to %u: %s", Conf_GID, strerror( errno ));
|
Log( LOG_ERR, "Can't change group ID to %u: %s", Conf_GID, strerror( errno ));
|
||||||
if (real_errno != EPERM)
|
if (real_errno != EPERM)
|
||||||
return false;
|
goto out;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -764,7 +759,7 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
|
||||||
real_errno = errno;
|
real_errno = errno;
|
||||||
Log(LOG_ERR, "Can't change user ID to %u: %s", Conf_UID, strerror(errno));
|
Log(LOG_ERR, "Can't change user ID to %u: %s", Conf_UID, strerror(errno));
|
||||||
if (real_errno != EPERM)
|
if (real_errno != EPERM)
|
||||||
return false;
|
goto out;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -797,7 +792,11 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
|
||||||
strerror(errno));
|
strerror(errno));
|
||||||
|
|
||||||
/* Detach stdin, stdout and stderr */
|
/* Detach stdin, stdout and stderr */
|
||||||
Setup_FDStreams( );
|
Setup_FDStreams(fd);
|
||||||
|
if (fd > 2) {
|
||||||
|
close(fd);
|
||||||
|
fd = -1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
pid = getpid();
|
pid = getpid();
|
||||||
|
|
||||||
|
|
@ -838,6 +837,10 @@ NGIRCd_Init( bool NGIRCd_NoDaemon )
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
out:
|
||||||
|
if (fd > 2)
|
||||||
|
close(fd);
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* -eof- */
|
/* -eof- */
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue