fapolicyd/fapolicyd-already-started.patch

111 lines
2.8 KiB
Diff
Raw Normal View History

diff -up ./src/daemon/fapolicyd.c.already-started ./src/daemon/fapolicyd.c
--- ./src/daemon/fapolicyd.c.already-started 2023-01-12 17:40:45.366909652 +0100
+++ ./src/daemon/fapolicyd.c 2023-01-12 17:46:22.458139519 +0100
@@ -378,6 +378,58 @@ static void usage(void)
}
+int already_running(void)
+{
+ int pidfd = open(pidfile, O_RDONLY);
+ if (pidfd >= 0) {
+ char pid_buf[16];
+
+ if (fd_fgets(pid_buf, sizeof(pid_buf), pidfd)) {
+ int pid;
+ char exe_buf[80], my_path[80];
+
+ // Get our path
+ if (get_program_from_pid(getpid(),
+ sizeof(exe_buf), my_path) == NULL)
+ goto err_out; // shouldn't happen, but be safe
+
+ // convert pidfile to integer
+ errno = 0;
+ pid = strtoul(pid_buf, NULL, 10);
+ if (errno)
+ goto err_out; // shouldn't happen, but be safe
+
+ // verify it really is fapolicyd
+ if (get_program_from_pid(pid,
+ sizeof(exe_buf), exe_buf) == NULL)
+ goto good; //if pid doesn't exist, we're OK
+
+ // If the path doesn't have fapolicyd in it, we're OK
+ if (strstr(exe_buf, "fapolicyd") == NULL)
+ goto good;
+
+ if (strcmp(exe_buf, my_path) == 0)
+ goto err_out; // if the same, we need to exit
+
+ // one last sanity check in case path is unexpected
+ // for example: /sbin/fapolicyd & /home/test/fapolicyd
+ if (pid != getpid())
+ goto err_out;
+good:
+ close(pidfd);
+ unlink(pidfile);
+ return 0;
+ } else
+ msg(LOG_ERR, "fapolicyd pid file found but unreadable");
+err_out: // At this point, we have a pid file, let's just assume it's alive
+ // because if 2 are running, it deadlocks the machine
+ close(pidfd);
+ return 1;
+ }
+ return 0; // pid file doesn't exist, we're good to go
+}
+
+
int main(int argc, const char *argv[])
{
struct pollfd pfd[2];
@@ -428,6 +480,11 @@ int main(int argc, const char *argv[])
}
}
+ if (already_running()) {
+ msg(LOG_ERR, "fapolicyd is already running");
+ exit(1);
+ }
+
// Set a couple signal handlers
sa.sa_flags = 0;
sigemptyset(&sa.sa_mask);
@@ -446,9 +503,6 @@ int main(int argc, const char *argv[])
setrlimit(RLIMIT_FSIZE, &limit);
setrlimit(RLIMIT_NOFILE, &limit);
- // Set strict umask
- (void) umask( 0117 );
-
// get more time slices because everything is waiting on us
rc = nice(-config.nice_val);
if (rc == -1)
@@ -473,17 +527,20 @@ int main(int argc, const char *argv[])
exit(1);
}
- if (preconstruct_fifo(&config)) {
- msg(LOG_ERR, "Cannot contruct a pipe");
- exit(1);
- }
-
// Setup filesystem to watch list
init_fs_list(config.watch_fs);
// Write the pid file for the init system
write_pid_file();
+ // Set strict umask
+ (void) umask( 0117 );
+
+ if (preconstruct_fifo(&config)) {
+ msg(LOG_ERR, "Cannot contruct a pipe");
+ exit(1);
+ }
+
// If we are not going to be root, then setup necessary capabilities
if (config.uid != 0) {
capng_clear(CAPNG_SELECT_BOTH);