On 05/23/2011 04:51 PM, Matthieu Pérotin wrote: > Hi Risto, > > the solutions you list are fine with us. The only objections I may have > are: > - the shell only solution induce an additional fork, which is not > necessary with a patch. It may be problematic in heavy loaded systems; > - we are loosing the return value of the 'true' command: the one that > will get caught by waitpid will be the one of kill. The perl solution > did not have this issue, but it made it even more difficult to send > anything other than a SIGALARM; > - it renders the rules more complicate and less readable, as it > introduces some advance job control features inside the execution > instruction. >
...since you mentioned that you would like to have the opportunity to use not only ALRM or TERM, perhaps a flexible solution is to set up the following subroutine at SEC startup: type=single ptype=regexp pattern=(SEC_STARTUP|SEC_RESTART) context=SEC_INTERNAL_EVENT desc=compile child fork action=eval %child_with_timeout ( sub { if (scalar(@_) < 3) { return -1; } \ my($int) = shift @_; my($sig) = shift @_; my($pid) = fork(); \ if ($pid == -1) { return -1; } elsif ($pid > 0) { return 0; } \ $pid = fork(); if ($pid == -1) { exit(1); } \ if ($pid == 0) { exec("@_"); } else { \ $SIG{ALRM} = sub { kill $sig, $pid; exit(0); }; \ alarm($int); while (wait() != -1) {}; exit(0); } } ) This function runs the custom program through double fork. The intermediate process is necessary for controlling your program and terminating it. The function takes three parameters -- the timeout value ($int), the signal number ($sig), and the command line. Once you have compiled this compact function, you can use it all over your ruleset in this simple way: type=single ptype=substr pattern=test3 desc=if script has run for 10 seconds, simulate Floating Point exception action=call %o %child_with_timeout 10 8 /home/risto/SEC-misc/test.sh type=single ptype=substr pattern=test4 desc=if script has run for 10 seconds, end it with SIGKILL action=call %o %child_with_timeout 10 9 /home/risto/SEC-misc/test.sh Just another way of tackling the problem (it would be quite tricky to augment 'spawn', 'shellcmd', 'pipe' and SingleWithScript with all this functionality). kind regards, risto ------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users