/core/server/OpenXPKI/Daemonize.pm

https://github.com/mbartosch/openxpki · Perl · 183 lines · 120 code · 42 blank · 21 comment · 15 complexity · 6039b269b8b87b6e75ef08f3cca3126b MD5 · raw file 

    

  1. package OpenXPKI::Daemonize;
    2. 

  2. use Moose;
    3. 

  3. 

  4. =head1 Name
    5. 

  5. 

  6. OpenXPKI::Daemonize - Helper functions to cleanly fork background processes
    7. 

  7. 

  8. =cut
    9. 

  9. 

  10. # Core modules
    11. 

  11. use English;
    12. 

  12. 

  13. # CPAN modules
    14. 

  14. use POSIX qw(:signal_h setuid setgid);
    15. 

  15. 

  16. # Project modules
    17. 

  17. use OpenXPKI::Debug;
    18. 

  18. use OpenXPKI::Exception;
    19. 

  19. 

  20. has max_fork_redo => (
    21. 

  21.     is => 'rw',
    22. 

  22.     isa => 'Int',
    23. 

  23.     default => 5,
    24. 

  24. );
    25. 

  25. 

  26. has sighup_handler => (
    27. 

  27.     is => 'rw',
    28. 

  28.     isa => 'CodeRef',
    29. 

  29. );
    30. 

  30. 

  31. has sigterm_handler => (
    32. 

  32.     is => 'rw',
    33. 

  33.     isa => 'CodeRef',
    34. 

  34. );
    35. 

  35. 

  36. has uid => (
    37. 

  37.     is => 'rw',
    38. 

  38.     isa => 'Int',
    39. 

  39. );
    40. 

  40. 

  41. has gid => (
    42. 

  42.     is => 'rw',
    43. 

  43.     isa => 'Int',
    44. 

  44. );
    45. 

  45. 

  46. has old_sig_set => (
    47. 

  47.     is => 'rw',
    48. 

  48.     isa => 'POSIX::SigSet',
    49. 

  49.     init_arg => undef,
    50. 

  50. );
    51. 

  51. 

  52. =head1 METHODS
    53. 

  53. 

  54. =head2 fork_child
    55. 

  55. 

  56. Tries to fork a child process.
    57. 

  57. 

  58. Return value depends on who returns: parent will get the child PID and child
    59. 

  59. will get 0.
    60. 

  60. 

  61. An exception will be thrown if the fork fails.
    62. 

  62. 

  63. B<Note on STDIN, STDOUT, STDERR>
    64. 

  64. 

  65. All IO handles will be connected to I</dev/null> with one exception: if C<STDERR>
    66. 

  66. was already redirected to a file (and is not a terminal) then it is left untouched.
    67. 

  67. This is to make sure error messages still go to the desired log files.
    68. 

  68. 

  69. B<Note on SIGCHLD>
    70. 

  70. 

  71. For the parent process we set C<$SIG{CHLD} = "IGNORE"> to prevent zombie child
    72. 

  72. processes.
    73. 

  73. 

  74. But C<IGNORE> can lead to problems with system calls e.g. via L<Proc::SafeExec>
    75. 

  75. or L<system>, see
    76. 

  76. L<the Perl CookBook|https://docstore.mik.ua/orelly/perl/cookbook/ch16_20.htm>
    77. 

  77. for details.
    78. 

  78. 

  79. Thus in the child process we set C<$SIG{CHLD} = "DEFAULT"> to prevent these
    80. 

  80. problems.
    81. 

  81. 

  82. But in the parent process after forking you should manually set
    83. 

  83. C<$SIG{CHLD} = "DEFAULT"> if you want to do system calls.
    84. 

  84. 

  85. =cut
    86. 

  86. sub fork_child {
    87. 

  87.     my ($self) = @_;
    88. 

  88. 

  89.     $SIG{CHLD} = 'IGNORE'; # IGNORE means: child zombies are auto-removed from process table
    90. 

  90. 

  91.     my $pid = $self->_try_fork($self->max_fork_redo);
    92. 

  92. 

  93.     # parent process: return on successful fork
    94. 

  94.     if ($pid > 0) { return $pid }
    95. 

  95. 

  96.     #
    97. 

  97.     # child process
    98. 

  98.     #
    99. 

  99. 

  100.     # Reset handler for SIGCHLD:
    101. 

  101.     # IGNORE could prevent Proc::SafeExec or system() from working correctly
    102. 

  102.     # (see https://docstore.mik.ua/orelly/perl/cookbook/ch16_20.htm)
    103. 

  103.     $SIG{CHLD} = 'DEFAULT';
    104. 

  104.     $SIG{HUP}  = $self->sighup_handler  if $self->sighup_handler;
    105. 

  105.     $SIG{TERM} = $self->sigterm_handler if $self->sigterm_handler;
    106. 

  106. 

  107.     if ($self->gid) {
    108. 

  108.         setgid($self->gid);
    109. 

  109.     }
    110. 

  110.     if ($self->uid) {
    111. 

  111.         setuid($self->uid);
    112. 

  112.         $ENV{USER} = getpwuid($self->uid);
    113. 

  113.         $ENV{HOME} = ((getpwuid($self->uid))[7]);
    114. 

  114.     }
    115. 

  115. 

  116.     umask 0;
    117. 

  117.     chdir '/';
    118. 

  118.     open STDIN,  '<',  '/dev/null';
    119. 

  119.     open STDOUT, '>',  '/dev/null';
    120. 

  120.     open STDERR, '>>', '/dev/null' if (-t STDERR); # only touch STDERR if it's not already redirected to a file
    121. 

    122. 

  122.     # Re-seed Perl random number generator
    123. 

  123.     srand(time ^ $PROCESS_ID);
    124. 

  124. 

  125.     return $pid;
    126. 

  126. }
    127. 

  127. 

  128. # "The most paranoid of programmers block signals for a fork to prevent a
    129. 

  129. # signal handler in the child process being called before Perl can update
    130. 

  130. # the child's $$ variable, its process id."
    131. 

  131. # (https://docstore.mik.ua/orelly/perl/cookbook/ch16_21.htm)
    132. 

  132. sub _block_sigint {
    133. 

  133.     my ($self) = @_;
    134. 

  134.     my $sigint = POSIX::SigSet->new(SIGINT);
    135. 

  135.     sigprocmask(SIG_BLOCK, $sigint, $self->old_sig_set)
    136. 

  136.         or OpenXPKI::Exception->throw(
    137. 

  137.             message => 'Unable to block SIGINT before fork()',
    138. 

  138.             log => { priority => 'fatal', facility => 'system' }
    139. 

  139.         );
    140. 

  140. }
    141. 

  141. 

  142. sub _unblock_sigint {
    143. 

  143.     my ($self) = @_;
    144. 

  144.     sigprocmask(SIG_SETMASK, $self->old_sig_set)
    145. 

  145.         or OpenXPKI::Exception->throw(
    146. 

  146.             message => 'Unable to reset old signals after fork()',
    147. 

  147.             log => { priority => 'fatal', facility => 'system' }
    148. 

  148.         );
    149. 

  149. }
    150. 

  150. 

  151. sub _try_fork {
    152. 

  152.     my ($self, $max_tries) = @_;
    153. 

  153. 

  154.     for (my $i = 0; $i < $max_tries; $i++) {
    155. 

  155.         $self->_block_sigint;
    156. 

  156.         my $pid = fork;
    157. 

  157.         $self->_unblock_sigint;
    158. 

  158.         # parent or child: successful fork
    159. 

  159.         if (defined $pid) { return $pid }
    160. 

  160. 

  161.         # parent: unsuccessful fork
    162. 

  162. 

  163.         # EAGAIN - fork cannot allocate sufficient memory to copy the parent's
    164. 

  164.         #          page tables and allocate a task structure for the child.
    165. 

  165.         # ENOMEM - fork failed to allocate the necessary kernel structures
    166. 

  166.         #          because memory is tight.
    167. 

  167.         if ($! != POSIX::EAGAIN() and $! != POSIX::ENOMEM()) {
    168. 

  168.             OpenXPKI::Exception->throw(
    169. 

  169.                 message => 'fork() failed with an unrecoverable error',
    170. 

  170.                 params => { error => $! },
    171. 

  171.                 log => { priority => 'fatal', facility => 'system' }
    172. 

  172.             );
    173. 

  173.         }
    174. 

  174.         sleep 2;
    175. 

  175.     }
    176. 

  176. 

  177.     OpenXPKI::Exception->throw(
    178. 

  178.         message => 'fork() failed due to insufficient memory, tried $max_tries times',
    179. 

  179.         log => { priority => 'fatal', facility => 'system' }
    180. 

  180.     );
    181. 

  181. }
    182. 

  182. 

  183. __PACKAGE__->meta->make_immutable;
    184.