Hi Takeshi, On Thu, Dec 10, 2020 at 07:00:23AM +0000, [email protected] wrote: > Hi, all, > > Haproxy sends the signals to pidlist with the -sf/-st option. > However, since it does not check the haproxy's PID, it may kill other > processes. > > Reproducer is: > ~]# sleep 1000 & sleep 1 ; haproxy -st $! -f /etc/haproxy/haproxy.cfg > [1] 1909 > [1]+ Terminated sleep 1000 > > In the -sf/-st option, I attach a patch to check whether the PID is haproxy > or not.
I strongly disagree with this change, it's not correct. By definition the contents of a pid file *must* match the running process, otherwise it's pointless. Your reproducer above just shows that you need to violate that rule to make it fail. Your change would break plenty of setups which don't run the process under the exact name "haproxy". And that's way more common than you think, e.g. here on the haproxy.org main server : $ ps ax|grep haproxy 14558 ? Sl 125:43 ./haproxy-dev -db -f /etc/haproxy/haproxy-current.cfg -sf 29841 If you want to double-check that the pid matches, you can do that in your startup scripts but quite frankly if the pid doesn't match you're having more serious issues to deal with on the system, and in any case they will not be solved by just this fix. Regards, Willy
