Philip Hazel writes:
>
> On Thu, 24 Feb 2005, Chris Thompson wrote:
>
> > Although pid_file's have inevitable failure cases, it's possible to do
> > a great deal better than this. I suggest
> >
> > (a) Exim should try to unlink the file when the daemon exits: it's
> > not always the case that it can't do this after it has lost root
> > privilege;
> >
> > (b) In case it can't, it should keep the file open, and on exit it
> > should truncate it to size zero if it can't unlink it.
>
> I think the problem here is "when the daemon exits". I guess it has to
> set up a signal handler to catch the KILL signal; I'm just wary about
> signal handling because I know what a hairy area of system programming
> it is. :-)
Well not KILL, obviously, but I suppose I was assuming a TERM signal handler.
> The keeping open option may be tricky/difficult after SIGHUP, when Exim
> has re-executed itself, but still in the same process.
This should be treated as exiting: the old instance removes/empties the
pid_file, and the new one after exec'ing recreates it. The exec'd copy
doesn't know there was an earlier incarnation in the same process, does it?
I suppose the open pid_file needs to be close-on-exec anyway so that it
isn't inherited by spawn of the daemon with possible security implications.
> Would you like me to wishlist this issue?
Yes: at least a general wish to get the pid_file invalidated somehow.
--
Chris Thompson University of Cambridge Computing Service,
Email: cet1@??? New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
