version 0.43.1

In legacy cgroups mode, we were running `mountinfo -q ""` which was
generating an error message. If we return immediately when
cgroup2_find_path returns an empty value, we avoid this message.

.cirrus.yml

@@ -4,8 +4,8 @@
 test_task:
   freebsd_instance:
     matrix:
-      image: freebsd-12-0-release-amd64
+      image: freebsd-12-1-release-amd64
-      image: freebsd-11-2-release-amd64
+      image: freebsd-11-4-release-amd64
   env:
     OS: FreeBSD
   procfs_script: >

.travis.yml

@@ -24,5 +24,9 @@ notifications:
     on_failure: always  # options: [always|never|change] default: always
     on_start: false     # default: false
 
+before_install:
+  - sudo apt-get update
+  - sudo apt-get install -y shellcheck
+
 script:
   - ./ci/travis.sh

Makefile.inc

@@ -1,3 +1,3 @@
 NAME=		openrc
-VERSION=	0.42
+VERSION=	0.43.1
 PKG=		${NAME}-${VERSION}

NEWS.md

@@ -4,6 +4,21 @@ OpenRC NEWS
 This file will contain a list of notable changes for each release. Note
 the information in this file is in reverse order.
 
+## OpenRC 0.43
+
+This version changes the behavior of the checkpath helper to address
+CVE-2018-21269. on Linux systems, We require  non-terminal symbolic links
+to be owned by root. Since we can't do this on non-linux xystems, we do
+not dereference non-terminal symbolic links by default. If you need them
+dereferenced, you should add the "-s" switch to the appropriate
+checkpath calls.
+For more information, see http://github.com/openrc/openrc/issues/201.
+
+The SHLIBDIR variable has been removed from the makefiles to make them
+more consistent with most common makefiles. All libraries are now in
+LIBDIR, so if you need to put them in /, override the LIBDIR variable
+when you run make.
+
 ## OpenRC 0.42
 
 openrc-shutdown now has the ability to shut down sysvinit-based systems.

README.md

@@ -2,8 +2,7 @@ OpenRC README
 =============
 
 OpenRC is a dependency-based init system that works with the
-system-provided init program, normally `/sbin/init`. Currently, it does
+system-provided init program, normally `/sbin/init`.
-not have an init program of its own.
 
 ## Installation
 
@@ -12,7 +11,7 @@ OpenRC requires GNU make.
 Once you have GNU Make installed, the default OpenRC installation can be
 executed using this command:
 
-make install
+`make install`
 
 ## Configuration
 
@@ -51,7 +50,7 @@ If you are building OpenRC for a Gentoo Prefix installation, add `MKPREFIX=yes`.
 
 `PKG_PREFIX` should be set to where packages install to by default.
 
-`LOCAL_PREFIX` should be set when to where user maintained packages are.
+`LOCAL_PREFIX` should be set to where user maintained packages are.
 Only set `LOCAL_PREFIX` if different from `PKG_PREFIX`.
 
 `PREFIX` should be set when OpenRC is not installed to /.
@@ -79,18 +78,16 @@ remove them and then install so that the OS hooks into OpenRC.
 
 ## Reporting Bugs
 
-If you are using Gentoo Linux, bugs can be filed on their bugzilla under
+Please report issues on our github bug tracker [1].
-the `gentoo hosted projects` product and the `openrc` component [1].
-Otherwise, you can report issues on our github [2].
 
 Better yet, if you can contribute code, please feel free to submit pull
-requests [3].
+requests [2].
 
 ## IRC Channel
 
 We have an official irc channel, #openrc on freenode, feel free to join
 us there.
 
-[1]	https://bugs.gentoo.org/
+[1]	https://github.com/openrc/openrc/issues
-[2]	https://github.com/openrc/openrc/issues
+
-[3]	https://github.com/openrc/openrc/pulls
+[2]	https://github.com/openrc/openrc/pulls

ci/travis.sh

@@ -16,6 +16,23 @@ set -x
 # These are steps to run on TravisCI under a containerized Ubuntu system.
 # See $TOP/.travis.yml for more info about the TravisCI setup.
 
+# Run shellcheck, but don't fail (yet):
+shellcheck --version
+for shellscript in $(git ls-files); do
+	case $shellscript in
+		init.d/*.in) ;;
+		sh/*.in) ;;
+		sh/*.sh) ;;
+		support/init.d.examples/*.in) ;;
+		support/openvpn/*.sh) ;;
+		support/sysvinit/halt.sh) ;;
+		test/*.sh) ;;
+		*) continue ;;
+	esac
+	echo "Checking ${shellscript} with shellcheck:"
+	shellcheck -s sh "${shellscript}" || true
+done
+
 cpus=$(getconf _NPROCESSORS_CONF || echo 1)
 # make on TravisCI doesn't support -O yet
 make -j"${cpus}"

etc/rc.conf

@@ -198,10 +198,9 @@ rc_tty_number=12
 # "unified" mounts cgroups version 2 on /sys/fs/cgroup
 #rc_cgroup_mode="hybrid"
 
-# This is a list of controllers which should be enabled for cgroups version 2.
+# This is a list of controllers which should be enabled for cgroups version 2
-# If hybrid mode is being used, controllers listed here will not be
+# when hybrid mode is being used.
-# available for cgroups version 1.
+# Controllers listed here will not be available for cgroups version 1.
-# This is a global setting.
 #rc_cgroup_controllers=""
 
 # This variable contains the cgroups version 2 settings for your services.

init-guide.md

@@ -45,6 +45,3 @@ If you want this functionality on a live system, you should first
 migrate the system to openrc-init, remove sysvinit, then rebuild and
 install this package with MKSYSVINIT=yes.
 
-package.
-migrating your system to openrc-init.
-

init.d/bootmisc.in

@@ -241,7 +241,13 @@ stop()
 {
 	# Write a halt record if we're shutting down
 	if [ "$RC_RUNLEVEL" = shutdown ]; then
-		[ "$RC_UNAME" = Linux ] && openrc-shutdown -w
+		if [ "$RC_UNAME" = Linux ]; then
+			if [ -x /sbin/halt ]; then
+				halt -w
+			else
+				openrc-shutdown -w
+			fi
+		fi
 		if [ "$RC_SYS" = OPENVZ ]; then
 			yesno $RC_REBOOT && printf "" >/reboot
 		fi

init.d/cgroups.in

@@ -83,14 +83,22 @@ cgroup2_controllers()
 	local active cgroup_path x y
 	cgroup_path="$(cgroup2_find_path)"
 	[ -z "${cgroup_path}" ] && return 0
-	[ -e "${cgroup_path}/cgroup.controllers" ] &&
+	[ ! -e "${cgroup_path}/cgroup.controllers" ] && return 0
+	[ ! -e "${cgroup_path}/cgroup.subtree_control" ]&& return 0
 	read -r active < "${cgroup_path}/cgroup.controllers"
-	for x in ${rc_cgroup_controllers}; do
+	for x in ${active}; do
-		for y in ${active}; do
+	case "$rc_cgroup_mode" in
-		[ "$x" = "$y" ] &&
+		unified)
-			[ -e "${cgroup_path}/cgroup.subtree_control" ]&&
 			echo "+${x}"  > "${cgroup_path}/cgroup.subtree_control"
-		done
+			;;
+		hybrid)
+			for y in ${rc_cgroup_controllers}; do
+				if [ "$x" = "$y" ]; then
+					echo "+${x}"  > "${cgroup_path}/cgroup.subtree_control"
+				fi
+			done
+			;;
+		esac
 	done
 	return 0
 }

init.d/devfs.in

@@ -15,7 +15,7 @@ depend()
 {
 	provide dev-mount
 	before dev
-	keyword -docker -lxc -prefix -systemd-nspawn -vserver
+	keyword -docker -prefix -systemd-nspawn -vserver
 }
 
 mount_dev()
@@ -66,18 +66,20 @@ seed_dev()
 {
 	# Seed /dev with some things that we know we need
 
-	# creating /dev/console, /dev/tty and /dev/tty1 to be able to write
+	if [ "${RC_SYS}" != LXC ]; then
-	# to $CONSOLE with/without bootsplash before udevd creates it
+		# creating /dev/console, /dev/tty and /dev/tty1 to be able to write
-	[ -c /dev/console ] || mknod -m 600 /dev/console c 5 1
+		# to $CONSOLE with/without bootsplash before udevd creates it
-	[ -c /dev/tty1 ] || mknod -m 620 /dev/tty1 c 4 1
+		[ -c /dev/console ] || mknod -m 600 /dev/console c 5 1
-	[ -c /dev/tty ] || mknod -m 666 /dev/tty c 5 0
+		[ -c /dev/tty1 ] || mknod -m 620 /dev/tty1 c 4 1
+		[ -c /dev/tty ] || mknod -m 666 /dev/tty c 5 0
 
-	# udevd will dup its stdin/stdout/stderr to /dev/null
+		# udevd will dup its stdin/stdout/stderr to /dev/null
-	# and we do not want a file which gets buffered in ram
+		# and we do not want a file which gets buffered in ram
-	[ -c /dev/null ] || mknod -m 666 /dev/null c 1 3
+		[ -c /dev/null ] || mknod -m 666 /dev/null c 1 3
 
-	# so udev can add its start-message to dmesg
+		# so udev can add its start-message to dmesg
-	[ -c /dev/kmsg ] || mknod -m 660 /dev/kmsg c 1 11
+		[ -c /dev/kmsg ] || mknod -m 660 /dev/kmsg c 1 11
+	fi
 
 	# extra symbolic links not provided by default
 	[ -e /dev/fd ] || ln -snf /proc/self/fd /dev/fd

init.d/net-online.in

@@ -23,7 +23,7 @@ get_interfaces()
 {
 	local ifname iftype
 	for ifname in /sys/class/net/*; do
-		[ -h "${ifname}" ] && continue
+		[ -h "${ifname}" ] || continue
 		read iftype < ${ifname}/type
 		[ "$iftype" = "1" ] && printf "%s " ${ifname##*/}
 	done

init.d/numlock.in

@@ -42,6 +42,8 @@ start()
 
 stop()
 {
+	yesno $RC_GOINGDOWN && return 0
+
 	ebegin "Disabling numlock on ttys"
 	_setleds -
 	eend $? "Failed to disable numlock"

init.d/osclock.in

@@ -17,3 +17,15 @@ depend()
 {
 	provide clock
 }
+
+start()
+{
+	# This stub function is required to avoid OpenRC warning at boot:
+	#
+	#  * The command variable is undefined.
+	#  * There is nothing for osclock to start.
+	#  * If this is what you intend, please write a start function.
+	#  * This will become a failure in a future release.
+	#
+	return 0
+}

man/openrc-run.8

@@ -332,7 +332,7 @@ section below.
 .Sh _pre AND _post FUNCTIONS
 Any command defined in extra_commands, extra_started_commands or
 extra_stopped_commands can have _pre and _post functions in the service
-script. If the command function is called foo, the_pre and _post
+script. If the command function is called foo, the _pre and _post
 functions for it should be called foo_pre and foo_post.
 .Pp
 These functions should be used to perform preparation before the
@@ -461,6 +461,7 @@ Mark the service as inactive.
 .Op Fl p , -pipe
 .Op Fl m , -mode Ar mode
 .Op Fl o , -owner Ar owner
+.Op Fl s , -symlinks
 .Op Fl W , -writable
 .Op Fl q , -quiet
 .Ar path ...
@@ -481,6 +482,11 @@ or with names, and are separated by a colon.
 The truncate options (-D and -F) cause the directory or file to be
 cleared of all contents.
 .Pp
+If -s is not specified on a non-linux platform, checkpath will refuse to
+allow non-terminal symbolic links to exist in the path. This is for
+security reasons so that a non-root user can't create a symbolic link to
+a root-owned file and take ownership of that file.
+.Pp
 If -W is specified, checkpath checks to see if the first path given on
 the command line is writable.  This is different from how the test
 command in the shell works, because it also checks to make sure the file

man/openrc.8

@@ -65,6 +65,29 @@ Instead you should use
 and
 .Xr shutdown 8
 and let them call these special runlevels.
+.Sh OPTIONS
+.Pp
+.Bl -tag -width "-o , --override"
+.It Fl n , -no-stop
+Do not stop any services.
+.It Fl o , -override
+Override the next runlevel to change into when leaving single user or boot
+runlevels
+.It Fl s , -service
+Run the service specified with the rest of the arguments.
+.It Fl S , -sys
+Output the RC system type, if any.
+.It Fl h , -help
+Display usage information and exit.
+.It Fl C , -nocolor
+Disable color output.
+.It Fl V , -version
+Display software version.
+.It Fl v , -verbose
+Run verbosely.
+.It Fl q , -quiet
+Run quietly (repeat to suppress errors).
+.El
 .Sh SEE ALSO
 .Xr openrc-run 8 ,
 .Xr rc-status 8 ,

man/start-stop-daemon.8

@@ -120,7 +120,7 @@ Saves the pid of the daemon in the file specified by the
 .Fl p , -pidfile
 option. Only useful when used with daemons that run in the foreground and
 forced into the background with the
-.Fl -b , -background
+.Fl b , -background
 option.
 .It Fl I , -ionice Ar class Ns Op : Ns Ar data
 Modifies the IO scheduling priority of the daemon.

mk/lib.mk

@@ -52,13 +52,12 @@ ${SHLIB_NAME}:	${SOBJS}
 	${SOBJS} ${LDADD}
 
 install: all
-ifeq (${MKSTATICLIBS},yes)
 	${INSTALL} -d ${DESTDIR}${LIBDIR}
+ifeq (${MKSTATICLIBS},yes)
 	${INSTALL} -m ${LIBMODE} lib${LIB}.a ${DESTDIR}${LIBDIR}
 endif
-	${INSTALL} -d ${DESTDIR}${SHLIBDIR}
+	${INSTALL} -m ${LIBMODE} ${SHLIB_NAME} ${DESTDIR}${LIBDIR}
-	${INSTALL} -m ${LIBMODE} ${SHLIB_NAME} ${DESTDIR}${SHLIBDIR}
+	ln -fs ${SHLIB_NAME} ${DESTDIR}${LIBDIR}/${SHLIB_LINK}
-	ln -fs ${SHLIB_NAME} ${DESTDIR}${SHLIBDIR}/${SHLIB_LINK}
 	${INSTALL} -d ${DESTDIR}${INCDIR}
 	for x in ${INCS}; do ${INSTALL} -m ${INCMODE} $$x ${DESTDIR}${INCDIR}; done
 

mk/sys.mk

@@ -52,9 +52,9 @@ _LIBNAME:=		$(shell ${_LIBNAME_SH})
 LIBNAME?=		${_LIBNAME}
 LIBDIR?=		${UPREFIX}/${LIBNAME}
 LIBMODE?=		0644
-SHLIBDIR?=		${PREFIX}/${LIBNAME}
 
 LIBEXECDIR?=		${PREFIX}/libexec/rc
+PKGCONFIGDIR?= ${UPREFIX}/${LIBNAME}/pkgconfig
 
 MANPREFIX?=		${UPREFIX}/share
 MANDIR?=		${MANPREFIX}/man

pkgconfig/Makefile

@@ -1,4 +1,4 @@
-DIR=	${LIBDIR}/pkgconfig
+DIR=	${PKGCONFIGDIR}
 SRCS=	einfo.pc.in openrc.pc.in
 INC=	einfo.pc openrc.pc
 

scripts/shutdown.in

@@ -1,14 +1,31 @@
 #!/bin/sh
 
-shutdown_arg=
+do_halt=false
 while getopts :akrhPHfFnct: opt; do
 	case "$opt" in
 		a) ;;
 		k) ;;
-		r) shutdown_arg=--reboot ;;
+		r)
-		h) shutdown_arg=--halt ;;
+			shutdown_arg=--reboot
-		P) shutdown_arg=--poweroff ;;
+			;;
-		H) shutdown_arg=--halt ;;
+		h)
+			do_halt=true
+			shutdown_arg=--poweroff
+			;;
+		P)
+			if ! ${do_halt}; then
+				printf "%s\n" "The -P flag requires the -h flag" >&2
+				exit 1
+			fi
+			shutdown_arg=--poweroff
+			;;
+		H)
+			if ! ${do_halt}; then
+				printf "%s\n" "The -H flag requires the -h flag" >&2
+				exit 1
+			fi
+			shutdown_arg=--halt
+			;;
 		f) ;;
 		F) ;;
 		n) ;;
@@ -25,5 +42,5 @@ if [ -z "${shutdown_arg}" ]; then
 	shutdown_arg=--single
 fi
 
-echo @SBINDIR@/openrc-shutdown ${shutdown_arg} "$@"
+printf "%s %s\n" "@SBINDIR@/openrc-shutdown ${shutdown_arg}" "$@"
 exec @SBINDIR@/openrc-shutdown ${shutdown_arg} "$@"

sh/binfmt.sh.in

@@ -29,6 +29,9 @@ apply_file() {
 			\;*) continue ;;
 		esac
 
+		local reg=${line#*:}
+		[ -e /proc/sys/fs/binfmt_misc/${reg%%:*} ] && echo -1 > /proc/sys/fs/binfmt_misc/${reg%%:*}
+
 		echo "${line}" > /proc/sys/fs/binfmt_misc/register
 		rc=$?
 		if [ $rc -ne 0 ]; then

sh/init-early.sh.Linux.in

@@ -20,7 +20,7 @@ service_present()
 	# succeed if $RC_SYS empty, can't check further, assume script will run
 	[ -z "$RC_SYS" ] && return 0
 	# fail if file contains "-$RC_SYS", because then it won't run
-	egrep -qi "^[[:space:]]*keyword[[:space:]].*-$RC_SYS\>" "$p" && return 1
+	grep -Eqi "^[[:space:]]*keyword[[:space:]].*-$RC_SYS([[:space:]]|$)" "$p" && return 1
 	# succeed otherwise
 	return 0
 }

sh/init.sh.Linux.in

@@ -71,20 +71,17 @@ if [ "$sys" = VSERVER ]; then
 	rm -rf /run/*
 elif ! mountinfo -q /run; then
 	ebegin "Mounting /run"
-	rc=0
+	run_mount_opts="mode=0755,nosuid,nodev,nr_inodes=800k,size=20%,strictatime"
 	if ! fstabinfo --mount /run; then
-		mount -t tmpfs -o mode=0755,nodev,size=10% tmpfs /run
+		if ! mount -t tmpfs -o ${run_mount_opts} tmpfs /run; then
-		rc=$?
+			eerror "Unable to mount tmpfs on /run."
-	fi
+			eerror "Can't continue."
-	if [ $rc != 0 ]; then
+			exit 1
-		eerror "Unable to mount tmpfs on /run."
+		fi
-		eerror "Can't continue."
-		exit 1
 	fi
 fi
 
-[ -x /sbin/restorecon ] && /sbin/restorecon -rF /run
+checkpath -d "$RC_SVCDIR"
-checkpath -d $RC_SVCDIR
 checkpath -d -m 0775 -o root:uucp /run/lock
 
 # Try to mount xenfs as early as possible, otherwise rc_sys() will always
@@ -102,4 +99,5 @@ if [ -e "$RC_LIBEXECDIR"/cache/softlevel ]; then
 fi
 
 echo sysinit >"$RC_SVCDIR"/softlevel
+[ -x /sbin/restorecon ] && /sbin/restorecon -rF /run
 exit 0

sh/openrc-run.sh.in

@@ -254,8 +254,11 @@ fi
 for _cmd; do
 	if [ "$_cmd" != status -a "$_cmd" != describe ]; then
 		# Apply any ulimit defined
-		[ -n "${rc_ulimit:-$RC_ULIMIT}" ] && \
+		if [ -n "${rc_ulimit:-$RC_ULIMIT}" ]; then
-			ulimit ${rc_ulimit:-$RC_ULIMIT}
+			if ! ulimit ${rc_ulimit:-$RC_ULIMIT}; then
+				eerror "${RC_SVCNAME}: unable to apply RC_ULIMIT settings"
+			fi
+		fi
 		# Apply cgroups settings if defined
 		if [ "$(command -v cgroup_add_service)" = "cgroup_add_service" ]
 		then

sh/rc-cgroup.sh

@@ -24,18 +24,26 @@ cgroup_find_path()
 	printf "%s" "${result}"
 }
 
+# This extracts all pids in a cgroup and puts them in the cgroup_pids
+# variable.
+# It is done this way to avoid subshells so we don't have to worry about
+# locating the pid of the subshell in the cgroup.
+# https://github.com/openrc/openrc/issues/396
 cgroup_get_pids()
 {
-	local cgroup_procs p pids
+	local cgroup_procs p
+	cgroup_pids=
 	cgroup_procs="$(cgroup2_find_path)"
-	[ -n "${cgroup_procs}" ] &&
+	if [ -n "${cgroup_procs}" ]; then
-		cgroup_procs="${cgroup_procs}/${RC_SVCNAME}/cgroup.procs" ||
+		cgroup_procs="${cgroup_procs}/${RC_SVCNAME}/cgroup.procs"
+	else
 		cgroup_procs="/sys/fs/cgroup/openrc/${RC_SVCNAME}/tasks"
+	fi
 	[ -f "${cgroup_procs}" ] || return 0
 	while read -r p; do
-		[ "$p" -eq $$ ] || pids="${pids} ${p}"
+		[ "$p" -eq $$ ] && continue
+		cgroup_pids="${cgroup_pids} ${p}"
 	done < "${cgroup_procs}"
-	printf "%s" "${pids}"
 	return 0
 }
 
@@ -181,7 +189,8 @@ cgroup2_set_limits()
 {
 	local cgroup_path
 	cgroup_path="$(cgroup2_find_path)"
-	[ -d "${cgroup_path}" ] || return 0
+	[ -z "${cgroup_path}" ] && return 0
+	mountinfo -q "${cgroup_path}"|| return 0
 	rc_cgroup_path="${cgroup_path}/${RC_SVCNAME}"
 	[ ! -d "${rc_cgroup_path}" ] && mkdir "${rc_cgroup_path}"
 	[ -f "${rc_cgroup_path}"/cgroup.procs ] &&
@@ -192,7 +201,7 @@ cgroup2_set_limits()
 		[ -z "${value}" ] && continue
 		[ ! -f "${rc_cgroup_path}/${key}" ] && continue
 		veinfo "${RC_SVCNAME}: cgroups: setting ${key} to ${value}"
-		printf "%s\n" "${value}" > "${rc_cgroup_path}/${key}"
+		printf "%s" "${value}" > "${rc_cgroup_path}/${key}"
 	done
 	return 0
 }
@@ -201,25 +210,28 @@ cgroup_cleanup()
 {
 	cgroup_running || return 0
 	ebegin "starting cgroups cleanup"
-	local pids loops=0
+	local loops=0
-	pids="$(cgroup_get_pids)"
+	cgroup_get_pids
-	if [ -n "${pids}" ]; then
+	if [ -n "${cgroup_pids}" ]; then
-		kill -s CONT ${pids} 2> /dev/null
+		kill -s CONT ${cgroup_pids} 2> /dev/null
-		kill -s "${stopsig:-TERM}" ${pids} 2> /dev/null
+		kill -s "${stopsig:-TERM}" ${cgroup_pids} 2> /dev/null
 		yesno "${rc_send_sighup:-no}" &&
-			kill -s HUP ${pids} 2> /dev/null
+			kill -s HUP ${cgroup_pids} 2> /dev/null
-		kill -s "${stopsig:-TERM}" ${pids} 2> /dev/null
+		kill -s "${stopsig:-TERM}" ${cgroup_pids} 2> /dev/null
-		while [ -n "$(cgroup_get_pids)" ] &&
+		cgroup_get_pids
+		while [ -n "$(cgroup_pids)" ] &&
 			[ "${loops}" -lt "${rc_timeout_stopsec:-90}" ]; do
 			loops=$((loops+1))
 			sleep 1
+			cgroup_get_pids
 		done
-		pids="$(cgroup_get_pids)"
+		if [ -n "${cgroup_pids}" ] && yesno "${rc_send_sigkill:-yes}"; then
-		[ -n "${pids}" ] && yesno "${rc_send_sigkill:-yes}" &&
+			kill -s KILL ${cgroup_pids} 2> /dev/null
-			kill -s KILL ${pids} 2> /dev/null
+		fi
 	fi
 	cgroup2_remove
-	[ -z "$(cgroup_get_pids)" ]
+	cgroup_get_pids
+	[ -z "${cgroup_pids}" ]
 	eend $? "Unable to stop all processes"
 	return 0
 }

src/librc/librc-daemon.c

@@ -160,7 +160,7 @@ rc_find_pids(const char *exec, const char *const *argv, uid_t uid, pid_t pid)
 				proc_ns[0] = '\0';
 		}
 		free(buffer);
-		if (strlen(my_ns) && strlen (proc_ns) && strcmp(my_ns, proc_ns))
+		if (pid == 0 && strlen(my_ns) && strlen (proc_ns) && strcmp(my_ns, proc_ns))
 			continue;
 		if (uid) {
 			xasprintf(&buffer, "/proc/%d", p);

src/rc/checkpath.c

@@ -16,6 +16,7 @@
  *    except according to the terms contained in the LICENSE file.
  */
 
+#define _GNU_SOURCE
 #include <sys/types.h>
 #include <sys/stat.h>
 
@@ -23,6 +24,7 @@
 #include <fcntl.h>
 #include <getopt.h>
 #include <grp.h>
+#include <libgen.h>
 #include <pwd.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -44,7 +46,7 @@ typedef enum {
 
 const char *applet = NULL;
 const char *extraopts ="path1 [path2] [...]";
-const char *getoptstring = "dDfFpm:o:W" getoptstring_COMMON;
+const char *getoptstring = "dDfFpm:o:sW" getoptstring_COMMON;
 const struct option longopts[] = {
 	{ "directory",          0, NULL, 'd'},
 	{ "directory-truncate", 0, NULL, 'D'},
@@ -53,6 +55,7 @@ const struct option longopts[] = {
 	{ "pipe",               0, NULL, 'p'},
 	{ "mode",               1, NULL, 'm'},
 	{ "owner",              1, NULL, 'o'},
+	{ "symlinks",           0, NULL, 's'},
 	{ "writable",           0, NULL, 'W'},
 	longopts_COMMON
 };
@@ -64,15 +67,92 @@ const char * const longopts_help[] = {
 	"Create a named pipe (FIFO) if not exists",
 	"Mode to check",
 	"Owner to check (user:group)",
+	"follow symbolic links (irrelivent on linux)",
 	"Check whether the path is writable or not",
 	longopts_help_COMMON
 };
 const char *usagestring = NULL;
 
+static int get_dirfd(char *path, bool symlinks) {
+	char *ch;
+	char *item;
+	char *linkpath = NULL;
+	char *path_dupe;
+	char *str;
+	int components = 0;
+	int dirfd;
+	int flags = 0;
+	int new_dirfd;
+	struct stat st;
+	ssize_t linksize;
+
+	if (!path || *path != '/')
+		eerrorx("%s: empty or relative path", applet);
+	dirfd = openat(dirfd, "/", O_RDONLY);
+	if (dirfd == -1)
+		eerrorx("%s: unable to open the root directory: %s",
+				applet, strerror(errno));
+	path_dupe = xstrdup(path);
+	ch = path_dupe;
+	while (*ch) {
+		if (*ch == '/')
+			components++;
+		ch++;
+	}
+	item = strtok(path_dupe, "/");
+#ifdef O_PATH
+	flags |= O_PATH;
+#endif
+	if (!symlinks)
+		flags |= O_NOFOLLOW;
+	flags |= O_RDONLY;
+	while (dirfd > 0 && item && components > 1) {
+		str = xstrdup(linkpath ? linkpath : item);
+		new_dirfd = openat(dirfd, str, flags);
+		if (new_dirfd == -1)
+			eerrorx("%s: %s: could not open %s: %s", applet, path, str,
+					strerror(errno));
+		if (fstat(new_dirfd, &st) == -1)
+			eerrorx("%s: %s: unable to stat %s: %s", applet, path, item,
+					strerror(errno));
+		if (S_ISLNK(st.st_mode) ) {
+			if (st.st_uid != 0)
+				eerrorx("%s: %s: symbolic link %s not owned by root",
+						applet, path, str);
+			linksize = st.st_size+1;
+			if (linkpath)
+				free(linkpath);
+			linkpath = xmalloc(linksize);
+			memset(linkpath, 0, linksize);
+			if (readlinkat(new_dirfd, "", linkpath, linksize) != st.st_size)
+				eerrorx("%s: symbolic link destination changed", applet);
+			/*
+			 * now follow the symlink.
+			 */
+			close(new_dirfd);
+		} else {
+			close(dirfd);
+			dirfd = new_dirfd;
+			free(linkpath);
+			linkpath = NULL;
+			item = strtok(NULL, "/");
+			components--;
+		}
+	}
+	free(path_dupe);
+	if (linkpath) {
+		free(linkpath);
+		linkpath = NULL;
+	}
+	return dirfd;
+}
+
 static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode,
-	inode_t type, bool trunc, bool chowner, bool selinux_on)
+	inode_t type, bool trunc, bool chowner, bool symlinks, bool selinux_on)
 {
 	struct stat st;
+	char *name = NULL;
+	int dirfd;
 	int fd;
 	int flags;
 	int r;
@@ -93,14 +173,16 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode,
 #endif
 	if (trunc)
 		flags |= O_TRUNC;
-	readfd = open(path, readflags);
+	xasprintf(&name, "%s", basename_c(path));
+	dirfd = get_dirfd(path, symlinks);
+	readfd = openat(dirfd, name, readflags);
 	if (readfd == -1 || (type == inode_file && trunc)) {
 		if (type == inode_file) {
 			einfo("%s: creating file", path);
 			if (!mode) /* 664 */
 				mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH;
 			u = umask(0);
-			fd = open(path, flags, mode);
+			fd = openat(dirfd, name, flags, mode);
 			umask(u);
 			if (fd == -1) {
 				eerror("%s: open: %s", applet, strerror(errno));
@@ -115,14 +197,14 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode,
 				mode = S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH;
 			u = umask(0);
 			/* We do not recursively create parents */
-			r = mkdir(path, mode);
+			r = mkdirat(dirfd, name, mode);
 			umask(u);
 			if (r == -1 && errno != EEXIST) {
-				eerror("%s: mkdir: %s", applet,
+				eerror("%s: mkdirat: %s", applet,
 				    strerror (errno));
 				return -1;
 			}
-			readfd = open(path, readflags);
+			readfd = openat(dirfd, name, readflags);
 			if (readfd == -1) {
 				eerror("%s: unable to open directory: %s", applet,
 						strerror(errno));
@@ -140,7 +222,7 @@ static int do_check(char *path, uid_t uid, gid_t gid, mode_t mode,
 				    strerror (errno));
 				return -1;
 			}
-			readfd = open(path, readflags);
+			readfd = openat(dirfd, name, readflags);
 			if (readfd == -1) {
 				eerror("%s: unable to open fifo: %s", applet,
 						strerror(errno));
@@ -259,6 +341,7 @@ int main(int argc, char **argv)
 	int retval = EXIT_SUCCESS;
 	bool trunc = false;
 	bool chowner = false;
+	bool symlinks = false;
 	bool writable = false;
 	bool selinux_on = false;
 
@@ -293,6 +376,11 @@ int main(int argc, char **argv)
 				eerrorx("%s: owner `%s' not found",
 				    applet, optarg);
 			break;
+		case 's':
+#ifndef O_PATH
+			symlinks = true;
+#endif
+			break;
 		case 'W':
 			writable = true;
 			break;
@@ -320,7 +408,8 @@ int main(int argc, char **argv)
 	while (optind < argc) {
 		if (writable)
 			exit(!is_writable(argv[optind]));
-		if (do_check(argv[optind], uid, gid, mode, type, trunc, chowner, selinux_on))
+		if (do_check(argv[optind], uid, gid, mode, type, trunc, chowner,
+					symlinks, selinux_on))
 			retval = EXIT_FAILURE;
 		optind++;
 	}

src/rc/openrc-init.c

@@ -207,6 +207,12 @@ static void signal_handler(int sig)
 		case SIGINT:
 			handle_shutdown("reboot", RB_AUTOBOOT);
 			break;
+		case SIGTERM:
+#ifdef SIGPWR
+		case SIGPWR:
+#endif
+			handle_shutdown("shutdown", RB_HALT_SYSTEM);
+			break;
 		case SIGCHLD:
 			reap_zombies();
 			break;
@@ -269,6 +275,10 @@ int main(int argc, char **argv)
 	sigfillset(&signals);
 	sigdelset(&signals, SIGCHLD);
 	sigdelset(&signals, SIGINT);
+	sigdelset(&signals, SIGTERM);
+#ifdef SIGPWR
+	sigdelset(&signals, SIGPWR);
+#endif
 	sigprocmask(SIG_SETMASK, &signals, NULL);
 
 	/* install signal  handler */
@@ -276,6 +286,10 @@ int main(int argc, char **argv)
 	sa.sa_handler = signal_handler;
 	sigaction(SIGCHLD, &sa, NULL);
 	sigaction(SIGINT, &sa, NULL);
+	sigaction(SIGTERM, &sa, NULL);
+#ifdef SIGPWR
+	sigaction(SIGPWR, &sa, NULL);
+#endif
 	reboot(RB_DISABLE_CAD);
 
 	/* set default path */

src/rc/openrc-shutdown.c

@@ -72,7 +72,7 @@ const char *usagestring = "" \
 						   "Usage: openrc-shutdown -c | --cancel\n" \
 						   "   or: openrc-shutdown -R | --reexec\n" \
 						   "   or: openrc-shutdown -w | --write-only\n" \
-						   "   or: openmrc-shutdown -H | --halt time\n" \
+						   "   or: openrc-shutdown -H | --halt time\n" \
 						   "   or: openrc-shutdown -K | --kexec time\n" \
 						   "   or: openrc-shutdown -p | --poweroff time\n" \
 						   "   or: openrc-shutdown -r | --reboot time\n" \

src/rc/rc-logger.h

@@ -13,8 +13,8 @@
 #ifndef RC_LOGGER_H
 #define RC_LOGGER_H
 
-pid_t rc_logger_pid;
+extern pid_t rc_logger_pid;
-int rc_logger_tty;
+extern int rc_logger_tty;
 extern bool rc_in_logger;
 
 void rc_logger_open(const char *runlevel);

src/rc/rc-status.c

@@ -291,9 +291,10 @@ int main(int argc, char **argv)
 			goto exit;
 			/* NOTREACHED */
 		case 'f':
-			if (strcasecmp(optarg, "ini") == 0)
+			if (strcasecmp(optarg, "ini") == 0) {
 				format = FORMAT_INI;
-			else
+				setenv("EINFO_QUIET", "YES", 1);
+			} else
 				eerrorx("%s: invalid argument to --format switch\n", applet);
 			break;
 		case 'l':

src/rc/rc-sysvinit.c

@@ -74,7 +74,7 @@ void sysvinit_runlevel(char rl)
 /*
  *	Set environment variables in the init process.
  */
-void sysvinit_setenv(char *name, char *value)
+void sysvinit_setenv(const char *name, const char *value)
 {
 	struct init_request	request;
 	size_t nl;
@@ -90,7 +90,7 @@ else
 		vl = 0;
 
 	if (nl + vl + 3 >= (int)sizeof(request.i.data))
-		return -1;
+		return;
 
 	memcpy(request.i.data, name, nl);
 	if (value) {
@@ -98,5 +98,5 @@ else
 		memcpy(request.i.data + nl + 1, value, vl);
 	}
 	sysvinit_send_cmd(&request);
-	return 0;
+	return;
 }

src/rc/rc-sysvinit.h

@@ -67,6 +67,6 @@ struct init_request {
 };
 
 void sysvinit_runlevel(char rl);
-void sysvinit_setenv(char *name, char *value);
+void sysvinit_setenv(const char *name, const char *value);
 
 #endif

src/rc/start-stop-daemon.c

@@ -389,10 +389,11 @@ int main(int argc, char **argv)
 			/* falls through */
 		case 'u':  /* --user <username>|<uid> */
 		{
+			char dummy[2];
 			p = optarg;
 			tmp = strsep(&p, ":");
 			changeuser = xstrdup(tmp);
-			if (sscanf(tmp, "%d", &tid) != 1)
+			if (sscanf(tmp, "%d%1s", &tid, dummy) != 1)
 				pw = getpwnam(tmp);
 			else
 				pw = getpwuid((uid_t)tid);
@@ -413,7 +414,7 @@ int main(int argc, char **argv)
 
 			if (p) {
 				tmp = strsep (&p, ":");
-				if (sscanf(tmp, "%d", &tid) != 1)
+				if (sscanf(tmp, "%d%1s", &tid, dummy) != 1)
 					gr = getgrnam(tmp);
 				else
 					gr = getgrgid((gid_t) tid);
@@ -628,7 +629,7 @@ int main(int argc, char **argv)
 	}
 	if (start && !exists(exec_file)) {
 		eerror("%s: %s does not exist", applet,
-		    *exec_file ? exec_file : exec);
+		    exec_file ? exec_file : exec);
 		free(exec_file);
 		exit(EXIT_FAILURE);
 	}
@@ -863,8 +864,8 @@ int main(int argc, char **argv)
 
 		TAILQ_FOREACH(env, env_list, entries) {
 			if ((strncmp(env->value, "RC_", 3) == 0 &&
-				strncmp(env->value, "RC_SERVICE=", 10) != 0 &&
+				strncmp(env->value, "RC_SERVICE=", 11) != 0 &&
-				strncmp(env->value, "RC_SVCNAME=", 10) != 0) ||
+				strncmp(env->value, "RC_SVCNAME=", 11) != 0) ||
 				strncmp(env->value, "SSD_NICELEVEL=", 14) == 0 ||
 				strncmp(env->value, "SSD_IONICELEVEL=", 16) == 0)
 			{

src/rc/supervise-daemon.c

@@ -148,6 +148,7 @@ static char *fifopath = NULL;
 static int fifo_fd = 0;
 static char *pidfile = NULL;
 static char *svcname = NULL;
+static bool verbose = false;
 
 extern char **environ;
 
@@ -420,8 +421,8 @@ static void child_process(char *exec, char **argv)
 
 	TAILQ_FOREACH(env, env_list, entries) {
 		if ((strncmp(env->value, "RC_", 3) == 0 &&
-			strncmp(env->value, "RC_SERVICE=", 10) != 0 &&
+			strncmp(env->value, "RC_SERVICE=", 11) != 0 &&
-			strncmp(env->value, "RC_SVCNAME=", 10) != 0) ||
+			strncmp(env->value, "RC_SVCNAME=", 11) != 0) ||
 		    strncmp(env->value, "SSD_NICELEVEL=", 14) == 0)
 		{
 			p = strchr(env->value, '=');
@@ -569,7 +570,8 @@ static void supervisor(char *exec, char **argv)
 				buf[count] = 0;
 			if (count == 0)
 				continue;
-			syslog(LOG_DEBUG, "Received %s from fifo", buf);
+			if (verbose)
+				syslog(LOG_DEBUG, "Received %s from fifo", buf);
 			if (strncasecmp(buf, "sig", 3) == 0) {
 				if ((sscanf(buf, "%s %d", cmd, &sig_send) == 2)
 						&& (sig_send >= 0 && sig_send < NSIG)) {
@@ -585,7 +587,8 @@ static void supervisor(char *exec, char **argv)
 		if (do_healthcheck) {
 			do_healthcheck = 0;
 			alarm(0);
-			syslog(LOG_DEBUG, "running health check for %s", svcname);
+			if (verbose)
+				syslog(LOG_DEBUG, "running health check for %s", svcname);
 			health_pid = exec_command("healthcheck");
 			health_status = rc_waitpid(health_pid);
 			if (WIFEXITED(health_status) && WEXITSTATUS(health_status) == 0)
@@ -645,6 +648,8 @@ static void supervisor(char *exec, char **argv)
 			ts.tv_sec = respawn_delay;
 			ts.tv_nsec = 0;
 			nanosleep(&ts, NULL);
+			if (exiting)
+				continue;
 			child_pid = fork();
 			if (child_pid == -1) {
 				syslog(LOG_ERR, "%s: fork: %s", applet, strerror(errno));
@@ -852,10 +857,11 @@ int main(int argc, char **argv)
 
 		case 'u':  /* --user <username>|<uid> */
 		{
+			char dummy[2];
 			p = optarg;
 			tmp = strsep(&p, ":");
 			changeuser = xstrdup(tmp);
-			if (sscanf(tmp, "%d", &tid) != 1)
+			if (sscanf(tmp, "%d%1s", &tid, dummy) != 1)
 				pw = getpwnam(tmp);
 			else
 				pw = getpwuid((uid_t)tid);
@@ -876,7 +882,7 @@ int main(int argc, char **argv)
 
 			if (p) {
 				tmp = strsep (&p, ":");
-				if (sscanf(tmp, "%d", &tid) != 1)
+				if (sscanf(tmp, "%d%1s", &tid, dummy) != 1)
 					gr = getgrnam(tmp);
 				else
 					gr = getgrgid((gid_t) tid);
@@ -904,6 +910,7 @@ int main(int argc, char **argv)
 		case_RC_COMMON_GETOPT
 		}
 
+	verbose = rc_yesno(getenv ("EINFO_VERBOSE"));
 	endpwent();
 	argc -= optind;
 	argv += optind;
@@ -983,7 +990,7 @@ int main(int argc, char **argv)
 			}
 			if (!exists(exec_file)) {
 				eerror("%s: %s does not exist", applet,
-				    *exec_file ? exec_file : exec);
+				    exec_file ? exec_file : exec);
 				free(exec_file);
 				exit(EXIT_FAILURE);
 			}

user-guide.md

@@ -85,8 +85,8 @@ runlevel; this will start and stop services as needed.
 Managing runlevels is usually done through the `rc-update` helper, but could of 
 course be done by hand if desired.
 e.g. `rc-update add nginx default` - add nginx to the default runlevel
-Note: This will not auto-start nginx! You'd still have to trigger `rc` or run 
+Note: `rc-update` will not start nginx! You'd still have to trigger `rc`, or run
-the service script by hand.
+the service script by hand, or start it with `rc-service nginx start`.
 
 FIXME: Document stacked runlevels
 
@@ -107,7 +107,7 @@ START_OPTS="--extraparameter sausage"
 
 init.d/foo:
 start() {
-	/usr/sbin/foo-daemon ${STARTOPTS}
+	/usr/sbin/foo-daemon ${START_OPTS}
 }
 ```
 
@@ -137,7 +137,7 @@ Setting `ulimit` and `nice` values per service can be done through the
 
 Under Linux, OpenRC can use cgroups for process management as well. Once
 the kernel is configured appropriately, the `rc_cgroup_mode` setting in
-/etc/rc.conf should be used to control whether cgroups version one,,
+/etc/rc.conf should be used to control whether cgroups version one,
 two, or both are used. The default is to use both if they are available.
 
 By changing certain settings in the service's `conf.d` file limits can be