| blob | d096b8bdbfb5045ead1aad237931091a52a1d878 |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
23 */
25 #include <sys/types.h>
26 #include <sys/stat.h>
27 #include <sys/wait.h>
28 #include <sys/corectl.h>
29 #include <sys/resource.h>
31 #include <priv_utils.h>
32 #include <signal.h>
33 #include <unistd.h>
34 #include <limits.h>
35 #include <fcntl.h>
36 #include <strings.h>
37 #include <stdlib.h>
38 #include <stdio.h>
39 #include <zone.h>
41 #include <fmd_error.h>
42 #include <fmd_string.h>
43 #include <fmd_conf.h>
44 #include <fmd_dispq.h>
45 #include <fmd_subr.h>
46 #include <fmd.h>
48 fmd_t fmd;
50 /*
51 * For DEBUG builds, we define a set of hooks for libumem that provide useful
52 * default settings for the allocator's debugging facilities.
53 */
54 #ifdef DEBUG
57 {
59 }
63 {
65 }
68 /*
69 * We use a two-phase algorithm for becoming a daemon because we want the
70 * daemon process (the child) to do the work of becoming MT-hot and opening our
71 * event transport. Since these operations can fail and need to result in the
72 * daemon failing to start, the parent must wait until fmd_run() completes to
73 * know whether it can return zero or non-zero status to the invoking command.
74 * The parent waits on a pipe inside this function to read the exit status.
75 * The child gets the write-end of the pipe returned by daemonize_init() and
76 * then fmd_run() uses the pipe to set the exit status and detach the parent.
77 */
78 static int
80 {
86 pid_t pid;
88 /*
89 * Set our per-process core file path to leave core files in our
90 * var/fm/fmd directory, named after the PID to aid in debugging,
91 * and make sure that there is no restriction on core file size.
92 */
103 /*
104 * Claim all the file descriptors we can.
105 */
109 }
111 /*
112 * Reset all of our privilege sets to the minimum set of required
113 * privileges. We continue to run as root so that files we create
114 * such as logs and checkpoints are secured in the /var filesystem.
115 *
116 * In a non-global zone some of the privileges we retain in a
117 * global zone are only optionally assigned to the zone, while others
118 * are prohibited:
119 *
120 * PRIV_PROC_PRIOCNTL (optional in a non-global zone):
121 * There are no calls to priocntl(2) in fmd or plugins.
122 *
123 * PRIV_SYS_CONFIG (prohibited in a non-global zone):
124 * Required, I think, for sysevent_post_event and/or
125 * other legacy sysevent activity. Legacy sysevent is not
126 * supported in a non-global zone.
127 *
128 * PRIV_SYS_DEVICES (prohibited in a non-global zone):
129 * Needed in the global zone for ioctls on various drivers
130 * such as memory-controller drivers.
131 *
132 * PRIV_SYS_RES_CONFIG (prohibited in a non-global zone):
133 * Require for p_online(2) calls to offline cpus.
134 *
135 * PRIV_SYS_NET_CONFIG (prohibited in a non-global zone):
136 * Required for ipsec in etm (which also requires
137 * PRIV_NET_PRIVADDR).
138 *
139 * We do without those privileges in a non-global zone. It's
140 * possible that there are other privs we could drop since
141 * hardware-related plugins are not present.
142 */
151 }
161 /*
162 * Block all signals prior to the fork and leave them blocked in the
163 * parent so we don't get in a situation where the parent gets SIGINT
164 * and returns non-zero exit status and the child is actually running.
165 * In the child, restore the signal mask once we've done our setsid().
166 */
177 /*
178 * If we're the parent process, wait for either the child to send us
179 * the appropriate exit status over the pipe or for the read to fail
180 * (presumably with 0 for EOF if our child terminated abnormally).
181 * If the read fails, exit with either the child's exit status if it
182 * exited or with FMD_EXIT_ERROR if it died from a fatal signal.
183 */
194 }
204 }
206 static void
208 {
216 }
217 }
219 static void
221 {
224 }
226 static int
228 {
233 }
235 int
237 {
244 sigset_t set;
246 /*
247 * Parse the command-line once to validate all options and retrieve
248 * any overrides for our configuration file and root directory.
249 */
261 opt_V++;
265 }
266 }
272 #ifdef DEBUG
274 #else
276 #endif
280 }
285 /*
286 * Now that we've initialized our global state, parse the command-line
287 * again for any configuration options specified using -o and set them.
288 */
296 }
303 }
310 }
311 }
312 }
318 }
320 /*
321 * Update the value of fmd.d_fg based on "fg" in case it changed. We
322 * use this property to decide whether to daemonize below.
323 */
326 /*
327 * Once we're done setting our global state up, set up signal handlers
328 * for ensuring orderly termination on SIGTERM. If we are starting in
329 * the foreground, we also use the same handler for SIGINT and SIGHUP.
330 */
356 /*
357 * Prior to this point, we are single-threaded. Once fmd_run() is
358 * called, we will be multi-threaded from this point on. The daemon's
359 * main thread will wait at the end of this function for signals.
360 */
374 }