On 05/23/2011 04:51 PM, Matthieu Pérotin wrote:
> Hi Risto,
>
> the solutions you list are fine with us. The only objections I may have
> are:
> - the shell only solution induce an additional fork, which is not
> necessary with a patch. It may be problematic in heavy loaded systems;
> - we are loosing the return value of the 'true' command: the one that
> will get caught by waitpid will be the one of kill. The perl solution
> did not have this issue, but it made it even more difficult to send
> anything other than a SIGALARM;
> - it renders the rules more complicate and less readable, as it
> introduces some advance job control features inside the execution
> instruction.
>
...since you mentioned that you would like to have the opportunity to
use not only ALRM or TERM, perhaps a flexible solution is to set up the
following subroutine at SEC startup:
type=single
ptype=regexp
pattern=(SEC_STARTUP|SEC_RESTART)
context=SEC_INTERNAL_EVENT
desc=compile child fork
action=eval %child_with_timeout ( sub { if (scalar(@_) < 3) { return -1; } \
my($int) = shift @_; my($sig) = shift @_; my($pid) = fork(); \
if ($pid == -1) { return -1; } elsif ($pid > 0) { return 0; } \
$pid = fork(); if ($pid == -1) { exit(1); } \
if ($pid == 0) { exec("@_"); } else { \
$SIG{ALRM} = sub { kill $sig, $pid; exit(0); }; \
alarm($int); while (wait() != -1) {}; exit(0); } } )
This function runs the custom program through double fork. The
intermediate process is necessary for controlling your program and
terminating it. The function takes three parameters -- the timeout value
($int), the signal number ($sig), and the command line.
Once you have compiled this compact function, you can use it all over
your ruleset in this simple way:
type=single
ptype=substr
pattern=test3
desc=if script has run for 10 seconds, simulate Floating Point exception
action=call %o %child_with_timeout 10 8 /home/risto/SEC-misc/test.sh
type=single
ptype=substr
pattern=test4
desc=if script has run for 10 seconds, end it with SIGKILL
action=call %o %child_with_timeout 10 9 /home/risto/SEC-misc/test.sh
Just another way of tackling the problem (it would be quite tricky to
augment 'spawn', 'shellcmd', 'pipe' and SingleWithScript with all this
functionality).
kind regards,
risto
------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
