On 12/13/20 7:10 PM, Theo de Raadt wrote:
And I'm suggesting the arguments should look like this:
pflogd: [priv] -s 160 -i pflog0 -f /var/log/pflog (pflogd)
pflogd: [running] -s 160 -i pflog0 -f /var/log/pflog (pflogd)
That might allow more accurate pkill targetting.
Wouldn't you admit that this appears to be very fragile? If I add
some flags to the pflogd command line then I have to verify the
pkill commands in newsyslog.conf again. Newsyslog doesn't tell if
pkill doesn't find anything to send a HUP to. Not to mention that the
"-s 160" is not set with "rcctl set flags". Apparently there is some
magic code somewhere else. If this code is changed, then this might
break the newsyslog configuration as well. Sorry to say, buts its
obscure and error-prone.
My point is that a pid file on a volatile file system is much more
reliable than pkill/pgrep. I am not asking you to drop pkill/pgrep,
but I am missing the old -p option to pflogd.
At least OpenBSD is not alone with this problem. On Debian there
is a tool "/bin/pidof", trying to guess the pid of a daemon to kill
by looking at the process list as well. Its part of the sysv init
environment. For years I wondered how comes that daemons in my
containers silently got killed. They were visible in the parent's
process list and were found by pidof.
Regards
Harri
