Bug 256148 - [patch] rc.subr handling of ${name}_oomprotect for services with multiple processes
Summary: [patch] rc.subr handling of ${name}_oomprotect for services with multiple pro...
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: conf (show other bugs)
Version: 12.2-RELEASE
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-rc (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-05-25 13:59 UTC by Mike Walker
Modified: 2021-05-26 10:09 UTC (History)
0 users

See Also:


Attachments
rc.subr support for services with multiple processes (657 bytes, patch)
2021-05-25 13:59 UTC, Mike Walker
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Walker 2021-05-25 13:59:35 UTC
Created attachment 225247 [details]
rc.subr support for services with multiple processes

For ports which install services managed by the rc subsystem, such as haproxy and nginx, which result in multiple processes being started, attempting to set e.g. either "haproxy_oomprotect=yes" or "haproxy_oomprotect=all" results in the following error:

root@hostname:~# service haproxy start
Starting haproxy.
usage: protect [-i] command
       protect [-cdi] -g pgrp | -p pid
root@hostname:~#

As well as none of the haproxy processes obtaining protection:

root@hostname:~# ps -ax -o flags,flags2,pid,command | grep haproxy
10000180 00000000 26037 /usr/local/sbin/haproxy -q -f /usr/local/etc/haproxy.conf -p /var/run/haproxy.pid
10000000 00000000 41907 /usr/local/sbin/haproxy -q -f /usr/local/etc/haproxy.conf -p /var/run/haproxy.pid

Due to the fact that /etc/rc.subr passes the output of "check_process $command" ( a list of one or more space-separated PIDs) straight to "protect", e.g. "protect -i -p 123 456", whereas protect's "-p" argument can only handle one PID

The attached patch instead uses the result of "check_process $command" in a for loop to iterate through potentially multiple PIDs that are passed to "protect".

Example correct output using attached patch:

root@hostname:~# ps -ax -o flags,flags2,pid,command | grep haproxy
10100180 00000001 75344 /usr/local/sbin/haproxy -q -f /usr/local/etc/haproxy.conf -p /var/run/haproxy.pid
10100000 00000001 87137 /usr/local/sbin/haproxy -q -f /usr/local/etc/haproxy.conf -p /var/run/haproxy.pid

"OOM Protect" status accurately reflected in third digit of first column (flags) as well as "inherit OOM Protect" status reflected in final digit of second column (flags2)

I've also tested this patch against services which only return one PID from "check_process $command" and it works as expected.