Hi Tobi, a recent change to iked.c moved the call to daemon() behind proc_init(). Now iked forks all its children and afterwards daemonizes itself into background leaving the kids behind orphaned.
The patch below restores the parent/child relationship. With it, the
parent calls daemon() first. And by putting the daemon() call into
proc_init() we make sure that any re-execed child won't call daemon()
again.
Gerhard
Index: sbin/iked/iked.c
===================================================================
RCS file: /cvs/src/sbin/iked/iked.c,v
retrieving revision 1.65
diff -u -p -u -p -r1.65 iked.c
--- sbin/iked/iked.c 25 Jun 2023 08:07:04 -0000 1.65
+++ sbin/iked/iked.c 28 Jun 2023 08:30:28 -0000
@@ -203,8 +203,6 @@ main(int argc, char *argv[])
setproctitle("parent");
log_procinit("parent");
- if (!debug && daemon(0, 0) == -1)
- err(1, "failed to daemonize");
event_init();
Index: sbin/iked/proc.c
===================================================================
RCS file: /cvs/src/sbin/iked/proc.c,v
retrieving revision 1.38
diff -u -p -u -p -r1.38 proc.c
--- sbin/iked/proc.c 5 Mar 2023 22:17:22 -0000 1.38
+++ sbin/iked/proc.c 28 Jun 2023 08:30:28 -0000
@@ -205,6 +205,8 @@ proc_init(struct privsep *ps, struct pri
if (proc_id == PROC_PARENT) {
privsep_process = PROC_PARENT;
+ if (!debug && daemon(0, 0) == -1)
+ fatal("failed to daemonize");
proc_setup(ps, procs, nproc);
/*
smime.p7s
Description: S/MIME cryptographic signature
