I have an openssh RPM package that restarts the sshd server during an upgrade if the daemon is already running. So far, so good, restart works. But I observed the following behaviour: - when issuing rpm -Uvh bla.rpm, rpm, obviously, opens the rpm file and gets a file descriptor. Say, 8. - rpm does its stuff and spawns a shell to execute the %post script. The shell also gets fd 8 (should rpm close all descriptors before executing its scripts? More below). - the script decides at some point to restart sshd. It stops the daemon and starts a new one. The new sshd daemon also gets fd 8 pointing to the rpm package. Shouldn't sshd close all descriptors before daemonizing? If I do this remotely I then get the famous hang-on-exit problem. For example (just after upgrading the packages) # ls -la /proc/15301/fd total 0 dr-x------ 2 root root 0 Jun 26 19:02 ./ dr-xr-xr-x 3 root root 0 Jun 26 19:02 ../ lrwx------ 1 root root 64 Jun 26 19:02 0 -> /dev/null lrwx------ 1 root root 64 Jun 26 19:02 1 -> /dev/null lrwx------ 1 root root 64 Jun 26 19:02 16 -> /dev/pts/0 lrwx------ 1 root root 64 Jun 26 19:02 2 -> /dev/null l-wx------ 1 root root 64 Jun 26 19:02 21 -> /dev/null lrwx------ 1 root root 64 Jun 26 19:02 3 -> socket:[192227] lr-x------ 1 root root 64 Jun 26 19:02 7 -> pipe:[192223] lr-x------ 1 root root 64 Jun 26 19:02 8 -> /home/user/rpm/RPMS/i386/openssh-server-3.4p1-1cl.i386.rpm l-wx------ 1 root root 64 Jun 26 19:02 9 -> pipe:[192223] Shouldn't a daemon close all fds before going into "daemon land"? What exactly is broken here?
On Wed, Jun 26, 2002 at 07:06:13PM -0300, Andreas Hasenack wrote:> > Shouldn't a daemon close all fds before going into "daemon land"? > What exactly is broken here? >rpm A workaround which really isn't so great is to put this in your %post exec 0</dev/null for fd in `seq 1 12`; do exec ${fd}>/dev/null done service restart sshd You might need to bump the end fd higher. 12 seems to work for rpm 4.0.x. The w/a is kind of bad cuz now sshd will have all those fd's open. /fc
On Wed, Jun 26, 2002 at 07:06:13PM -0300, Andreas Hasenack wrote: | I have an openssh RPM package that restarts the sshd server during | an upgrade if the daemon is already running. So far, so good, restart | works. What happens if you were connected via ssh when it restarts? | Shouldn't a daemon close all fds before going into "daemon land"? What exactly is broken here? Should a package manager be restarting a daemon? Maybe the package manager should use close-on-exec on all the descriptors that aren't to be passed on to the daemon, while it still knows what descriptors are open instead of imposing on the next program to do thousands of close() calls. -- ----------------------------------------------------------------- | Phil Howard - KA9WGN | Dallas | http://linuxhomepage.com/ | | phil-nospam at ipal.net | Texas, USA | http://phil.ipal.org/ | -----------------------------------------------------------------
Hi! On Thu, Jun 27, 2002 at 12:10:57AM -0500, Phil Howard wrote:> > I have an openssh RPM package that restarts the sshd server > > during an upgrade if the daemon is already running. So far, so > > good, restart works. > > What happens if you were connected via ssh when it restarts?Nothing special - all existing ssh sessions stay alive when the "root" sshd process dies; all that happens is that they have init as their parent process afterwards. Actually, I always update sshd remotely using an ssh session to the old sshd. Ciao Thomas
Em Thu, Jun 27, 2002 at 03:57:05PM +0200, Markus Friedl escreveu:> you could also do > sshd -t && kill -HUP `cat /var/run/sshd.pid`Hmm, interesting, manpages are our best friends indeed: sshd rereads its configuration file when it receives a hangup signal, SIGHUP, by executing itself with the name it was started as, i.e., /usr/sbin/sshd. I assumed it would only reread its configuration file, and not execute itself again. Thanks!
On Thu, Jun 27, 2002 at 11:24:13AM -0300, Andreas Hasenack wrote: | Em Thu, Jun 27, 2002 at 03:57:05PM +0200, Markus Friedl escreveu: | > you could also do | > sshd -t && kill -HUP `cat /var/run/sshd.pid` | | Hmm, interesting, manpages are our best friends indeed: | sshd rereads its configuration file when it receives a hangup signal, | SIGHUP, by executing itself with the name it was started as, i.e., | /usr/sbin/sshd. | | I assumed it would only reread its configuration file, and not execute | itself again. It also forks a new process, too, as opposed to just exec within the same process. -- ----------------------------------------------------------------- | Phil Howard - KA9WGN | Dallas | http://linuxhomepage.com/ | | phil-nospam at ipal.net | Texas, USA | http://phil.ipal.org/ | -----------------------------------------------------------------