Update ChangeLog

Prior to this change, we were logging unexpected terminations of daemons
we were supervising at the info level. This change moves the logs to
warnings.

Makefile.inc

@@ -1,3 +1,3 @@
 NAME=		openrc
-VERSION=	0.28
+VERSION=	0.33.1
 PKG=		${NAME}-${VERSION}

NEWS.md

@@ -3,6 +3,21 @@
 This file will contain a list of notable changes for each release. Note
 the information in this file is in reverse order.
 
+## OpenRC 0.33
+
+This version removes the "service" binary which was just a copy of
+"rc-service" provided for compatibility.
+
+If you still need the "service" binary, as opposed to "rc-service", it is
+recommended that you use something like Debian's init-system-helpers.
+Otherwise, just use "rc-service" in place of "service".
+
+## OpenRC 0.31
+
+This version adds support for Control Groups version 2, which is
+considered stable as of Linux-4.13. Please see /etc/rc.conf for
+documentation on how to configure control groups.
+
 ## OpenRC-0.28
 
 This version mounts efivars read only due to concerns about changes in

conf.d/agetty

@@ -1,3 +1,6 @@
+# make agetty quiet
+#quiet="yes"
+
 # Set the baud rate of the terminal line
 #baud=""
 

conf.d/localmount

@@ -3,7 +3,7 @@
 #no_umounts="/dir1:/var/dir2"
 #
 # Mark certain mount points as critical.
-# This contains aspace separated list of mount points which should be
+# This contains a space separated list of mount points which should be
 # considered critical. If one of these mount points cannot be mounted,
 # localmount will fail.
 # By default, this is empty.

etc/rc.conf

@@ -191,13 +191,43 @@ rc_tty_number=12
 ##############################################################################
 # LINUX CGROUPS RESOURCE MANAGEMENT
 
-# If you have cgroups turned on in your kernel, this switch controls
-# whether or not a group for each controller is mounted under
-# /sys/fs/cgroup.
-# None of the other options in this section work if this is set to "NO".
+# This sets the mode used to mount cgroups.
+# "hybrid" mounts cgroups version 2 on /sys/fs/cgroup/unified and
+# cgroups version 1 on /sys/fs/cgroup.
+# "legacy" mounts cgroups version 1 on /sys/fs/cgroup
+# "unified" mounts cgroups version 2 on /sys/fs/cgroup
+#rc_cgroup_mode="hybrid"
+
+# This is a list of controllers which should be enabled for cgroups version 2.
+# If hybrid mode is being used, controllers listed here will not be
+# available for cgroups version 1.
+# This is a global setting.
+#rc_cgroup_controllers=""
+
+# This variable contains the cgroups version 2 settings for your services.
+# If this is set in this file, the settings will apply to all services.
+# If you want different settings for each service, place the settings in
+# /etc/conf.d/foo for service foo.
+# The format is to specify the setting and value followed by a newline.
+# Multiple settings and values can be specified.
+# For example, you would use this to set the maximum memory and maximum
+# number of pids for a service.
+#rc_cgroup_settings="
+#memory.max 10485760
+#pids.max max
+#"
+#
+# For more information about the adjustments that can be made with
+# cgroups version 2, see Documentation/cgroups-v2.txt in the linux kernel
+# source tree.
+#rc_cgroup_settings=""
+
+# This switch controls whether or not cgroups version 1 controllers are
+# individually mounted under
+# /sys/fs/cgroup in hybrid or legacy mode.
 #rc_controller_cgroups="YES"
 
-# The following settings allow you to set up values for the cgroup
+# The following settings allow you to set up values for the cgroups version 1
 # controllers for your services.
 # They can be set in this file;, however, if you do this, the settings
 # will apply to all of your services.
@@ -211,8 +241,9 @@ rc_tty_number=12
 # cpu.shares 512
 # "
 #
-#For more information about the adjustments that can be made with
-#cgroups, see Documentation/cgroups/* in the linux kernel source tree.
+# For more information about the adjustments that can be made with
+# cgroups version 1, see Documentation/cgroups-v1/* in the linux kernel
+# source tree.
 
 # Set the blkio controller settings for this service.
 #rc_cgroup_blkio=""
@@ -246,10 +277,33 @@ rc_tty_number=12
 
 # Set this to YES if you want all of the processes in a service's cgroup
 # killed when the service is stopped or restarted.
-# This should not be set globally because it kills all of the service's
-# child processes, and most of the time this is undesirable. Please set
-# it in /etc/conf.d/<service>.
+# Be aware that setting this to yes means all of a service's
+# child processes will be killed. Keep this in mind if you set this to
+# yes here instead of for the individual services in
+# /etc/conf.d/<service>.
 # To perform this cleanup manually for a stopped service, you can
 # execute cgroup_cleanup with /etc/init.d/<service> cgroup_cleanup or
 # rc-service <service> cgroup_cleanup.
+# The process followed in this cleanup is the following:
+# 1. send stopsig (sigterm if it isn't set) to all processes left in the
+# cgroup immediately followed by sigcont.
+# 2. Send sighup to all processes in the cgroup if rc_send_sighup is
+# yes.
+# 3. delay for rc_timeout_stopsec seconds.
+# 4. send sigkill to all processes in the cgroup unless disabled by
+# setting rc_send_sigkill to no.
 # rc_cgroup_cleanup="NO"
+
+# If this is yes, we will send sighup to the processes in the cgroup
+# immediately after stopsig and sigcont.
+#rc_send_sighup="NO"
+
+# This is the amount of time in seconds that we delay after sending sigcont
+# and optionally sighup, before we optionally send sigkill to all
+# processes in the # cgroup.
+# The default is 90 seconds.
+#rc_timeout_stopsec="90"
+
+# If this is set to no, we do not send sigkill to all processes in the
+# cgroup.
+#rc_send_sigkill="YES"

guide.md

@@ -53,9 +53,6 @@ Calling `openrc` without any arguments will try to reset all services so
 that the current runlevel is satisfied; if you manually started apache it will be 
 stopped, and if squid died but is in the current runlevel it'll be restarted.
 
-There is a `service` helper that emulates the syntax seen on e.g. older Redhat
-and Ubuntu (`service nginx start` etc.)
-
 # Runlevels
 
 OpenRC has a concept of runlevels, similar to what sysvinit historically 
@@ -241,17 +238,36 @@ messages to a file), and a few others.
 
 # ulimit and CGroups
 
-Setting `ulimit` and `nice` values per service can be done through the `rc_ulimit`
-variable.
+Setting `ulimit` and `nice` values per service can be done through the
+`rc_ulimit` variable.
 
-Under Linux, OpenRC can optionally use CGroups for process management.
-By default each service script's processes are migrated to their own CGroup.
+Under Linux, OpenRC can use cgroups for process management as well. Once
+the kernel is configured appropriately, the `rc_cgroup_mode` setting in
+/etc/rc.conf should be used to control whether cgroups version one,,
+two, or both are used. The default is to use both if they are available.
+
+By changing certain settings in the service's `conf.d` file limits can be
+enforced per service. These settings are documented in detail in the
+default /etc/rc.conf under `LINUX CGROUPS RESOURCE MANAGEMENT`.
+
+# Dealing with Orphaned Processes
+
+It is possible to get into a state where there are orphaned processes
+running which were part of a service. For example, if you are monitoring
+a service with supervise-daemon and supervise-daemon dies for an unknown
+reason. The way to deal with this will be different for each system.
+
+On Linux systems with cgroups enabled, the cgroup_cleanup command is
+added to all services. You can run it manually, when the service is
+stopped, by using:
+
+```
+# rc-service someservice cgroup_cleanup
+```
+
+The `rc_cgroup_cleanup` setting can be changed to yes to make this
+happen automatically when the service is stopped.
 
-By changing certain values in the `conf.d` file limits can be enforced per 
-service. It is easy to find orphan processes of a service that persist after 
-`stop()`, but by default these will NOT be terminated.
-To change this add `rc_cgroup_cleanup="yes"` in the `conf.d` files for services 
-where you desire this functionality.
 
 # Caching
 

init.d/agetty.in

@@ -16,6 +16,7 @@ term_type="${term_type:-linux}"
 command=/sbin/agetty
 command_args_foreground="${agetty_options} ${port} ${baud} ${term_type}"
 pidfile="/run/${RC_SVCNAME}.pid"
+export EINFO_QUIET="${quiet:-yes}"
 
 depend() {
 	after local

init.d/staticroute.in

@@ -1,4 +1,4 @@
-S#!@BINDIR@/openrc-run
+#!@SBINDIR@/openrc-run
 # Copyright (c) 2009-2015 The OpenRC Authors.
 # See the Authors file at the top-level directory of this distribution and
 # https://github.com/OpenRC/openrc/blob/master/AUTHORS

init.d/sysfs.in

@@ -107,39 +107,114 @@ mount_misc()
 	fi
 }
 
-mount_cgroups()
+cgroup1_base()
 {
-	# set up kernel support for cgroups
-	if [ -d /sys/fs/cgroup ] && ! mountinfo -q /sys/fs/cgroup; then
-		if grep -qs cgroup /proc/filesystems; then
-			ebegin "Mounting cgroup filesystem"
-			local opts="${sysfs_opts},mode=755,size=${rc_cgroupsize:-10m}"
-			mount -n -t tmpfs -o ${opts} cgroup_root /sys/fs/cgroup
-			eend $?
-		fi
+	grep -qw cgroup /proc/filesystems || return 0
+	if ! mountinfo -q /sys/fs/cgroup; then
+		ebegin "Mounting cgroup filesystem"
+		local opts="${sysfs_opts},mode=755,size=${rc_cgroupsize:-10m}"
+		mount -n -t tmpfs -o "${opts}" cgroup_root /sys/fs/cgroup
+		eend $?
 	fi
 
-	mountinfo -q /sys/fs/cgroup || return 0
-
 	if ! mountinfo -q /sys/fs/cgroup/openrc; then
-		local agent="@LIBEXECDIR@/sh/cgroup-release-agent.sh"
+		local agent="${RC_LIBEXECDIR}/sh/cgroup-release-agent.sh"
 		mkdir /sys/fs/cgroup/openrc
 		mount -n -t cgroup \
 			-o none,${sysfs_opts},name=openrc,release_agent="$agent" \
 			openrc /sys/fs/cgroup/openrc
 		printf 1 > /sys/fs/cgroup/openrc/notify_on_release
 	fi
+	return 0
+}
 
-	yesno ${rc_controller_cgroups:-YES} && [ -e /proc/cgroups ] || return 0
-	while read name hier groups enabled rest; do
+cgroup1_controllers()
+{
+	yesno "${rc_controller_cgroups:-YES}" && [ -e /proc/cgroups ] || return 0
+	while read -r name _ _ enabled rest; do
 		case "${enabled}" in
-			1)	mountinfo -q /sys/fs/cgroup/${name} && continue
-				mkdir /sys/fs/cgroup/${name}
-				mount -n -t cgroup -o ${sysfs_opts},${name} \
-					${name} /sys/fs/cgroup/${name}
+			1)	mountinfo -q "/sys/fs/cgroup/${name}" && continue
+				local x
+				for x in $rc_cgroup_controllers; do
+				[ "${name}" = "blkio" ] && [ "${x}" = "io" ] &&
+					continue 2
+				[ "${name}" = "${x}" ] &&
+				continue 2
+				done
+				mkdir "/sys/fs/cgroup/${name}"
+				mount -n -t cgroup -o "${sysfs_opts},${name}" \
+					"${name}" "/sys/fs/cgroup/${name}"
 				;;
 		esac
 	done < /proc/cgroups
+	return 0
+}
+
+cgroup2_base()
+{
+	local base
+	base="$(cgroup2_find_path)"
+	mkdir -p "${base}"
+	mount -t cgroup2 none -o "${sysfs_opts},nsdelegate" "${base}" 2> /dev/null ||
+		mount -t cgroup2 none -o "${sysfs_opts}" "${base}"
+	return 0
+}
+
+cgroup2_controllers()
+{
+	local active cgroup_path x y
+	cgroup_path="$(cgroup2_find_path)"
+	[ -z "${cgroup_path}" ] && return 0
+	[ -e "${cgroup_path}/cgroup.controllers" ] &&
+	read -r active < "${cgroup_path}/cgroup.controllers"
+	for x in ${rc_cgroup_controllers}; do
+		for y in ${active}; do
+		[ "$x" = "$y" ] &&
+			[ -e "${cgroup_path}/cgroup.subtree_control" ]&&
+			echo "+${x}"  > "${cgroup_path}/cgroup.subtree_control"
+		done
+	done
+	return 0
+}
+
+cgroups_hybrid()
+{
+	grep -qw cgroup /proc/filesystems || return 0
+	cgroup1_base
+	if grep -qw cgroup2 /proc/filesystems; then
+		cgroup2_base
+		cgroup2_controllers
+	fi
+	cgroup1_controllers
+	return 0
+}
+
+cgroups_legacy()
+{
+	grep -qw cgroup /proc/filesystems || return 0
+	cgroup1_base
+	cgroup1_controllers
+	return 0
+}
+
+cgroups_unified()
+{
+	cgroup2_base
+	cgroup2_controllers
+	return 0
+}
+
+mount_cgroups()
+{
+	# set up kernel support for cgroups
+	if [ -d /sys/fs/cgroup ]; then
+		case "${rc_cgroup_mode:-hybrid}" in
+		hybrid) cgroups_hybrid ;;
+		legacy) cgroups_legacy ;;
+		unified) cgroups_unified ;;
+		esac
+	fi
+	return 0
 }
 
 restorecon_sys()

man/Makefile

@@ -6,7 +6,7 @@ MAN3=		einfo.3 \
 		rc_config.3 rc_deptree.3 rc_find_pids.3 rc_plugin_hook.3 \
 		rc_runlevel.3 rc_service.3 rc_stringlist.3
 MAN8=		rc-service.8 rc-status.8 rc-update.8 openrc.8 openrc-run.8 \
-		service.8 start-stop-daemon.8 supervise-daemon.8
+		start-stop-daemon.8 supervise-daemon.8
 
 ifeq (${OS},Linux)
 MAN8 += rc-sstat.8 openrc-init.8 openrc-shutdown.8

man/openrc-run.8

@@ -217,8 +217,10 @@ that dependency type to the function, or prefix the names with ! to
 remove them from the dependencies.
 .Bl -tag -width "RC_DEFAULTLEVEL"
 .It Ic need
-The service will refuse to start until needed services have started and it
-will refuse to stop until any services that need it have stopped.
+The service will attempt to start any services it needs regardless of
+whether they have been added to the runlevel. It will refuse to start
+until all services it needs have started, and it will refuse to stop until all
+services that need it have stopped.
 .It Ic use
 The service will attempt to start any services it uses that have been added
 to the runlevel.
@@ -284,6 +286,18 @@ system.
 To see how to influence dependencies in configuration files, see the
 .Sx FILES
 section below.
+.Sh _pre AND _post FUNCTIONS
+Any command defined in extra_commands, extra_started_commands or
+extra_stopped_commands can have _pre and _post functions in the service
+script. If the command function is called foo, the_pre and _post
+functions for it should be called foo_pre and foo_post.
+.Pp
+These functions should be used to perform preparation before the
+command is run and cleanup after the command completes. In order for
+.Nm
+to record the command as being run successfully, the _pre
+function, command function itself and the _post function should all exit
+with a zero return code.
 .Sh BUILTINS
 .Nm
 defines some builtin functions that you can use inside your service scripts:
@@ -433,6 +447,42 @@ Also, the -d, -f or -p options should not be specified along with this option.
 .Pp
 The -q option suppresses all informational output. If it is specified
 twice, all error messages are suppressed as well.
+.Ic fstabinfo
+.Op Fl M , -mount
+.Op Fl R , -remount
+.Op Fl b , -blockdevice
+.Op Fl m , -mountargs
+.Op Fl o , -options
+.Op Fl p , -passno Ar passno
+.Op Fl t , -type Ar fstype
+.Ar path
+.Xc
+If -b, -m, -o, -p or -t is specified,the appropriate information is
+extracted from fstab. If -M or -R are given, file systems are mounted or
+remounted.
+.Pp
+The -q option suppresses all informational output. If it is specified
+twice, all error messages are suppressed as well.
+.Ic mountinfo
+.Op Fl f, -fstype-regex Ar regex
+.Op Fl F, -skip-fstype-regex Ar regex
+.Op Fl n, -node-regex Ar regex
+.Op Fl N, -skip-node-regex Ar regex
+.Op Fl o, -options-regex Ar regex
+.Op Fl O, -skip-options-regex Ar regex
+.Op Fl p, -point-regex Ar regex
+.Op Fl P, -skip-point-regex Ar regex
+.Op Fl e, -netdev
+.Op Fl E, -nonetdev
+.Op Fl i, -options
+.Op Fl s, -fstype
+.Op Fl t, -node
+  .Ar mount1 mount2 ...
+.Xc
+The f, F, n, N, o, O, p, P, e and E options specify what you want to
+search for or skip in the mounted file systems. The i, s and t options
+specify what you want to display. If no mount points are given, all
+mount points will be considered.
 .It Ic yesno Ar value
 If
 .Ar value

man/service.8

@@ -1 +0,0 @@
-.so rc-service.8

man/supervise-daemon.8

@@ -36,6 +36,8 @@
 .Ar pidfile
 .Fl P , -respawn-period
 .Ar seconds
+.Fl R , -retry
+.Ar arg
 .Fl r , -chroot
 .Ar chrootpath
 .Fl u , -user
@@ -115,6 +117,9 @@ Modifies the scheduling priority of the daemon.
 .It Fl P , -respawn-period Ar seconds
 Sets the length of a respawn period. The default is 10 seconds. See the
 description of --respawn-max for more information.
+.It Fl R , -retry Ar timeout | Ar signal Ns / Ns Ar timeout
+The retry specification can be either a timeout in seconds or multiple
+signal/timeout pairs (like SIGTERM/5).
 .It Fl r , -chroot Ar path
 chroot to this directory before starting the daemon. All other paths, such
 as the path to the daemon, chdir and pidfile, should be relative to the chroot.

sh/openrc-run.sh.in

@@ -243,6 +243,9 @@ sourcex "@LIBEXECDIR@/sh/s6.sh"
 sourcex "@LIBEXECDIR@/sh/start-stop-daemon.sh"
 sourcex "@LIBEXECDIR@/sh/supervise-daemon.sh"
 
+# Load our script
+sourcex "$RC_SERVICE"
+
 # Set verbose mode
 if yesno "${rc_verbose:-$RC_VERBOSE}"; then
 	EINFO_VERBOSE=yes
@@ -255,8 +258,7 @@ for _cmd; do
 		[ -n "${rc_ulimit:-$RC_ULIMIT}" ] && \
 			ulimit ${rc_ulimit:-$RC_ULIMIT}
 		# Apply cgroups settings if defined
-		if [ "$(command -v cgroup_add_service)" = \
-		    "cgroup_add_service" ]
+		if [ "$(command -v cgroup_add_service)" = "cgroup_add_service" ]
 		then
 			if [ -d /sys/fs/cgroup -a ! -w /sys/fs/cgroup ]; then
 				eerror "No permission to apply cgroup settings"
@@ -265,16 +267,15 @@ for _cmd; do
 			cgroup_add_service /sys/fs/cgroup/openrc
 			cgroup_add_service /sys/fs/cgroup/systemd/system
 		fi
-		[ "$(command -v cgroup_set_limits)" = \
-		    "cgroup_set_limits" ] && \
-		    cgroup_set_limits
+		[ "$(command -v cgroup_set_limits)" = "cgroup_set_limits" ] &&
+			cgroup_set_limits
+		[ "$(command -v cgroup2_set_limits)" = "cgroup2_set_limits" ] &&
+			[ "$_cmd" = start ] &&
+			cgroup2_set_limits
 		break
 	fi
 done
 
-# Load our script
-sourcex "$RC_SERVICE"
-
 eval "printf '%s\n' $required_dirs" | while read _d; do
 	if [ -n "$_d" ] && [ ! -d "$_d" ]; then
 		eerror "$RC_SVCNAME: \`$_d' is not a directory"
@@ -364,10 +365,14 @@ while [ -n "$1" ]; do
 				then
 					"$1"_post || exit $?
 				fi
-				[ "$(command -v cgroup_cleanup)" = "cgroup_cleanup" -a \
-				"$1" = "stop" ] && \
-				yesno "${rc_cgroup_cleanup}" && \
+				[ "$(command -v cgroup_cleanup)" = "cgroup_cleanup" ] &&
+					[ "$1" = "stop" ] &&
+					yesno "${rc_cgroup_cleanup}" && \
 					cgroup_cleanup
+				if [ "$(command -v cgroup2_remove)" = "cgroup2_remove" ]; then
+					[ "$1" = stop ] || [ -z "${command}" ] &&
+					cgroup2_remove
+				fi
 				shift
 				continue 2
 			else

sh/rc-cgroup.sh.in

@@ -14,46 +14,56 @@ description_cgroup_cleanup="Kill all processes in the cgroup"
 
 cgroup_find_path()
 {
-	local OIFS n name dir result
+	local OIFS name dir result
 	[ -n "$1" ] || return 0
 	OIFS="$IFS"
 	IFS=":"
-	while read n name dir; do
+	while read -r _ name dir; do
 		[ "$name" = "$1" ] && result="$dir"
 	done < /proc/1/cgroup
 	IFS="$OIFS"
-	echo $result
+	printf "%s" "${result}"
 }
 
 cgroup_get_pids()
 {
-	local p
-	pids=
-	while read p; do
-		[ $p -eq $$ ] || pids="${pids} ${p}"
-	done < /sys/fs/cgroup/openrc/${RC_SVCNAME}/tasks
-	[ -n "$pids" ]
+	local cgroup_procs p pids
+	cgroup_procs="$(cgroup2_find_path)"
+	[ -n "${cgroup_procs}" ] &&
+		cgroup_procs="${cgroup_procs}/${RC_SVCNAME}/cgroup.procs" ||
+		cgroup_procs="/sys/fs/cgroup/openrc/${RC_SVCNAME}/tasks"
+	[ -f "${cgroup_procs}" ] || return 0
+	while read -r p; do
+		[ "$p" -eq $$ ] || pids="${pids} ${p}"
+	done < "${cgroup_procs}"
+	printf "%s" "${pids}"
+	return 0
 }
 
 cgroup_running()
 {
-	[ -d "/sys/fs/cgroup/openrc/${RC_SVCNAME}" ]
+	[ -d "/sys/fs/cgroup/unified/${RC_SVCNAME}" ] ||
+			[ -d "/sys/fs/cgroup/${RC_SVCNAME}" ] ||
+			[ -d "/sys/fs/cgroup/openrc/${RC_SVCNAME}" ]
 }
 
 cgroup_set_values()
 {
-	[ -n "$1" -a -n "$2" -a -d "/sys/fs/cgroup/$1" ] || return 0
+	[ -n "$1" ] && [ -n "$2" ] && [ -d "/sys/fs/cgroup/$1" ] || return 0
 
-	local controller="$1" h=$(cgroup_find_path "$1")
+	local controller h
+	controller="$1"
+	h=$(cgroup_find_path "$1")
 	cgroup="/sys/fs/cgroup/${1}${h}openrc_${RC_SVCNAME}"
 	[ -d "$cgroup" ] || mkdir -p "$cgroup"
 
 	set -- $2
 	local name val
-	while [ -n "$1" -a "$controller" != "cpuacct" ]; do
+	while [ -n "$1" ] && [ "$controller" != "cpuacct" ]; do
 		case "$1" in
 			$controller.*)
-				if [ -n "$name" -a -w "$cgroup/$name" -a -n "$val" ]; then
+				if [ -n "${name}" ] && [ -w "${cgroup}/${name}" ] && 
+					[ -n "${val}" ]; then
 					veinfo "$RC_SVCNAME: Setting $cgroup/$name to $val"
 					printf "%s" "$val" > "$cgroup/$name"
 				fi
@@ -68,7 +78,7 @@ cgroup_set_values()
 		esac
 		shift
 	done
-	if [ -n "$name" -a -w "$cgroup/$name" -a -n "$val" ]; then
+	if [ -n "${name}" ] && [ -w "${cgroup}/${name}" ] && [ -n "${val}" ]; then
 		veinfo "$RC_SVCNAME: Setting $cgroup/$name to $val"
 		printf "%s" "$val" > "$cgroup/$name"
 	fi
@@ -134,21 +144,78 @@ cgroup_set_limits()
 	return 0
 }
 
+cgroup2_find_path()
+{
+	if grep -qw cgroup2 /proc/filesystems; then
+		case "${rc_cgroup_mode:-hybrid}" in
+			hybrid) printf "/sys/fs/cgroup/unified" ;;
+			unified) printf "/sys/fs/cgroup" ;;
+		esac
+	fi
+		return 0
+}
+
+cgroup2_remove()
+{
+	local cgroup_path rc_cgroup_path
+	cgroup_path="$(cgroup2_find_path)"
+	[ -z "${cgroup_path}" ] && return 0
+	rc_cgroup_path="${cgroup_path}/${RC_SVCNAME}"
+	[ ! -d "${rc_cgroup_path}" ] ||
+		[ ! -e "${rc_cgroup_path}"/cgroup.events ] &&
+		return 0
+	grep -qx "$$" "${rc_cgroup_path}/cgroup.procs" &&
+		printf "%d" 0 > "${cgroup_path}/cgroup.procs"
+	local key populated vvalue
+	while read -r key value; do
+		case "${key}" in
+			populated) populated=${value} ;;
+			*) ;;
+		esac
+	done < "${rc_cgroup_path}/cgroup.events"
+	[ "${populated}" = 1 ] && return 0
+	rmdir "${rc_cgroup_path}"
+	return 0
+}
+
+cgroup2_set_limits()
+{
+	local cgroup_path
+	cgroup_path="$(cgroup2_find_path)"
+	[ -d "${cgroup_path}" ] || return 0
+	rc_cgroup_path="${cgroup_path}/${RC_SVCNAME}"
+	local OIFS="$IFS"
+	IFS="
+"
+	[ ! -d "${rc_cgroup_path}" ] && mkdir "${rc_cgroup_path}"
+	printf "%d" 0 > "${rc_cgroup_path}/cgroup.procs"
+	echo "${rc_cgroup_settings}" | while IFS="$OIFS" read -r key value; do
+		[ -z "${key}" ] || [ -z "${value}" ] && continue
+		[ ! -e "${rc_cgroup_path}/${key}" ] && continue
+		veinfo "${RC_SVCNAME}: cgroups: ${key} ${value}"
+		printf "%s" "${value}" > "${rc_cgroup_path}/${key}"
+	done
+	IFS="$OIFS"
+	return 0
+}
+
 cgroup_cleanup()
 {
 	cgroup_running || return 0
 	ebegin "starting cgroups cleanup"
-	for sig in TERM QUIT INT; do
-		cgroup_get_pids || { eend 0 "finished" ; return 0 ; }
-		for i in 0 1; do
-			kill -s $sig $pids
-			for j in 0 1 2; do
-				cgroup_get_pids || { eend 0 "finished" ; return 0 ; }
-				sleep 1
-			done
-		done 2>/dev/null
-	done
-	cgroup_get_pids || { eend 0 "finished" ; return 0; }
-	kill -9 $pids
-	eend $(cgroup_running && echo 1 || echo 0) "fail to stop all processes"
+	local pids
+	pids="$(cgroup_get_pids)"
+	if [ -n "${pids}" ]; then
+		kill -s "${stopsig:-TERM}" ${pids} 2> /dev/null
+		kill -s CONT ${pids} 2> /dev/null
+		yesno "${rc_send_sighup:-no}" &&
+			kill -s HUP ${pids} 2> /dev/null
+		sleep "${rc_timeout_stopsec:-90}"
+		yesno "${rc_send_sigkill:-yes}" &&
+			kill -s KILL ${pids} 2> /dev/null
+	fi
+	cgroup2_remove
+	[ -z "$(cgroup_get_pids)" ]
+	eend $? "Unable to stop all processes"
+	return 0
 }

sh/rc-functions.sh.in

@@ -119,6 +119,13 @@ get_bootparam_value()
 	echo $result
 }
 
+need_if_exists()
+{
+	for x; do
+		rc-service --exists "${x}" && need "${x}"
+	done
+}
+
 # Called from openrc-run.sh or gendepends.sh
 _get_containers() {
 	local c

sh/supervise-daemon.sh

@@ -23,6 +23,7 @@ supervise_start()
 	# command_args="this \"is a\" test"
 	# to work properly.
 	eval supervise-daemon --start \
+		${retry:+--retry} $retry \
 		${chroot:+--chroot} $chroot \
 		${pidfile:+--pidfile} $pidfile \
 		${respawn_delay:+--respawn-delay} $respawn_delay \

src/includes/rc-misc.h

@@ -71,5 +71,6 @@ bool _rc_can_find_pids(void);
 RC_SERVICE lookup_service_state(const char *service);
 void from_time_t(char *time_string, time_t tv);
 time_t to_time_t(char *timestring);
+pid_t get_pid(const char *applet, const char *pidfile);
 
 #endif

src/rc/Makefile

@@ -24,7 +24,7 @@ SBINDIR=	${PREFIX}/sbin
 LINKDIR=	${LIBEXECDIR}
 
 BINPROGS=	rc-status
-SBINPROGS = openrc openrc-run rc rc-service rc-update runscript service \
+SBINPROGS = openrc openrc-run rc rc-service rc-update runscript \
 			start-stop-daemon supervise-daemon
 RC_BINPROGS=	einfon einfo ewarnn ewarn eerrorn eerror ebegin eend ewend \
 				eindent eoutdent esyslog eval_ecolors ewaitfile \
@@ -150,16 +150,16 @@ rc-depend: rc-depend.o _usage.o rc-misc.o
 rc-status: rc-status.o _usage.o rc-misc.o
 	${CC} ${LOCAL_CFLAGS} ${LOCAL_LDFLAGS} ${CFLAGS} ${LDFLAGS} -o $@ $^ ${LDADD}
 
-rc-service service: rc-service.o _usage.o rc-misc.o
+rc-service: rc-service.o _usage.o rc-misc.o
 	${CC} ${LOCAL_CFLAGS} ${LOCAL_LDFLAGS} ${CFLAGS} ${LDFLAGS} -o $@ $^ ${LDADD}
 
 rc-update: rc-update.o _usage.o rc-misc.o
 	${CC} ${LOCAL_CFLAGS} ${LOCAL_LDFLAGS} ${CFLAGS} ${LDFLAGS} -o $@ $^ ${LDADD}
 
-start-stop-daemon: start-stop-daemon.o _usage.o rc-misc.o
+start-stop-daemon: start-stop-daemon.o _usage.o rc-misc.o rc-schedules.o
 	${CC} ${LOCAL_CFLAGS} ${LOCAL_LDFLAGS} ${CFLAGS} ${LDFLAGS} -o $@ $^ ${LDADD}
 
-supervise-daemon: supervise-daemon.o _usage.o rc-misc.o
+supervise-daemon: supervise-daemon.o _usage.o rc-misc.o rc-schedules.o
 	${CC} ${LOCAL_CFLAGS} ${LOCAL_LDFLAGS} ${CFLAGS} ${LDFLAGS} -o $@ $^ ${LDADD}
 
 service_get_value service_set_value get_options save_options: do_value.o rc-misc.o

src/rc/fstabinfo.c

@@ -35,11 +35,11 @@
 #  define GET_ENT getmntent (fp)
 #  define GET_ENT_FILE(_name) getmntfile (_name)
 #  define END_ENT endmntent (fp)
-#  define ENT_BLOCKDEVICE(_ent) ent->mnt_fsname
-#  define ENT_FILE(_ent) ent->mnt_dir
-#  define ENT_TYPE(_ent) ent->mnt_type
-#  define ENT_OPTS(_ent) ent->mnt_opts
-#  define ENT_PASS(_ent) ent->mnt_passno
+#  define ENT_BLOCKDEVICE(_ent) (_ent)->mnt_fsname
+#  define ENT_FILE(_ent) (_ent)->mnt_dir
+#  define ENT_TYPE(_ent) (_ent)->mnt_type
+#  define ENT_OPTS(_ent) (_ent)->mnt_opts
+#  define ENT_PASS(_ent) (_ent)->mnt_passno
 #else
 #  define HAVE_GETFSENT
 #  include <fstab.h>
@@ -48,11 +48,11 @@
 #  define GET_ENT getfsent ()
 #  define GET_ENT_FILE(_name) getfsfile (_name)
 #  define END_ENT endfsent ()
-#  define ENT_BLOCKDEVICE(_ent) ent->fs_spec
-#  define ENT_TYPE(_ent) ent->fs_vfstype
-#  define ENT_FILE(_ent) ent->fs_file
-#  define ENT_OPTS(_ent) ent->fs_mntops
-#  define ENT_PASS(_ent) ent->fs_passno
+#  define ENT_BLOCKDEVICE(_ent) (_ent)->fs_spec
+#  define ENT_TYPE(_ent) (_ent)->fs_vfstype
+#  define ENT_FILE(_ent) (_ent)->fs_file
+#  define ENT_OPTS(_ent) (_ent)->fs_mntops
+#  define ENT_PASS(_ent) (_ent)->fs_passno
 #endif
 
 #include "einfo.h"
@@ -114,24 +114,24 @@ do_mount(struct ENT *ent, bool remount)
 
 	argv[0] = UNCONST("mount");
 	argv[1] = UNCONST("-o");
-	argv[2] = ENT_OPTS(*ent);
+	argv[2] = ENT_OPTS(ent);
 	argv[3] = UNCONST("-t");
-	argv[4] = ENT_TYPE(*ent);
+	argv[4] = ENT_TYPE(ent);
 	if (!remount) {
-		argv[5] = ENT_BLOCKDEVICE(*ent);
-		argv[6] = ENT_FILE(*ent);
+		argv[5] = ENT_BLOCKDEVICE(ent);
+		argv[6] = ENT_FILE(ent);
 		argv[7] = NULL;
 	} else {
 #ifdef __linux__
 		argv[5] = UNCONST("-o");
 		argv[6] = UNCONST("remount");
-		argv[7] = ENT_BLOCKDEVICE(*ent);
-		argv[8] = ENT_FILE(*ent);
+		argv[7] = ENT_BLOCKDEVICE(ent);
+		argv[8] = ENT_FILE(ent);
 		argv[9] = NULL;
 #else
 		argv[5] = UNCONST("-u");
-		argv[6] = ENT_BLOCKDEVICE(*ent);
-		argv[7] = ENT_FILE(*ent);
+		argv[6] = ENT_BLOCKDEVICE(ent);
+		argv[7] = ENT_FILE(ent);
 		argv[8] = NULL;
 #endif
 	}

src/rc/rc-misc.c

@@ -474,3 +474,27 @@ time_t to_time_t(char *timestring)
 	}
 	return result;
 }
+
+pid_t get_pid(const char *applet,const char *pidfile)
+{
+	FILE *fp;
+	pid_t pid;
+
+	if (! pidfile)
+		return -1;
+
+	if ((fp = fopen(pidfile, "r")) == NULL) {
+		ewarnv("%s: fopen `%s': %s", applet, pidfile, strerror(errno));
+		return -1;
+	}
+
+	if (fscanf(fp, "%d", &pid) != 1) {
+		ewarnv("%s: no pid found in `%s'", applet, pidfile);
+		fclose(fp);
+		return -1;
+	}
+
+	fclose(fp);
+
+	return pid;
+}

src/rc/rc-schedules.c

@@ -0,0 +1,419 @@
+/*
+ * The functions in this file control the stopping of daemons by
+ * start-stop-daemon and supervise-daemon.
+ */
+
+/*
+ * Copyright (c) 2015 The OpenRC Authors.
+ * See the Authors file at the top-level directory of this distribution and
+ * https://github.com/OpenRC/openrc/blob/master/AUTHORS
+ *
+ * This file is part of OpenRC. It is subject to the license terms in
+ * the LICENSE file found in the top-level directory of this
+ * distribution and at https://github.com/OpenRC/openrc/blob/master/LICENSE
+ * This file may not be copied, modified, propagated, or distributed
+ *    except according to the terms contained in the LICENSE file.
+ */
+
+/* nano seconds */
+#define POLL_INTERVAL   20000000
+#define WAIT_PIDFILE   500000000
+#define ONE_SECOND    1000000000
+#define ONE_MS           1000000
+
+#include <ctype.h>
+#include <errno.h>
+#include <signal.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
+#include "einfo.h"
+#include "queue.h"
+#include "rc.h"
+#include "rc-misc.h"
+#include "rc-schedules.h"
+#include "helpers.h"
+
+typedef struct scheduleitem {
+	enum {
+		SC_TIMEOUT,
+		SC_SIGNAL,
+		SC_GOTO,
+		SC_FOREVER,
+	} type;
+	int value;
+	struct scheduleitem *gotoitem;
+	TAILQ_ENTRY(scheduleitem) entries;
+} SCHEDULEITEM;
+
+static TAILQ_HEAD(, scheduleitem) schedule;
+
+void free_schedulelist(void)
+{
+	SCHEDULEITEM *s1 = TAILQ_FIRST(&schedule);
+	SCHEDULEITEM *s2;
+
+	while (s1) {
+		s2 = TAILQ_NEXT(s1, entries);
+		free(s1);
+		s1 = s2;
+	}
+	TAILQ_INIT(&schedule);
+}
+
+int parse_signal(const char *applet, const char *sig)
+{
+	typedef struct signalpair
+	{
+		const char *name;
+		int signal;
+	} SIGNALPAIR;
+
+#define signalpair_item(name) { #name, SIG##name },
+
+	static const SIGNALPAIR signallist[] = {
+		signalpair_item(HUP)
+		signalpair_item(INT)
+		signalpair_item(QUIT)
+		signalpair_item(ILL)
+		signalpair_item(TRAP)
+		signalpair_item(ABRT)
+		signalpair_item(BUS)
+		signalpair_item(FPE)
+		signalpair_item(KILL)
+		signalpair_item(USR1)
+		signalpair_item(SEGV)
+		signalpair_item(USR2)
+		signalpair_item(PIPE)
+		signalpair_item(ALRM)
+		signalpair_item(TERM)
+		signalpair_item(CHLD)
+		signalpair_item(CONT)
+		signalpair_item(STOP)
+		signalpair_item(TSTP)
+		signalpair_item(TTIN)
+		signalpair_item(TTOU)
+		signalpair_item(URG)
+		signalpair_item(XCPU)
+		signalpair_item(XFSZ)
+		signalpair_item(VTALRM)
+		signalpair_item(PROF)
+#ifdef SIGWINCH
+		signalpair_item(WINCH)
+#endif
+#ifdef SIGIO
+		signalpair_item(IO)
+#endif
+#ifdef SIGPWR
+		signalpair_item(PWR)
+#endif
+		signalpair_item(SYS)
+		{ "NULL",	0 },
+	};
+
+	unsigned int i = 0;
+	const char *s;
+
+	if (!sig || *sig == '\0')
+		return -1;
+
+	if (sscanf(sig, "%u", &i) == 1) {
+		if (i < NSIG)
+			return i;
+		eerrorx("%s: `%s' is not a valid signal", applet, sig);
+	}
+
+	if (strncmp(sig, "SIG", 3) == 0)
+		s = sig + 3;
+	else
+		s = NULL;
+
+	for (i = 0; i < ARRAY_SIZE(signallist); ++i)
+		if (strcmp(sig, signallist[i].name) == 0 ||
+		    (s && strcmp(s, signallist[i].name) == 0))
+			return signallist[i].signal;
+
+	eerrorx("%s: `%s' is not a valid signal", applet, sig);
+	/* NOTREACHED */
+}
+
+static SCHEDULEITEM *parse_schedule_item(const char *applet, const char *string)
+{
+	const char *after_hyph;
+	int sig;
+	SCHEDULEITEM *item = xmalloc(sizeof(*item));
+
+	item->value = 0;
+	item->gotoitem = NULL;
+	if (strcmp(string,"forever") == 0)
+		item->type = SC_FOREVER;
+	else if (isdigit((unsigned char)string[0])) {
+		item->type = SC_TIMEOUT;
+		errno = 0;
+		if (sscanf(string, "%d", &item->value) != 1)
+			eerrorx("%s: invalid timeout value in schedule `%s'",
+			    applet, string);
+	} else if ((after_hyph = string + (string[0] == '-')) &&
+	    ((sig = parse_signal(applet, after_hyph)) != -1))
+	{
+		item->type = SC_SIGNAL;
+		item->value = (int)sig;
+	} else
+		eerrorx("%s: invalid schedule item `%s'", applet, string);
+
+	return item;
+}
+
+void parse_schedule(const char *applet, const char *string, int timeout)
+{
+	char buffer[20];
+	const char *slash;
+	int count = 0;
+	SCHEDULEITEM *repeatat = NULL;
+	size_t len;
+	SCHEDULEITEM *item;
+
+	TAILQ_INIT(&schedule);
+	if (string)
+		for (slash = string; *slash; slash++)
+			if (*slash == '/')
+				count++;
+
+	free_schedulelist();
+
+	if (count == 0) {
+		item = xmalloc(sizeof(*item));
+		item->type = SC_SIGNAL;
+		item->value = timeout;
+		item->gotoitem = NULL;
+		TAILQ_INSERT_TAIL(&schedule, item, entries);
+
+		item = xmalloc(sizeof(*item));
+		item->type = SC_TIMEOUT;
+		item->gotoitem = NULL;
+		TAILQ_INSERT_TAIL(&schedule, item, entries);
+		if (string) {
+			if (sscanf(string, "%d", &item->value) != 1)
+				eerrorx("%s: invalid timeout in schedule",
+				    applet);
+		} else
+			item->value = 5;
+
+		return;
+	}
+
+	while (string != NULL) {
+		if ((slash = strchr(string, '/')))
+			len = slash - string;
+		else
+			len = strlen(string);
+
+		if (len >= (ptrdiff_t)sizeof(buffer))
+			eerrorx("%s: invalid schedule item, far too long",
+			    applet);
+
+		memcpy(buffer, string, len);
+		buffer[len] = 0;
+		string = slash ? slash + 1 : NULL;
+
+		item = parse_schedule_item(applet, buffer);
+		TAILQ_INSERT_TAIL(&schedule, item, entries);
+		if (item->type == SC_FOREVER) {
+			if (repeatat)
+				eerrorx("%s: invalid schedule, `forever' "
+				    "appears more than once", applet);
+
+			repeatat = item;
+			continue;
+		}
+	}
+
+	if (repeatat) {
+		item = xmalloc(sizeof(*item));
+		item->type = SC_GOTO;
+		item->value = 0;
+		item->gotoitem = repeatat;
+		TAILQ_INSERT_TAIL(&schedule, item, entries);
+	}
+
+	return;
+}
+
+/* return number of processes killed, -1 on error */
+int do_stop(const char *applet, const char *exec, const char *const *argv,
+    pid_t pid, uid_t uid,int sig, bool test, bool quiet)
+{
+	RC_PIDLIST *pids;
+	RC_PID *pi;
+	RC_PID *np;
+	bool killed;
+	int nkilled = 0;
+
+	if (pid > 0)
+		pids = rc_find_pids(NULL, NULL, 0, pid);
+	else
+		pids = rc_find_pids(exec, argv, uid, 0);
+
+	if (!pids)
+		return 0;
+
+	LIST_FOREACH_SAFE(pi, pids, entries, np) {
+		if (test) {
+			einfo("Would send signal %d to PID %d", sig, pi->pid);
+			nkilled++;
+		} else {
+			if (!quiet)
+				ebeginv("Sending signal %d to PID %d", sig, pi->pid);
+			errno = 0;
+			killed = (kill(pi->pid, sig) == 0 ||
+			    errno == ESRCH ? true : false);
+			if (! quiet)
+				eendv(killed ? 0 : 1,
+				"%s: failed to send signal %d to PID %d: %s",
+				applet, sig, pi->pid, strerror(errno));
+			if (!killed) {
+				nkilled = -1;
+			} else {
+				if (nkilled != -1)
+					nkilled++;
+			}
+		}
+		free(pi);
+	}
+
+	free(pids);
+	return nkilled;
+}
+
+int run_stop_schedule(const char *applet,
+		const char *exec, const char *const *argv,
+		pid_t pid, uid_t uid,
+    bool test, bool progress, bool quiet)
+{
+	SCHEDULEITEM *item = TAILQ_FIRST(&schedule);
+	int nkilled = 0;
+	int tkilled = 0;
+	int nrunning = 0;
+	long nloops, nsecs;
+	struct timespec ts;
+	const char *const *p;
+	bool progressed = false;
+
+	if (exec)
+		einfov("Will stop %s", exec);
+	if (pid > 0)
+		einfov("Will stop PID %d", pid);
+	if (uid)
+		einfov("Will stop processes owned by UID %d", uid);
+	if (argv && *argv) {
+		einfovn("Will stop processes of `");
+		if (rc_yesno(getenv("EINFO_VERBOSE"))) {
+			for (p = argv; p && *p; p++) {
+				if (p != argv)
+					printf(" ");
+				printf("%s", *p);
+			}
+			printf("'\n");
+		}
+	}
+
+	while (item) {
+		switch (item->type) {
+		case SC_GOTO:
+			item = item->gotoitem;
+			continue;
+
+		case SC_SIGNAL:
+			nrunning = 0;
+			nkilled = do_stop(applet, exec, argv, pid, uid, item->value, test,
+					quiet);
+			if (nkilled == 0) {
+				if (tkilled == 0) {
+					if (progressed)
+						printf("\n");
+					eerror("%s: no matching processes found", applet);
+				}
+				return tkilled;
+			}
+			else if (nkilled == -1)
+				return 0;
+
+			tkilled += nkilled;
+			break;
+		case SC_TIMEOUT:
+			if (item->value < 1) {
+				item = NULL;
+				break;
+			}
+
+			ts.tv_sec = 0;
+			ts.tv_nsec = POLL_INTERVAL;
+
+			for (nsecs = 0; nsecs < item->value; nsecs++) {
+				for (nloops = 0;
+				     nloops < ONE_SECOND / POLL_INTERVAL;
+				     nloops++)
+				{
+					if ((nrunning = do_stop(applet, exec, argv,
+						    pid, uid, 0, test, quiet)) == 0)
+						return 0;
+
+
+					if (nanosleep(&ts, NULL) == -1) {
+						if (progressed) {
+							printf("\n");
+							progressed = false;
+						}
+						if (errno == EINTR)
+							eerror("%s: caught an"
+							    " interrupt", applet);
+						else {
+							eerror("%s: nanosleep: %s",
+							    applet, strerror(errno));
+							return 0;
+						}
+					}
+				}
+				if (progress) {
+					printf(".");
+					fflush(stdout);
+					progressed = true;
+				}
+			}
+			break;
+		default:
+			if (progressed) {
+				printf("\n");
+				progressed = false;
+			}
+			eerror("%s: invalid schedule item `%d'",
+			    applet, item->type);
+			return 0;
+		}
+
+		if (item)
+			item = TAILQ_NEXT(item, entries);
+	}
+
+	if (test || (tkilled > 0 && nrunning == 0))
+		return nkilled;
+
+	if (progressed)
+		printf("\n");
+	if (! quiet) {
+		if (nrunning == 1)
+			eerror("%s: %d process refused to stop", applet, nrunning);
+		else
+			eerror("%s: %d process(es) refused to stop", applet, nrunning);
+	}
+
+	return -nrunning;
+}

src/rc/rc-schedules.h

@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2017 The OpenRC Authors.
+ * See the Authors file at the top-level directory of this distribution and
+ * https://github.com/OpenRC/openrc/blob/master/AUTHORS
+ *
+ * This file is part of OpenRC. It is subject to the license terms in
+ * the LICENSE file found in the top-level directory of this
+ * distribution and at https://github.com/OpenRC/openrc/blob/master/LICENSE
+ * This file may not be copied, modified, propagated, or distributed
+ *    except according to the terms contained in the LICENSE file.
+ */
+
+#ifndef __RC_SCHEDULES_H
+#define __RC_SCHEDULES_H
+
+void free_schedulelist(void);
+int parse_signal(const char *applet, const char *sig);
+void parse_schedule(const char *applet, const char *string, int timeout);
+int do_stop(const char *applet, const char *exec, const char *const *argv,
+		pid_t pid, uid_t uid,int sig, bool test, bool quiet);
+int run_stop_schedule(const char *applet,
+		const char *exec, const char *const *argv,
+		pid_t pid, uid_t uid,
+		bool test, bool progress, bool quiet);
+
+#endif

src/rc/rc-selinux.c

@@ -39,7 +39,6 @@
 #include "rc-selinux.h"
 
 /* the context files for selinux */
-#define RUN_INIT_FILE "run_init_type"
 #define INITRC_FILE "initrc_context"
 
 #ifdef HAVE_AUDIT
@@ -299,6 +298,26 @@ static int read_context_file(const char *filename, char **context)
 	return ret;
 }
 
+static int read_run_init_context(char **context)
+{
+	int ret = -1;
+	RC_STRINGLIST *list;
+	char *value = NULL;
+
+	list = rc_config_list(selinux_openrc_contexts_path());
+	if (list == NULL)
+		return ret;
+
+	value = rc_config_value(list, "run_init");
+	if (value != NULL && strlen(value) > 0) {
+		*context = xstrdup(value);
+		ret = 0;
+	}
+
+	rc_stringlist_free(list);
+	return ret;
+}
+
 void selinux_setup(char **argv)
 {
 	char *new_context = NULL;
@@ -312,7 +331,7 @@ void selinux_setup(char **argv)
 		return;
 	}
 
-	if (read_context_file(RUN_INIT_FILE, &run_init_t) != 0) {
+	if (read_run_init_context(&run_init_t) != 0) {
 		/* assume a reasonable default, rather than bailing out */
 		run_init_t = xstrdup("run_init_t");
 		ewarn("Assuming SELinux run_init type is %s", run_init_t);
@@ -339,14 +358,13 @@ void selinux_setup(char **argv)
 		goto out;
 	}
 
-	curr_t = context_type_get(curr_con);
+	curr_t = xstrdup(context_type_get(curr_con));
 	if (!curr_t) {
 		context_free(curr_con);
 		free(curr_context);
 		goto out;
 	}
 
-	curr_t = xstrdup(curr_t);
 	/* dont need them anymore so free() now */
 	context_free(curr_con);
 	free(curr_context);

src/rc/start-stop-daemon.c

@@ -19,10 +19,6 @@
  *    except according to the terms contained in the LICENSE file.
  */
 
-/* nano seconds */
-#define POLL_INTERVAL   20000000
-#define WAIT_PIDFILE   500000000
-#define ONE_SECOND    1000000000
 #define ONE_MS           1000000
 
 #include <sys/types.h>
@@ -63,6 +59,7 @@ static struct pam_conv conv = { NULL, NULL};
 #include "queue.h"
 #include "rc.h"
 #include "rc-misc.h"
+#include "rc-schedules.h"
 #include "_usage.h"
 #include "helpers.h"
 
@@ -130,20 +127,6 @@ const char * const longopts_help[] = {
 };
 const char *usagestring = NULL;
 
-typedef struct scheduleitem
-{
-	enum
-		{
-			SC_TIMEOUT,
-			SC_SIGNAL,
-			SC_GOTO,
-			SC_FOREVER
-		} type;
-	int value;
-	struct scheduleitem *gotoitem;
-	TAILQ_ENTRY(scheduleitem) entries;
-} SCHEDULEITEM;
-TAILQ_HEAD(, scheduleitem) schedule;
 static char **nav;
 
 static char *changeuser, *ch_root, *ch_dir;
@@ -166,20 +149,6 @@ static inline int ioprio_set(int which _unused,
 }
 #endif
 
-static void
-free_schedulelist(void)
-{
-	SCHEDULEITEM *s1 = TAILQ_FIRST(&schedule);
-	SCHEDULEITEM *s2;
-
-	while (s1) {
-		s2 = TAILQ_NEXT(s1, entries);
-		free(s1);
-		s1 = s2;
-	}
-	TAILQ_INIT(&schedule);
-}
-
 static void
 cleanup(void)
 {
@@ -188,385 +157,6 @@ cleanup(void)
 	free_schedulelist();
 }
 
-static int
-parse_signal(const char *sig)
-{
-	typedef struct signalpair
-	{
-		const char *name;
-		int signal;
-	} SIGNALPAIR;
-
-#define signalpair_item(name) { #name, SIG##name },
-
-	static const SIGNALPAIR signallist[] = {
-		signalpair_item(HUP)
-		signalpair_item(INT)
-		signalpair_item(QUIT)
-		signalpair_item(ILL)
-		signalpair_item(TRAP)
-		signalpair_item(ABRT)
-		signalpair_item(BUS)
-		signalpair_item(FPE)
-		signalpair_item(KILL)
-		signalpair_item(USR1)
-		signalpair_item(SEGV)
-		signalpair_item(USR2)
-		signalpair_item(PIPE)
-		signalpair_item(ALRM)
-		signalpair_item(TERM)
-		signalpair_item(CHLD)
-		signalpair_item(CONT)
-		signalpair_item(STOP)
-		signalpair_item(TSTP)
-		signalpair_item(TTIN)
-		signalpair_item(TTOU)
-		signalpair_item(URG)
-		signalpair_item(XCPU)
-		signalpair_item(XFSZ)
-		signalpair_item(VTALRM)
-		signalpair_item(PROF)
-#ifdef SIGWINCH
-		signalpair_item(WINCH)
-#endif
-#ifdef SIGIO
-		signalpair_item(IO)
-#endif
-#ifdef SIGPWR
-		signalpair_item(PWR)
-#endif
-		signalpair_item(SYS)
-		{ "NULL",	0 },
-	};
-
-	unsigned int i = 0;
-	const char *s;
-
-	if (!sig || *sig == '\0')
-		return -1;
-
-	if (sscanf(sig, "%u", &i) == 1) {
-		if (i < NSIG)
-			return i;
-		eerrorx("%s: `%s' is not a valid signal", applet, sig);
-	}
-
-	if (strncmp(sig, "SIG", 3) == 0)
-		s = sig + 3;
-	else
-		s = NULL;
-
-	for (i = 0; i < ARRAY_SIZE(signallist); ++i)
-		if (strcmp(sig, signallist[i].name) == 0 ||
-		    (s && strcmp(s, signallist[i].name) == 0))
-			return signallist[i].signal;
-
-	eerrorx("%s: `%s' is not a valid signal", applet, sig);
-	/* NOTREACHED */
-}
-
-static SCHEDULEITEM *
-parse_schedule_item(const char *string)
-{
-	const char *after_hyph;
-	int sig;
-	SCHEDULEITEM *item = xmalloc(sizeof(*item));
-
-	item->value = 0;
-	item->gotoitem = NULL;
-	if (strcmp(string,"forever") == 0)
-		item->type = SC_FOREVER;
-	else if (isdigit((unsigned char)string[0])) {
-		item->type = SC_TIMEOUT;
-		errno = 0;
-		if (sscanf(string, "%d", &item->value) != 1)
-			eerrorx("%s: invalid timeout value in schedule `%s'",
-			    applet, string);
-	} else if ((after_hyph = string + (string[0] == '-')) &&
-	    ((sig = parse_signal(after_hyph)) != -1))
-	{
-		item->type = SC_SIGNAL;
-		item->value = (int)sig;
-	} else
-		eerrorx("%s: invalid schedule item `%s'", applet, string);
-
-	return item;
-}
-
-static void
-parse_schedule(const char *string, int timeout)
-{
-	char buffer[20];
-	const char *slash;
-	int count = 0;
-	SCHEDULEITEM *repeatat = NULL;
-	size_t len;
-	SCHEDULEITEM *item;
-
-	if (string)
-		for (slash = string; *slash; slash++)
-			if (*slash == '/')
-				count++;
-
-	free_schedulelist();
-
-	if (count == 0) {
-		item = xmalloc(sizeof(*item));
-		item->type = SC_SIGNAL;
-		item->value = timeout;
-		item->gotoitem = NULL;
-		TAILQ_INSERT_TAIL(&schedule, item, entries);
-
-		item = xmalloc(sizeof(*item));
-		item->type = SC_TIMEOUT;
-		item->gotoitem = NULL;
-		TAILQ_INSERT_TAIL(&schedule, item, entries);
-		if (string) {
-			if (sscanf(string, "%d", &item->value) != 1)
-				eerrorx("%s: invalid timeout in schedule",
-				    applet);
-		} else
-			item->value = 5;
-
-		return;
-	}
-
-	while (string != NULL) {
-		if ((slash = strchr(string, '/')))
-			len = slash - string;
-		else
-			len = strlen(string);
-
-		if (len >= (ptrdiff_t)sizeof(buffer))
-			eerrorx("%s: invalid schedule item, far too long",
-			    applet);
-
-		memcpy(buffer, string, len);
-		buffer[len] = 0;
-		string = slash ? slash + 1 : NULL;
-
-		item = parse_schedule_item(buffer);
-		TAILQ_INSERT_TAIL(&schedule, item, entries);
-		if (item->type == SC_FOREVER) {
-			if (repeatat)
-				eerrorx("%s: invalid schedule, `forever' "
-				    "appears more than once", applet);
-
-			repeatat = item;
-			continue;
-		}
-	}
-
-	if (repeatat) {
-		item = xmalloc(sizeof(*item));
-		item->type = SC_GOTO;
-		item->value = 0;
-		item->gotoitem = repeatat;
-		TAILQ_INSERT_TAIL(&schedule, item, entries);
-	}
-
-	return;
-}
-
-static pid_t
-get_pid(const char *pidfile)
-{
-	FILE *fp;
-	pid_t pid;
-
-	if (! pidfile)
-		return -1;
-
-	if ((fp = fopen(pidfile, "r")) == NULL) {
-		ewarnv("%s: fopen `%s': %s", applet, pidfile, strerror(errno));
-		return -1;
-	}
-
-	if (fscanf(fp, "%d", &pid) != 1) {
-		ewarnv("%s: no pid found in `%s'", applet, pidfile);
-		fclose(fp);
-		return -1;
-	}
-
-	fclose(fp);
-
-	return pid;
-}
-
-/* return number of processed killed, -1 on error */
-static int
-do_stop(const char *exec, const char *const *argv,
-    pid_t pid, uid_t uid,int sig, bool test)
-{
-	RC_PIDLIST *pids;
-	RC_PID *pi;
-	RC_PID *np;
-	bool killed;
-	int nkilled = 0;
-
-	if (pid)
-		pids = rc_find_pids(NULL, NULL, 0, pid);
-	else
-		pids = rc_find_pids(exec, argv, uid, pid);
-
-	if (!pids)
-		return 0;
-
-	LIST_FOREACH_SAFE(pi, pids, entries, np) {
-		if (test) {
-			einfo("Would send signal %d to PID %d", sig, pi->pid);
-			nkilled++;
-		} else {
-			ebeginv("Sending signal %d to PID %d", sig, pi->pid);
-			errno = 0;
-			killed = (kill(pi->pid, sig) == 0 ||
-			    errno == ESRCH ? true : false);
-			eendv(killed ? 0 : 1,
-				"%s: failed to send signal %d to PID %d: %s",
-				applet, sig, pi->pid, strerror(errno));
-			if (!killed) {
-				nkilled = -1;
-			} else {
-				if (nkilled != -1)
-					nkilled++;
-			}
-		}
-		free(pi);
-	}
-
-	free(pids);
-	return nkilled;
-}
-
-static int
-run_stop_schedule(const char *exec, const char *const *argv,
-    const char *pidfile, uid_t uid,
-    bool test, bool progress)
-{
-	SCHEDULEITEM *item = TAILQ_FIRST(&schedule);
-	int nkilled = 0;
-	int tkilled = 0;
-	int nrunning = 0;
-	long nloops, nsecs;
-	struct timespec ts;
-	pid_t pid = 0;
-	const char *const *p;
-	bool progressed = false;
-
-	if (exec)
-		einfov("Will stop %s", exec);
-	if (pidfile)
-		einfov("Will stop PID in pidfile `%s'", pidfile);
-	if (uid)
-		einfov("Will stop processes owned by UID %d", uid);
-	if (argv && *argv) {
-		einfovn("Will stop processes of `");
-		if (rc_yesno(getenv("EINFO_VERBOSE"))) {
-			for (p = argv; p && *p; p++) {
-				if (p != argv)
-					printf(" ");
-				printf("%s", *p);
-			}
-			printf("'\n");
-		}
-	}
-
-	if (pidfile) {
-		pid = get_pid(pidfile);
-		if (pid == -1)
-			return 0;
-	}
-
-	while (item) {
-		switch (item->type) {
-		case SC_GOTO:
-			item = item->gotoitem;
-			continue;
-
-		case SC_SIGNAL:
-			nrunning = 0;
-			nkilled = do_stop(exec, argv, pid, uid, item->value, test);
-			if (nkilled == 0) {
-				if (tkilled == 0) {
-					if (progressed)
-						printf("\n");
-					eerror("%s: no matching processes found", applet);
-				}
-				return tkilled;
-			}
-			else if (nkilled == -1)
-				return 0;
-
-			tkilled += nkilled;
-			break;
-		case SC_TIMEOUT:
-			if (item->value < 1) {
-				item = NULL;
-				break;
-			}
-
-			ts.tv_sec = 0;
-			ts.tv_nsec = POLL_INTERVAL;
-
-			for (nsecs = 0; nsecs < item->value; nsecs++) {
-				for (nloops = 0;
-				     nloops < ONE_SECOND / POLL_INTERVAL;
-				     nloops++)
-				{
-					if ((nrunning = do_stop(exec, argv,
-						    pid, uid, 0, test)) == 0)
-						return 0;
-
-
-					if (nanosleep(&ts, NULL) == -1) {
-						if (progressed) {
-							printf("\n");
-							progressed = false;
-						}
-						if (errno == EINTR)
-							eerror("%s: caught an"
-							    " interrupt", applet);
-						else {
-							eerror("%s: nanosleep: %s",
-							    applet, strerror(errno));
-							return 0;
-						}
-					}
-				}
-				if (progress) {
-					printf(".");
-					fflush(stdout);
-					progressed = true;
-				}
-			}
-			break;
-		default:
-			if (progressed) {
-				printf("\n");
-				progressed = false;
-			}
-			eerror("%s: invalid schedule item `%d'",
-			    applet, item->type);
-			return 0;
-		}
-
-		if (item)
-			item = TAILQ_NEXT(item, entries);
-	}
-
-	if (test || (tkilled > 0 && nrunning == 0))
-		return nkilled;
-
-	if (progressed)
-		printf("\n");
-	if (nrunning == 1)
-		eerror("%s: %d process refused to stop", applet, nrunning);
-	else
-		eerror("%s: %d process(es) refused to stop", applet, nrunning);
-
-	return -nrunning;
-}
-
 static void
 handle_signal(int sig)
 {
@@ -707,7 +297,6 @@ int main(int argc, char **argv)
 	unsigned int start_wait = 0;
 
 	applet = basename_c(argv[0]);
-	TAILQ_INIT(&schedule);
 	atexit(cleanup);
 
 	signal_setup(SIGINT, handle_signal);
@@ -876,7 +465,7 @@ int main(int argc, char **argv)
 			break;
 
 		case 's':  /* --signal <signal> */
-			sig = parse_signal(optarg);
+			sig = parse_signal(applet, optarg);
 			break;
 
 		case 't':  /* --test */
@@ -1062,13 +651,13 @@ int main(int argc, char **argv)
 		if (!stop)
 			oknodo = true;
 		if (retry)
-			parse_schedule(retry, sig);
+			parse_schedule(applet, retry, sig);
 		else if (test || oknodo)
-			parse_schedule("0", sig);
+			parse_schedule(applet, "0", sig);
 		else
-			parse_schedule(NULL, sig);
-		i = run_stop_schedule(exec, (const char *const *)margv,
-		    pidfile, uid, test, progress);
+			parse_schedule(applet, NULL, sig);
+		i = run_stop_schedule(applet, exec, (const char *const *)margv,
+		    get_pid(applet, pidfile), uid, test, progress, false);
 
 		if (i < 0)
 			/* We failed to stop something */
@@ -1090,12 +679,12 @@ int main(int argc, char **argv)
 	}
 
 	if (pidfile)
-		pid = get_pid(pidfile);
+		pid = get_pid(applet, pidfile);
 	else
 		pid = 0;
 
-	if (do_stop(exec, (const char * const *)margv, pid, uid,
-		0, test) > 0)
+	if (do_stop(applet, exec, (const char * const *)margv, pid, uid,
+		0, test, false) > 0)
 		eerrorx("%s: %s is already running", applet, exec);
 
 	if (test) {
@@ -1365,7 +954,7 @@ int main(int argc, char **argv)
 				alive = true;
 		} else {
 			if (pidfile) {
-				pid = get_pid(pidfile);
+				pid = get_pid(applet, pidfile);
 				if (pid == -1) {
 					eerrorx("%s: did not "
 					    "create a valid"
@@ -1374,8 +963,8 @@ int main(int argc, char **argv)
 				}
 			} else
 				pid = 0;
-			if (do_stop(exec, (const char *const *)margv,
-				pid, uid, 0, test) > 0)
+			if (do_stop(applet, exec, (const char *const *)margv,
+				pid, uid, 0, test, false) > 0)
 				alive = true;
 		}
 

src/rc/supervise-daemon.c

@@ -61,12 +61,13 @@ static struct pam_conv conv = { NULL, NULL};
 #include "queue.h"
 #include "rc.h"
 #include "rc-misc.h"
+#include "rc-schedules.h"
 #include "_usage.h"
 #include "helpers.h"
 
 const char *applet = NULL;
 const char *extraopts = NULL;
-const char *getoptstring = "D:d:e:g:I:Kk:m:N:p:r:Su:1:2:" \
+const char *getoptstring = "D:d:e:g:I:Kk:m:N:p:R:r:Su:1:2:" \
 	getoptstring_COMMON;
 const struct option longopts[] = {
 	{ "respawn-delay",        1, NULL, 'D'},
@@ -80,6 +81,7 @@ const struct option longopts[] = {
 	{ "nicelevel",    1, NULL, 'N'},
 	{ "pidfile",      1, NULL, 'p'},
 	{ "respawn-period",        1, NULL, 'P'},
+	{ "retry",       1, NULL, 'R'},
 	{ "chroot",       1, NULL, 'r'},
 	{ "start",        0, NULL, 'S'},
 	{ "user",         1, NULL, 'u'},
@@ -99,6 +101,7 @@ const char * const longopts_help[] = {
 	"Set a nicelevel when starting",
 	"Match pid found in this file",
 	"Set respawn time period",
+	"Retry schedule to use when stopping",
 	"Chroot to this directory",
 	"Start daemon",
 	"Change the process user",
@@ -147,30 +150,6 @@ static void cleanup(void)
 	free(changeuser);
 }
 
-static pid_t get_pid(const char *pidfile)
-{
-	FILE *fp;
-	pid_t pid;
-
-	if (! pidfile)
-		return -1;
-
-	if ((fp = fopen(pidfile, "r")) == NULL) {
-		ewarnv("%s: fopen `%s': %s", applet, pidfile, strerror(errno));
-		return -1;
-	}
-
-	if (fscanf(fp, "%d", &pid) != 1) {
-		ewarnv("%s: no pid found in `%s'", applet, pidfile);
-		fclose(fp);
-		return -1;
-	}
-
-	fclose(fp);
-
-	return pid;
-}
-
 static void child_process(char *exec, char **argv, char *svcname,
 		int start_count)
 {
@@ -434,6 +413,9 @@ int main(int argc, char **argv)
 	bool stop = false;
 	char *exec = NULL;
 	char *pidfile = NULL;
+	char *retry = NULL;
+	int nkilled;
+	int sig = SIGTERM;
 	char *home = NULL;
 	int tid = 0;
 	pid_t child_pid, pid;
@@ -450,6 +432,7 @@ int main(int argc, char **argv)
 	int respawn_period = 5;
 	time_t respawn_now= 0;
 	time_t first_spawn= 0;
+	struct timespec ts;
 	struct passwd *pw;
 	struct group *gr;
 	FILE *fp;
@@ -458,11 +441,6 @@ int main(int argc, char **argv)
 	applet = basename_c(argv[0]);
 	atexit(cleanup);
 
-	signal_setup(SIGINT, handle_signal);
-	signal_setup(SIGQUIT, handle_signal);
-	signal_setup(SIGTERM, handle_signal);
-	openlog(applet, LOG_PID, LOG_DAEMON);
-
 	if ((tmp = getenv("SSD_NICELEVEL")))
 		if (sscanf(tmp, "%d", &nicelevel) != 1)
 			eerror("%s: invalid nice level `%s' (SSD_NICELEVEL)",
@@ -558,6 +536,9 @@ int main(int argc, char **argv)
 			pidfile = optarg;
 			break;
 
+		case 'R':  /* --retry <schedule>|timeout */
+			retry = optarg;
+			break;
 		case 'r':  /* --chroot /new/root */
 			ch_root = optarg;
 			break;
@@ -629,6 +610,10 @@ int main(int argc, char **argv)
 				"than %d to avoid infinite respawning", applet, 
 				respawn_delay * respawn_max);
 		}
+		if (retry)
+			parse_schedule(applet, retry, sig);
+		else
+			parse_schedule(applet, NULL, sig);
 	}
 
 	/* Expand ~ */
@@ -673,14 +658,20 @@ int main(int argc, char **argv)
 		    *exec_file ? exec_file : exec);
 
 	if (stop) {
-		pid = get_pid(pidfile);
-		if (pid == -1)
-			i = pid;
-		else
+		pid = get_pid(applet, pidfile);
+		if (pid != -1) {
 			i = kill(pid, SIGTERM);
-		if (i != 0)
-			/* We failed to stop something */
-			exit(EXIT_FAILURE);
+			if (i != 0)
+				/* We failed to send the signal */
+				exit(EXIT_FAILURE);
+
+			/* wait for the supervisor to go down */
+			while (kill(pid, 0) == 0) {
+				ts.tv_sec = 0;
+				ts.tv_nsec = 1;
+				nanosleep(&ts, NULL);
+			}
+		}
 
 		/* Even if we have not actually killed anything, we should
 		 * remove information about it as it may have unexpectedly
@@ -697,7 +688,7 @@ int main(int argc, char **argv)
 		exit(EXIT_SUCCESS);
 	}
 
-	pid = get_pid(pidfile);
+	pid = get_pid(applet, pidfile);
 	if (pid != -1)
 		if (kill(pid, 0) == 0)
 			eerrorx("%s: %s is already running", applet, exec);
@@ -736,6 +727,8 @@ int main(int argc, char **argv)
 	if (child_pid != 0) {
 		/* this is the supervisor */
 		umask(numask);
+		openlog(applet, LOG_PID, LOG_DAEMON);
+		signal_setup(SIGTERM, handle_signal);
 
 		fp = fopen(pidfile, "w");
 		if (! fp)
@@ -760,8 +753,12 @@ int main(int argc, char **argv)
 		while (!exiting) {
 			wait(&i);
 			if (exiting) {
+				signal_setup(SIGCHLD, SIG_IGN);
 				syslog(LOG_INFO, "stopping %s, pid %d", exec, child_pid);
-				kill(child_pid, SIGTERM);
+				nkilled = run_stop_schedule(applet, exec, NULL, child_pid,
+						0, false, false, true);
+				if (nkilled > 0)
+					syslog(LOG_INFO, "killed %d processes", nkilled);
 			} else {
 				sleep(respawn_delay);
 				if (respawn_max > 0 && respawn_period > 0) {
@@ -774,17 +771,17 @@ int main(int argc, char **argv)
 					} else
 						respawn_count++;
 					if (respawn_count >= respawn_max) {
-						syslog(LOG_INFO, "respawned \"%s\" too many times, "
+						syslog(LOG_WARNING, "respawned \"%s\" too many times, "
 								"exiting", exec);
 						exiting = true;
 						continue;
 					}
 				}
 				if (WIFEXITED(i))
-					syslog(LOG_INFO, "%s, pid %d, exited with return code %d",
+					syslog(LOG_WARNING, "%s, pid %d, exited with return code %d",
 							exec, child_pid, WEXITSTATUS(i));
 				else if (WIFSIGNALED(i))
-					syslog(LOG_INFO, "%s, pid %d, terminated by signal %d",
+					syslog(LOG_WARNING, "%s, pid %d, terminated by signal %d",
 							exec, child_pid, WTERMSIG(i));
 				child_pid = fork();
 				if (child_pid == -1)