BIND 10 #1858: sockcreator doesn't die
BIND 10 Development
do-not-reply at isc.org
Mon Apr 2 20:15:20 UTC 2012
#1858: sockcreator doesn't die
-------------------------------------+-------------------------------------
Reporter: | Owner:
jinmei | Status: new
Type: | Milestone: Next-Sprint-
defect | Proposed
Priority: | Resolution:
medium | Sensitive: 0
Component: Boss | Sub-Project: Core
of BIND | Estimated Difficulty: 0
Keywords: | Total Hours: 0
Defect Severity: N/A |
Feature Depending on Ticket: |
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
Comment (by jinmei):
Replying to [comment:3 vorner]:
> Hello
>
> Two notes:
> * The fact that it fails to deliver the SIGKILL is a problem. I don't
completely like aborting the KILLs generally, as that could leave some
other things running without boss and there's less chance of administrator
noticing that. On the other hand, termination of boss should cause the
socket creator to shut down, as it will lose the stdin it reads commands
from and fail.
We could also give feedback to the administrator if the shutdown is
triggered from a command via cmdctl (in practice, which means it's
from a bindctl terminal) instead of returning a 'success' answer
unconditionally.
{{{#!python
if command == "shutdown":
self.runnable = False
answer = isc.config.ccsession.create_answer(0)
}}}
> Anyway, we might want to examine an ability to keep the „bind low ports“
privilege only and run as the user the rest runs at. That would solve the
problem of undeliverable KILL.
...for those systems that have fine-grained capability control. "The
world is not Linux" rule applies here (as far as I know many if not
all of BSD variants don't have an equivalent interface).
--
Ticket URL: <http://bind10.isc.org/ticket/1858#comment:5>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list