Index | Thread | Search

From:
Antoine Jacoutot <ajacoutot@bsdfrog.org>
Subject:
Re: daily(8): show rogue services
To:
Solène Rapenne <solene@perso.pw>
Cc:
Björn Ketelaars <bjorn.ketelaars@hydroxide.nl>, tech@openbsd.org
Date:
Sat, 18 May 2024 11:18:05 +0200

Download raw body.

Thread 
On Fri, May 17, 2024 at 09:32:07PM +0200, Solène Rapenne wrote:
> Le 17/05/2024 à 07:20, Björn Ketelaars a écrit :
> > On Tue 30/04/2024 14:50, Solene Rapenne wrote:
> > > this diff adds a new check in daily(8) using rcctl ls rogue
> > > 
> > > maybe wording could be merged better with the current text
> > > to avoid repeating rc.conf.local(8) twice.
> > 
> > Just saw that this has been committed. Instead of replying to the commit
> > message I think it makes sense to have the discussion here. Your commit
> > does exactly what is intended. Point of attention is that
> > 'rcctl ls rogue' does not play nicely with "meta" scripts from ports.
> > There are a couple:
> > 
> > mail/grommunio/gromox/pkg/gromox.rc
> > mail/kopano/core/pkg/kopano.rc
> > net/netatalk/pkg/netatalk.rc
> > net/samba/pkg/samba.rc
> > sysutils/bacula/pkg/bacula.rc
> > sysutils/cfengine/pkg/cfengine.rc
> > sysutils/nut/pkg/nut.rc
> > 
> > When such a meta script is used, services started by the child scripts
> > are seen as rogue. In case of net/samba:
> > 
> > # rcctl ls on
> > samba
> > # rcctl ls rogue
> > nmbd
> > smbd
> > 
> > Using samba's child scripts instead of its meta script:
> > 
> > # rcctl ls on
> > nmbd
> > smbd
> > # rcctl ls rogue
> > samba
> > 
> > The only way to get rid of this annoyance is to enable a meta script and
> > its child scripts, which does not make sense.
> > 
> > # rcctl ls on
> > nmbd
> > samba
> > smbd
> > # rcctl ls rogue
> > 
> > 
> > I'm not sure if there is a good solution for this: getting 'rcctl' to
> > play nicely with meta scripts seems not trivial, and removing meta
> > scripts will likely cause some user head scratches. Until there is a
> > solution, meta script users will receive a daily report with rogue
> > services.
> 
> hi, thanks for mentionning it.
> 
> It is an issue in rcctl ls rogue.
> 
> I guess a solution would be to update the rc files to list the "extra"
> pid names started by the service. I saw there is already a list of special
> services to not list but they are only base services that are not real
> services, like multicast. There may be a way to reuse this mechanism easily.

"meta" rc.d scripts are really a hack.
The whole rc.subr framework wasn't developed for this.
I have a way to fix rogue but it's ugly and fragile and wouldn't account for
other usages of meta scripts.

-- 
Antoine