On Thu, Jan 30, 2020 at 09:05:11PM +0100, Patrick Kristiansen wrote: [cut]
> > The process I need to run is written in Clojure and thus runs on the > Java Virtual Machine. Do you have any suggestions on how to best go > about making it "daemon-like"? I am not sure that I can call unveil(2), > pledge(2) and chroot(2) from Clojure without some strange sorcery. I > read in some blog post, that the way to detach from the controlling > terminal is by closing stdin, stdout and stderr, which I admittedly > haven't tried. > Closing stdin/stdout/stderr is not enough. You also need to detach the process from the controlling terminal (which is done by calling setsid(2) after the first fork), re-fork so that the process is not a session leader and does not acquire a new controlling terminal (and is re-parented to init), set an appropriate umask, move to an appropriate dir, drop privileges, and so on...
