From: Brian A. Seklecki <lavalamp@sp...> - 2007-05-05 12:49:27
On Thu, 3 May 2007, Christian Affolter wrote:
> Hi Brian
>> Could you temporarily adjust your script to do "pkill -TERM racoon"
> Yes this is what I've done... although the script uses the
> start-stop-daemon command, therefore I modified it to use the "--name
Just FYI; I just looked at OpenBSD's privsep. The child processes for
dual-proc services like dhcpd(8), isakmpd(8), syslogd(8), and pflog(8) the
child PID writes the PID file. Presumably a disappearance of the CPID
would cause the master to fault.
But with OpenSSH sshd(8), the child PIDs are spawned on demand and the PID
file is the non-privsep process.
> racoon" argument instead of relying upon the pid file.
>> I'll have a peak at the code.
> Thanks a lot for spotting this!
>>> I'm using racoon (ipsec-tools-0.6.7 on gentoo with a 2.6.20 kernel) with
>>> the privilege separation (privsep) enabled.
>>> Trying to stop the racoon daemon via the gentoo init script fails.
>>> The gentoo init script relies on the pid within the /var/run/racoon.pid
>>> file for sending the TERM signal.
>>> However, this pid file contains the child process's pid and not the
>>> parent one (it probably gets overwritten while forking the child off).
>>> This results in a zombie child process and a still running parent racoon
>>> process unaware off the fact that it should reap its child.
>>> Is this a bug within racoon (the pid file should contain the parent's
>>> pid), or should the init script perform some "magic" to determine the
>>> parent's pid?
>>> Thanks for any help!
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
"...from back in the heady days when "helpdesk" meant nothing, "diskquota"
meant everything, and lives could be bought and sold for a couple of pages
of laser printout - and frequently were."
Get latest updates about Open Source Projects, Conferences and News.