[Pkg-sysvinit-commits] r1428 - in sysvinit-upstream/trunk: doc man src

[Petter Reinholdtsen]

Author: pere
Date: 2009-07-10 21:51:19 +0000 (Fri, 10 Jul 2009)
New Revision: 1428

Modified:
   sysvinit-upstream/trunk/doc/Changelog
   sysvinit-upstream/trunk/man/pidof.8
   sysvinit-upstream/trunk/src/killall5.c
Log:
Add -c option to pidof for only matching processes with the same
process root.  Ignore -c when not running as root.  Patch from
Thomas Woerner and Fedora.


Modified: sysvinit-upstream/trunk/doc/Changelog
===================================================================
--- sysvinit-upstream/trunk/doc/Changelog	2009-07-10 21:47:28 UTC (rev 1427)
+++ sysvinit-upstream/trunk/doc/Changelog	2009-07-10 21:51:19 UTC (rev 1428)
@@ -36,6 +36,9 @@
   * Add support for SE Linux capability handling.  Patch from Manoj
     Srivastava, adjusted to avoid aborting if SE policy was loaded in
     the initrd with patch from Bill Nottingham and Fedora.
+  * Add -c option to pidof for only matching processes with the same
+    process root.  Ignore -c when not running as root.  Patch from
+    Thomas Woerner and Fedora.
 
  -- Petter Reinholdtsen <pere at debian.org>  Fri, 30 Jul 2004 14:14:58 +0200
 

Modified: sysvinit-upstream/trunk/man/pidof.8
===================================================================
--- sysvinit-upstream/trunk/man/pidof.8	2009-07-10 21:47:28 UTC (rev 1427)
+++ sysvinit-upstream/trunk/man/pidof.8	2009-07-10 21:51:19 UTC (rev 1428)
@@ -4,6 +4,7 @@
 .SH SYNOPSIS
 .B pidof
 .RB [ \-s ]
+.RB [ \-c ]
 .RB [ \-x ]
 .RB [ \-o
 .IR omitpid ]
@@ -24,6 +25,10 @@
 .SH OPTIONS
 .IP -s
 Single shot - this instructs the program to only return one \fIpid\fP.
+.IP -c
+Only return process ids that are running with the same root directory.
+This option is ignored for non-root users, as they will be unable to check
+the current root directory of processes they do not own.
 .IP -x
 Scripts too - this causes the program to also return process id's of
 shells running the named scripts.

Modified: sysvinit-upstream/trunk/src/killall5.c
===================================================================
--- sysvinit-upstream/trunk/src/killall5.c	2009-07-10 21:47:28 UTC (rev 1427)
+++ sysvinit-upstream/trunk/src/killall5.c	2009-07-10 21:51:19 UTC (rev 1428)
@@ -476,16 +476,22 @@
 	int		f;
 	int		first = 1;
 	int		i, oind, opt, flags = 0;
+	int		chroot_check = 0;
+	struct stat	st;
+	char		tmp[512];
 
 	for (oind = PIDOF_OMITSZ-1; oind > 0; oind--)
 		opid[oind] = 0;
 	opterr = 0;
 
-	while ((opt = getopt(argc,argv,"ho:sx")) != EOF) switch (opt) {
+	while ((opt = getopt(argc,argv,"hco:sx")) != EOF) switch (opt) {
 		case '?':
 			nsyslog(LOG_ERR,"invalid options on command line!\n");
 			closelog();
 			exit(1);
+		case 'c':
+			if (geteuid() == 0) chroot_check = 1;
+			break;
 		case 'o':
 			if (oind >= PIDOF_OMITSZ -1) {
 				nsyslog(LOG_ERR,"omit pid buffer size %d "
@@ -518,6 +524,16 @@
 	argc -= optind;
 	argv += optind;
 
+	/* Check if we are in a chroot */
+	if (chroot_check) {
+		snprintf(tmp, 512, "/proc/%d/root", getpid());
+		if (stat(tmp, &st) < 0) {
+			nsyslog(LOG_ERR, "stat failed for %s!\n", tmp);
+			closelog();
+			exit(1);
+		}
+	}
+
 	/* Print out process-ID's one by one. */
 	readproc();
 	for(f = 0; f < argc; f++) {
@@ -541,6 +557,16 @@
 					else
 						spid = 1;
 				}
+				if (chroot_check) {
+					struct stat st2;
+					snprintf(tmp, 512, "/proc/%d/root",
+						 p->pid);
+					if (stat(tmp, &st2) < 0 ||
+					    st.st_dev != st2.st_dev ||
+					    st.st_ino != st2.st_ino) {
+						continue;
+					}
+				}
 				if (!first)
 					printf(" ");
 				printf("%d", p->pid);