X-Git-Url: https://git.octo.it/?p=collectd.git;a=blobdiff_plain;f=src%2Fexec.c;h=c51465b810064162517a4e3f53bae9107a7a5b19;hp=6d5908c05faedc03583bcad0d4434c3dc6ba7abb;hb=e5e5d99350fa54e22f07b90fbc3102df51565ad9;hpb=c11a279ed19722816ccc56537a7d928ed06c6bab diff --git a/src/exec.c b/src/exec.c index 6d5908c0..c51465b8 100644 --- a/src/exec.c +++ b/src/exec.c @@ -27,6 +27,7 @@ #define _BSD_SOURCE /* For setgroups */ #include "collectd.h" + #include "common.h" #include "plugin.h" @@ -38,7 +39,9 @@ #include #include -#include +#ifdef HAVE_SYS_CAPABILITY_H +# include +#endif #define PL_NORMAL 0x01 #define PL_NOTIF_ACTION 0x02 @@ -247,9 +250,7 @@ static int exec_config_exec (oconfig_item_t *ci) /* {{{ */ static int exec_config (oconfig_item_t *ci) /* {{{ */ { - int i; - - for (i = 0; i < ci->children_num; i++) + for (int i = 0; i < ci->children_num; i++) { oconfig_item_t *child = ci->children + i; if ((strcasecmp ("Exec", child->key) == 0) @@ -348,7 +349,6 @@ static void reset_signal_mask (void) /* {{{ */ { sigset_t ss; - memset (&ss, 0, sizeof (ss)); sigemptyset (&ss); sigprocmask (SIG_SETMASK, &ss, /* old mask = */ NULL); } /* }}} void reset_signal_mask */ @@ -473,11 +473,10 @@ static int fork_child (program_list_t *pl, int *fd_in, int *fd_out, int *fd_err) else if (pid == 0) { int fd_num; - int fd; /* Close all file descriptors but the pipe end we need. */ fd_num = getdtablesize (); - for (fd = 0; fd < fd_num; fd++) + for (int fd = 0; fd < fd_num; fd++) { if ((fd == fd_pipe_in[0]) || (fd == fd_pipe_out[1]) @@ -723,7 +722,6 @@ static void *exec_notification_one (void *arg) /* {{{ */ { program_list_t *pl = ((program_list_and_notification_t *) arg)->pl; notification_t *n = &((program_list_and_notification_t *) arg)->n; - notification_meta_t *meta; int fd; FILE *fh; int pid; @@ -771,7 +769,7 @@ static void *exec_notification_one (void *arg) /* {{{ */ if (strlen (n->type_instance) > 0) fprintf (fh, "TypeInstance: %s\n", n->type_instance); - for (meta = n->meta; meta != NULL; meta = meta->next) + for (notification_meta_t *meta = n->meta; meta != NULL; meta = meta->next) { if (meta->type == NM_TYPE_STRING) fprintf (fh, "%s: %s\n", meta->name, meta->nm_value.nm_string); @@ -806,20 +804,34 @@ static void *exec_notification_one (void *arg) /* {{{ */ static int exec_init (void) /* {{{ */ { - struct sigaction sa; + struct sigaction sa = { + .sa_handler = sigchld_handler + }; - memset (&sa, '\0', sizeof (sa)); - sa.sa_handler = sigchld_handler; sigaction (SIGCHLD, &sa, NULL); +#ifdef HAVE_SYS_CAPABILITY_H + if ((check_capability (CAP_SETUID) != 0) || + (check_capability (CAP_SETGID) != 0)) + { + if (getuid () == 0) + WARNING ("exec plugin: Running collectd as root, but the CAP_SETUID " + "or CAP_SETGID capabilities are missing. The plugin's read function " + "will probably fail. Is your init system dropping capabilities ?"); + else + WARNING ("exec plugin: collectd doesn't have the CAP_SETUID or " + "CAP_SETGID capabilities. If you don't want to run collectd as root, " + "try running \"setcap 'cap_setuid=ep cap_setgid=ep'\" on the " + "collectd binary."); + } +#endif + return (0); } /* int exec_init }}} */ static int exec_read (void) /* {{{ */ { - program_list_t *pl; - - for (pl = pl_head; pl != NULL; pl = pl->next) + for (program_list_t *pl = pl_head; pl != NULL; pl = pl->next) { pthread_t t; pthread_attr_t attr; @@ -850,10 +862,9 @@ static int exec_read (void) /* {{{ */ static int exec_notification (const notification_t *n, /* {{{ */ user_data_t __attribute__((unused)) *user_data) { - program_list_t *pl; program_list_and_notification_t *pln; - for (pl = pl_head; pl != NULL; pl = pl->next) + for (program_list_t *pl = pl_head; pl != NULL; pl = pl->next) { pthread_t t; pthread_attr_t attr;