Re: s6-rc : Anomalies or normal behaviour

From: Laurent Bercot <ska-supervision_at_skarnet.org>
Date: Tue, 06 Oct 2020 10:29:04 +0000

  Glad it's working for you!


>A significant reduction in complexity. However, and the reason for my
>delay in replying. Magic happened! I was now transmitting data which
>crossed jail barriers (from b3 "named" to b2 "named logging"). I needed
>to consult with one of the FreeBSD developers to ensure that a security
>hole wasn't occurring. :)

  Well, that's also what you were doing with your former
b3:named2 and b3:named-log2, except you were transmitting the data via
a named pipe created in your run script explicitly instead of an
anonymous pipe created by s6-rc implicitly. The integrated pipe
feature does not touch your security model at all; if you were to
consult with a FreeBSD developer, you needed to do it before making
the change. :)


>It appears (and I'm assuming) that s6 uses pseudo terminal sub-system to
>communicate. In this specific case below, per pts/3

  No, s6 does not use pseudo-terminals at all; all it does is let
processes inherit fds from their parent. In your case, /dev/pts/3 seems
to be s6-svscan's stdout and stderr; if you don't want to have
pseudo-terminals, you should check the script that launches your
supervision tree, and redirect s6-svscan's outputs accordingly.

--
  Laurent
Received on Tue Oct 06 2020 - 10:29:04 UTC

This archive was generated by hypermail 2.3.0 : Sun May 09 2021 - 19:44:19 UTC