hya,
aren't we supposed to check for exec permission on nagios binary file
only after drop our privileges to nagios user?
if that's right, the patch below make it happen after
drop_privileges(). once we spawn our workers only when we're already
running as nagios user, maybe the assumption above is right.
another interesting think is that we keep calling
getpid() function even if we already have pid on a variable, the patch
below fixes it.
a last think, iobroker_create() may return NULL. in that case what
is the correct behaviour? exit nagios?
ah, ok, i miss that, we are exiting with ERROR code only in one place,
all the others go out with EXIT_FAILURE, so i've change it.
comments? kicks? punchs?
Index: base/nagios.c
===================================================================
--- base/nagios.c (revision 2472)
+++ base/nagios.c (working copy)
@@ -430,24 +430,12 @@
/* else start to monitor things... */
else {
- /*
- * if we're called with a relative path we must make
- * it absolute so we can launch our workers.
- * If not, we needn't bother, as we're using execvp()
- */
- if (strchr(argv[0], '/')) {
- nagios_binary_path = nspath_absolute(argv[0], NULL);
- if (access(nagios_binary_path, X_OK) < 0) {
- logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: failed to access() %s: %s\n", nagios_binary_path, strerror(errno));
- logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: Spawning workers will be impossible. Aborting.\n");
- exit(EXIT_FAILURE);
- }
- }
- else {
- nagios_binary_path = strdup(argv[0]);
- }
nagios_iobs = iobroker_create();
+ if (nagios_iobs == NULL) {
+ logit(NSLOG_RUNTIME_ERROR, TRUE, "Unable to create io_broker. Aborting.\n");
+ exit(EXIT_FAILURE);
+ }
/* keep monitoring things until we get a shutdown command */
do {
@@ -478,9 +466,29 @@
logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_CONFIG_ERROR, TRUE, "Failed to drop privileges. Aborting.");
cleanup();
- exit(ERROR);
+ exit(EXIT_FAILURE);
}
+ /*
+ * if we're called with a relative path we must make
+ * it absolute so we can launch our workers.
+ * If not, we needn't bother, as we're using execvp()
+ */
+ if (nagios_binary_path == NULL) {
+
+ if (strchr(argv[0], '/')) {
+ nagios_binary_path = nspath_absolute(argv[0], NULL);
+ } else {
+ nagios_binary_path = strdup(argv[0]);
+ }
+
+ if (access(nagios_binary_path, X_OK) < 0) {
+ logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: failed to access() %s: %s\n", nagios_binary_path, strerror(errno));
+ logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: Spawning workers will be impossible. Aborting.\n");
+ exit(EXIT_FAILURE);
+ }
+ }
+
#ifdef USE_EVENT_BROKER
/* initialize modules */
neb_init_modules();
@@ -489,7 +497,7 @@
timing_point("NEB module API initialized\n");
/* this must be logged after we read config data, as user may have changed location of main log file */
- logit(NSLOG_PROCESS_INFO, TRUE, "Nagios %s starting... (PID=%d)\n", PROGRAM_VERSION, (int)getpid());
+ logit(NSLOG_PROCESS_INFO, TRUE, "Nagios %s starting... (PID=%d)\n", PROGRAM_VERSION, nagios_pid);
/* log the local time - may be different than clock time due to timezone offset */
now = time(NULL);
@@ -545,13 +553,13 @@
/* there was a problem reading the config files */
if(result != OK)
- logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_CONFIG_ERROR, TRUE, "Bailing out due to one or more errors encountered in the configuration files. Run Nagios from the command line with the -v option to verify your config before restarting. (PID=%d)", (int)getpid());
+ logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_CONFIG_ERROR, TRUE, "Bailing out due to one or more errors encountered in the configuration files. Run Nagios from the command line with the -v option to verify your config before restarting. (PID=%d)", nagios_pid);
else {
/* run the pre-flight check to make sure everything looks okay*/
if((result = pre_flight_check()) != OK)
- logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_VERIFICATION_ERROR, TRUE, "Bailing out due to errors en
...[email truncated]...
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]