-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <signal.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <pthread.h>
-#include <sys/wait.h>
-#include <sys/stat.h>
-
#include "common.h"
-#include "appconfig.h"
-#include "log.h"
-#include "web_client.h"
-#include "plugins_d.h"
-#include "rrd.h"
-#include "popen.h"
-#include "main.h"
-#include "daemon.h"
+#include <sched.h>
char pidfile[FILENAME_MAX + 1] = "";
-void sig_handler(int signo)
+void sig_handler_exit(int signo)
+{
+ if(signo) {
+ error_log_limit_unlimited();
+ error("Received signal %d. Exiting...", signo);
+ netdata_exit = 1;
+ }
+}
+
+void sig_handler_logrotate(int signo)
{
- if(signo) {
- error_log_limit_unlimited();
- error("Received signal %d. Exiting...", signo);
- netdata_exit = 1;
- }
+ if(signo) {
+ error_log_limit_unlimited();
+ info("Received signal %d to re-open the log files", signo);
+ reopen_all_log_files();
+ error_log_limit_reset();
+ }
}
-static void properly_chown_netdata_generated_file(int fd, uid_t uid, gid_t gid) {
- if(fd == -1) return;
+void sig_handler_save(int signo)
+{
+ if(signo) {
+ error_log_limit_unlimited();
+ info("Received signal %d to save the database...", signo);
+ rrdhost_save_all();
+ error_log_limit_reset();
+ }
+}
+
+void sig_handler_reload_health(int signo)
+{
+ if(signo) {
+ error_log_limit_unlimited();
+ info("Received signal %d to reload health configuration...", signo);
+ health_reload();
+ error_log_limit_reset();
+ }
+}
- struct stat buf;
+static void chown_open_file(int fd, uid_t uid, gid_t gid) {
+ if(fd == -1) return;
- if(fstat(fd, &buf) == -1) {
- error("Cannot fstat() fd %d", fd);
- return;
- }
+ struct stat buf;
- if((buf.st_uid != uid || buf.st_gid != gid) && S_ISREG(buf.st_mode)) {
- if(fchown(fd, uid, gid) == -1)
- error("Cannot fchown() fd %d.", fd);
- }
+ if(fstat(fd, &buf) == -1) {
+ error("Cannot fstat() fd %d", fd);
+ return;
+ }
+
+ if((buf.st_uid != uid || buf.st_gid != gid) && S_ISREG(buf.st_mode)) {
+ if(fchown(fd, uid, gid) == -1)
+ error("Cannot fchown() fd %d.", fd);
+ }
}
-int become_user(const char *username, int access_fd, int output_fd, int error_fd, int pid_fd)
+void create_needed_dir(const char *dir, uid_t uid, gid_t gid)
{
- struct passwd *pw = getpwnam(username);
- if(!pw) {
- error("User %s is not present.", username);
- return -1;
- }
-
- uid_t uid = pw->pw_uid;
- gid_t gid = pw->pw_gid;
-
- int ngroups = sysconf(_SC_NGROUPS_MAX);
- gid_t *supplementary_groups = NULL;
- if(ngroups) {
- supplementary_groups = malloc(sizeof(gid_t) * ngroups);
- if(supplementary_groups) {
- if(getgrouplist(username, gid, supplementary_groups, &ngroups) == -1) {
- error("Cannot get supplementary groups of user '%s'.", username);
- free(supplementary_groups);
- supplementary_groups = NULL;
- ngroups = 0;
- }
- }
- else fatal("Cannot allocate memory for %d supplementary groups", ngroups);
- }
-
- properly_chown_netdata_generated_file(access_fd, uid, gid);
- properly_chown_netdata_generated_file(output_fd, uid, gid);
- properly_chown_netdata_generated_file(error_fd, uid, gid);
- properly_chown_netdata_generated_file(pid_fd, uid, gid);
-
- if(supplementary_groups && ngroups) {
- if(setgroups(ngroups, supplementary_groups) == -1)
- error("Cannot set supplementary groups for user '%s'", username);
-
- free(supplementary_groups);
- supplementary_groups = NULL;
- ngroups = 0;
- }
-
- if(setresgid(gid, gid, gid) != 0) {
- error("Cannot switch to user's %s group (gid: %u).", username, gid);
- return -1;
- }
-
- if(setresuid(uid, uid, uid) != 0) {
- error("Cannot switch to user %s (uid: %u).", username, uid);
- return -1;
- }
-
- if(setgid(gid) != 0) {
- error("Cannot switch to user's %s group (gid: %u).", username, gid);
- return -1;
- }
- if(setegid(gid) != 0) {
- error("Cannot effectively switch to user's %s group (gid: %u).", username, gid);
- return -1;
- }
- if(setuid(uid) != 0) {
- error("Cannot switch to user %s (uid: %u).", username, uid);
- return -1;
- }
- if(seteuid(uid) != 0) {
- error("Cannot effectively switch to user %s (uid: %u).", username, uid);
- return -1;
- }
-
- return(0);
+ // attempt to create the directory
+ if(mkdir(dir, 0755) == 0) {
+ // we created it
+
+ // chown it to match the required user
+ if(chown(dir, uid, gid) == -1)
+ error("Cannot chown directory '%s' to %u:%u", dir, (unsigned int)uid, (unsigned int)gid);
+ }
+ else if(errno != EEXIST)
+ // log an error only if the directory does not exist
+ error("Cannot create directory '%s'", dir);
+}
+
+int become_user(const char *username, int pid_fd)
+{
+ struct passwd *pw = getpwnam(username);
+ if(!pw) {
+ error("User %s is not present.", username);
+ return -1;
+ }
+
+ uid_t uid = pw->pw_uid;
+ gid_t gid = pw->pw_gid;
+
+ create_needed_dir(netdata_configured_cache_dir, uid, gid);
+ create_needed_dir(netdata_configured_varlib_dir, uid, gid);
+
+ if(pidfile[0]) {
+ if(chown(pidfile, uid, gid) == -1)
+ error("Cannot chown '%s' to %u:%u", pidfile, (unsigned int)uid, (unsigned int)gid);
+ }
+
+ int ngroups = (int)sysconf(_SC_NGROUPS_MAX);
+ gid_t *supplementary_groups = NULL;
+ if(ngroups) {
+ supplementary_groups = mallocz(sizeof(gid_t) * ngroups);
+ if(getgrouplist(username, gid, supplementary_groups, &ngroups) == -1) {
+ error("Cannot get supplementary groups of user '%s'.", username);
+ freez(supplementary_groups);
+ supplementary_groups = NULL;
+ ngroups = 0;
+ }
+ }
+
+ chown_open_file(STDOUT_FILENO, uid, gid);
+ chown_open_file(STDERR_FILENO, uid, gid);
+ chown_open_file(stdaccess_fd, uid, gid);
+ chown_open_file(pid_fd, uid, gid);
+
+ if(supplementary_groups && ngroups) {
+ if(setgroups(ngroups, supplementary_groups) == -1)
+ error("Cannot set supplementary groups for user '%s'", username);
+
+ freez(supplementary_groups);
+ ngroups = 0;
+ }
+
+#ifdef __APPLE__
+ if(setregid(gid, gid) != 0) {
+#else
+ if(setresgid(gid, gid, gid) != 0) {
+#endif /* __APPLE__ */
+ error("Cannot switch to user's %s group (gid: %u).", username, gid);
+ return -1;
+ }
+
+#ifdef __APPLE__
+ if(setreuid(uid, uid) != 0) {
+#else
+ if(setresuid(uid, uid, uid) != 0) {
+#endif /* __APPLE__ */
+ error("Cannot switch to user %s (uid: %u).", username, uid);
+ return -1;
+ }
+
+ if(setgid(gid) != 0) {
+ error("Cannot switch to user's %s group (gid: %u).", username, gid);
+ return -1;
+ }
+ if(setegid(gid) != 0) {
+ error("Cannot effectively switch to user's %s group (gid: %u).", username, gid);
+ return -1;
+ }
+ if(setuid(uid) != 0) {
+ error("Cannot switch to user %s (uid: %u).", username, uid);
+ return -1;
+ }
+ if(seteuid(uid) != 0) {
+ error("Cannot effectively switch to user %s (uid: %u).", username, uid);
+ return -1;
+ }
+
+ return(0);
+}
+
+static void oom_score_adj(void) {
+ int score = (int)config_get_number(CONFIG_SECTION_GLOBAL, "OOM score", 1000);
+
+ int done = 0;
+ int fd = open("/proc/self/oom_score_adj", O_WRONLY);
+ if(fd != -1) {
+ char buf[10 + 1];
+ ssize_t len = snprintfz(buf, 10, "%d", score);
+ if(len > 0 && write(fd, buf, (size_t)len) == len) done = 1;
+ close(fd);
+ }
+
+ if(!done)
+ error("Cannot adjust my Out-Of-Memory score to %d.", score);
+ else
+ debug(D_SYSTEM, "Adjusted my Out-Of-Memory score to %d.", score);
+}
+
+static void process_nice_level(void) {
+#ifdef HAVE_NICE
+ int nice_level = (int)config_get_number(CONFIG_SECTION_GLOBAL, "process nice level", 19);
+ if(nice(nice_level) == -1) error("Cannot set netdata CPU nice level to %d.", nice_level);
+ else debug(D_SYSTEM, "Set netdata nice level to %d.", nice_level);
+#endif // HAVE_NICE
+};
+
+#ifdef HAVE_SCHED_SETSCHEDULER
+
+#define SCHED_FLAG_NONE 0x00
+#define SCHED_FLAG_PRIORITY_CONFIGURABLE 0x01 // the priority is user configurable
+#define SCHED_FLAG_KEEP_AS_IS 0x04 // do not attempt to set policy, priority or nice()
+#define SCHED_FLAG_USE_NICE 0x08 // use nice() after setting this policy
+
+struct sched_def {
+ char *name;
+ int policy;
+ int priority;
+ uint8_t flags;
+} scheduler_defaults[] = {
+
+ // the order of array members is important!
+ // the first defined is the default used by netdata
+
+ // the available members are important too!
+ // these are all the possible scheduling policies supported by netdata
+
+#ifdef SCHED_IDLE
+ { "idle", SCHED_IDLE, 0, SCHED_FLAG_NONE },
+#endif
+
+#ifdef SCHED_OTHER
+ { "nice", SCHED_OTHER, 0, SCHED_FLAG_USE_NICE },
+ { "other", SCHED_OTHER, 0, SCHED_FLAG_USE_NICE },
+#endif
+
+#ifdef SCHED_RR
+ { "rr", SCHED_RR, 0, SCHED_FLAG_PRIORITY_CONFIGURABLE },
+#endif
+
+#ifdef SCHED_FIFO
+ { "fifo", SCHED_FIFO, 0, SCHED_FLAG_PRIORITY_CONFIGURABLE },
+#endif
+
+#ifdef SCHED_BATCH
+ { "batch", SCHED_BATCH, 0, SCHED_FLAG_USE_NICE },
+#endif
+
+ // do not change the scheduling priority
+ { "keep", 0, 0, SCHED_FLAG_KEEP_AS_IS },
+ { "none", 0, 0, SCHED_FLAG_KEEP_AS_IS },
+
+ // array termination
+ { NULL, 0, 0, 0 }
+};
+
+static void sched_setscheduler_set(void) {
+
+ if(scheduler_defaults[0].name) {
+ const char *name = scheduler_defaults[0].name;
+ int policy = scheduler_defaults[0].policy, priority = scheduler_defaults[0].priority;
+ uint8_t flags = scheduler_defaults[0].flags;
+ int found = 0;
+
+ // read the configuration
+ name = config_get(CONFIG_SECTION_GLOBAL, "process scheduling policy", name);
+ int i;
+ for(i = 0 ; scheduler_defaults[i].name ; i++) {
+ if(!strcmp(name, scheduler_defaults[i].name)) {
+ found = 1;
+ priority = scheduler_defaults[i].priority;
+ flags = scheduler_defaults[i].flags;
+
+ if(flags & SCHED_FLAG_KEEP_AS_IS)
+ return;
+
+ if(flags & SCHED_FLAG_PRIORITY_CONFIGURABLE)
+ priority = (int)config_get_number(CONFIG_SECTION_GLOBAL, "process scheduling priority", priority);
+
+#ifdef HAVE_SCHED_GET_PRIORITY_MIN
+ if(priority < sched_get_priority_min(policy)) {
+ error("scheduler %s priority %d is below the minimum %d. Using the minimum.", name, priority, sched_get_priority_min(policy));
+ priority = sched_get_priority_min(policy);
+ }
+#endif
+#ifdef HAVE_SCHED_GET_PRIORITY_MAX
+ if(priority > sched_get_priority_max(policy)) {
+ error("scheduler %s priority %d is above the maximum %d. Using the maximum.", name, priority, sched_get_priority_max(policy));
+ priority = sched_get_priority_max(policy);
+ }
+#endif
+ break;
+ }
+ }
+
+ if(!found) {
+ error("Unknown scheduling policy %s - falling back to nice()", name);
+ goto fallback;
+ }
+
+ const struct sched_param param = {
+ .sched_priority = priority
+ };
+
+ i = sched_setscheduler(0, policy, ¶m);
+ if(i != 0) {
+ error("Cannot adjust netdata scheduling policy to %s (%d), with priority %d. Falling back to nice", name, policy, priority);
+ }
+ else {
+ debug(D_SYSTEM, "Adjusted netdata scheduling policy to %s (%d), with priority %d.", name, policy, priority);
+ if(!(flags & SCHED_FLAG_USE_NICE))
+ return;
+ }
+ }
+
+fallback:
+ process_nice_level();
}
+#else
+static void sched_setscheduler_set(void) {
+ process_nice_level();
+}
+#endif
-int become_daemon(int dont_fork, int close_all_files, const char *user, const char *input, const char *output, const char *error, const char *access, int *access_fd, FILE **access_fp)
+int become_daemon(int dont_fork, const char *user)
{
- fflush(NULL);
-
- // open the files before forking
- int input_fd = -1, output_fd = -1, error_fd = -1, dev_null;
-
- if(input && *input) {
- if((input_fd = open(input, O_RDONLY, 0666)) == -1) {
- error("Cannot open input file '%s'.", input);
- return -1;
- }
- }
-
- if(output && *output && strcmp(output, "/dev/null") != 0) {
- if((output_fd = open(output, O_RDWR | O_APPEND | O_CREAT, 0666)) == -1) {
- error("Cannot open output log file '%s'", output);
- if(input_fd != -1) close(input_fd);
- return -1;
- }
- }
-
- if(error && *error && strcmp(error, "/dev/null") != 0) {
- if((error_fd = open(error, O_RDWR | O_APPEND | O_CREAT, 0666)) == -1) {
- error("Cannot open error log file '%s'.", error);
- if(input_fd != -1) close(input_fd);
- if(output_fd != -1) close(output_fd);
- return -1;
- }
- }
-
- if(access && *access && access_fd && strcmp(access, "/dev/null") != 0) {
- if((*access_fd = open(access, O_RDWR | O_APPEND | O_CREAT, 0666)) == -1) {
- error("Cannot open access log file '%s'", access);
- if(input_fd != -1) close(input_fd);
- if(output_fd != -1) close(output_fd);
- if(error_fd != -1) close(error_fd);
- return -1;
- }
-
- if(access_fp) {
- *access_fp = fdopen(*access_fd, "w");
- if(!*access_fp) {
- error("Cannot migrate file's '%s' fd %d.", access, *access_fd);
- if(input_fd != -1) close(input_fd);
- if(output_fd != -1) close(output_fd);
- if(error_fd != -1) close(error_fd);
- close(*access_fd);
- *access_fd = -1;
- return -1;
- }
- if(setvbuf(*access_fp, NULL, _IOLBF, 0) != 0)
- error("Cannot set line buffering on access.log");
- }
- }
-
- if((dev_null = open("/dev/null", O_RDWR, 0666)) == -1) {
- perror("Cannot open /dev/null");
- if(input_fd != -1) close(input_fd);
- if(output_fd != -1) close(output_fd);
- if(error_fd != -1) close(error_fd);
- if(access && access_fd && *access_fd != -1) {
- close(*access_fd);
- *access_fd = -1;
- if(access_fp) {
- fclose(*access_fp);
- *access_fp = NULL;
- }
- }
- return -1;
- }
-
- // all files opened
- // lets do it
-
- if(!dont_fork) {
- int i = fork();
- if(i == -1) {
- perror("cannot fork");
- exit(1);
- }
- if(i != 0) {
- exit(0); // the parent
- }
-
- // become session leader
- if (setsid() < 0) {
- perror("Cannot become session leader.");
- exit(2);
- }
- }
-
- // fork() again
- if(!dont_fork) {
- int i = fork();
- if(i == -1) {
- perror("cannot fork");
- exit(1);
- }
- if(i != 0) {
- exit(0); // the parent
- }
- }
-
- // Set new file permissions
- umask(0);
-
- // close all files
- if(close_all_files) {
- int i;
- for(i = (int) (sysconf(_SC_OPEN_MAX) - 1); i > 0; i--)
- if(
- ((access_fd && i != *access_fd) || !access_fd)
- && i != dev_null
- && i != input_fd
- && i != output_fd
- && i != error_fd
- && fd_is_valid(i)
- ) close(i);
- }
- else {
- close(STDIN_FILENO);
- close(STDOUT_FILENO);
- close(STDERR_FILENO);
- }
-
- // put the opened files
- // to our standard file descriptors
- if(input_fd != -1) {
- if(input_fd != STDIN_FILENO) {
- dup2(input_fd, STDIN_FILENO);
- close(input_fd);
- }
- input_fd = -1;
- }
- else dup2(dev_null, STDIN_FILENO);
-
- if(output_fd != -1) {
- if(output_fd != STDOUT_FILENO) {
- dup2(output_fd, STDOUT_FILENO);
- close(output_fd);
- }
-
- if(setvbuf(stdout, NULL, _IOLBF, 0) != 0)
- error("Cannot set line buffering on debug.log");
-
- output_fd = STDOUT_FILENO;
- }
- else dup2(dev_null, STDOUT_FILENO);
-
- if(error_fd != -1) {
- if(error_fd != STDERR_FILENO) {
- dup2(error_fd, STDERR_FILENO);
- close(error_fd);
- }
-
- if(setvbuf(stderr, NULL, _IOLBF, 0) != 0)
- error("Cannot set line buffering on error.log");
-
- error_fd = STDERR_FILENO;
- }
- else dup2(dev_null, STDERR_FILENO);
-
- // close /dev/null
- if(dev_null != STDIN_FILENO && dev_null != STDOUT_FILENO && dev_null != STDERR_FILENO)
- close(dev_null);
-
- // generate our pid file
- int pidfd = -1;
- if(pidfile[0]) {
- pidfd = open(pidfile, O_RDWR | O_CREAT, 0644);
- if(pidfd >= 0) {
- if(ftruncate(pidfd, 0) != 0)
- error("Cannot truncate pidfile '%s'.", pidfile);
-
- char b[100];
- sprintf(b, "%d\n", getpid());
- ssize_t i = write(pidfd, b, strlen(b));
- if(i <= 0)
- error("Cannot write pidfile '%s'.", pidfile);
- }
- else error("Failed to open pidfile '%s'.", pidfile);
- }
-
- if(user && *user) {
- if(become_user(user, (access_fd)?*access_fd:-1, output_fd, error_fd, pidfd) != 0) {
- error("Cannot become user '%s'. Continuing as we are.", user);
- }
- else info("Successfully became user '%s'.", user);
- }
-
- if(pidfd != -1) {
- close(pidfd);
- pidfd = -1;
- }
-
- return(0);
+ if(!dont_fork) {
+ int i = fork();
+ if(i == -1) {
+ perror("cannot fork");
+ exit(1);
+ }
+ if(i != 0) {
+ exit(0); // the parent
+ }
+
+ // become session leader
+ if (setsid() < 0) {
+ perror("Cannot become session leader.");
+ exit(2);
+ }
+
+ // fork() again
+ i = fork();
+ if(i == -1) {
+ perror("cannot fork");
+ exit(1);
+ }
+ if(i != 0) {
+ exit(0); // the parent
+ }
+ }
+
+ // generate our pid file
+ int pidfd = -1;
+ if(pidfile[0]) {
+ pidfd = open(pidfile, O_WRONLY | O_CREAT, 0644);
+ if(pidfd >= 0) {
+ if(ftruncate(pidfd, 0) != 0)
+ error("Cannot truncate pidfile '%s'.", pidfile);
+
+ char b[100];
+ sprintf(b, "%d\n", getpid());
+ ssize_t i = write(pidfd, b, strlen(b));
+ if(i <= 0)
+ error("Cannot write pidfile '%s'.", pidfile);
+ }
+ else error("Failed to open pidfile '%s'.", pidfile);
+ }
+
+ // Set new file permissions
+ umask(0007);
+
+ // adjust my Out-Of-Memory score
+ oom_score_adj();
+
+ // never become a problem
+ sched_setscheduler_set();
+
+ if(user && *user) {
+ if(become_user(user, pidfd) != 0) {
+ error("Cannot become user '%s'. Continuing as we are.", user);
+ }
+ else debug(D_SYSTEM, "Successfully became user '%s'.", user);
+ }
+ else {
+ create_needed_dir(netdata_configured_cache_dir, getuid(), getgid());
+ create_needed_dir(netdata_configured_varlib_dir, getuid(), getgid());
+ }
+
+ if(pidfd != -1)
+ close(pidfd);
+
+ return(0);
}
projects / netdata.git / blobdiff