github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-30 00:22:15 +00:00
Code Issues Projects Releases Wiki Activity

Restart falco on SIGHUP. (#457)

Browse Source 
Add a signal handler for SIGHUP that sets a global variable g_restart.

All the real execution of falco was already centralized in a standalone
function falco_init(), so simply exit on g_restart=true and call
falco_init() in a loop that restarts if g_restart is set to true.

Take care to not daemonize more than once and to reset the getopt index
to 1 on restart.

This fixes https://github.com/falcosecurity/falco/issues/432.
This commit is contained in:
Mark Stemm 2018-11-06 11:14:10 -08:00 committed by GitHub
parent 53c7e101fe
commit 6eac49e5ae
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 30 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
userspace/falco/falco.cpp
View File

@ -44,6 +44,8 @@ limitations under the License.
bool g_terminate = false; bool g_terminate = false;
bool g_reopen_outputs = false; bool g_reopen_outputs = false;
bool g_restart = false;
bool g_daemonized = false;
// //
// Helper functions // Helper functions
@ -58,6 +60,11 @@ static void reopen_outputs(int signal)
g_reopen_outputs = true; g_reopen_outputs = true;
} }
static void restart_falco(int signal)
{
g_restart = true;
}
// //
// Program help // Program help
// //
@ -196,8 +203,9 @@ uint64_t do_inspect(falco_engine *engine,
g_reopen_outputs = false; g_reopen_outputs = false;
} }
if (g_terminate) if (g_terminate || g_restart)
{ {
falco_logger::log(LOG_INFO, "SIGHUP Received, restarting...\n");
break; break;
} }
else if(rc == SCAP_TIMEOUT) else if(rc == SCAP_TIMEOUT)
@ -699,6 +707,13 @@ int falco_init(int argc, char **argv)
goto exit; goto exit;
} }
if(signal(SIGHUP, restart_falco) == SIG_ERR)
{
fprintf(stderr, "An error occurred while setting SIGHUP signal handler.\n");
result = EXIT_FAILURE;
goto exit;
}
if (scap_filename.size()) if (scap_filename.size())
{ {
inspector->open(scap_filename); inspector->open(scap_filename);
@ -721,7 +736,7 @@ int falco_init(int argc, char **argv)
// If daemonizing, do it here so any init errors will // If daemonizing, do it here so any init errors will
// be returned in the foreground process. // be returned in the foreground process.
if (daemon) { if (daemon && !g_daemonized) {
pid_t pid, sid; pid_t pid, sid;
pid = fork(); pid = fork();
@ -772,6 +787,8 @@ int falco_init(int argc, char **argv)
open("/dev/null", O_RDONLY); open("/dev/null", O_RDONLY);
open("/dev/null", O_RDWR); open("/dev/null", O_RDWR);
open("/dev/null", O_RDWR); open("/dev/null", O_RDWR);
g_daemonized = true;
} }
if(outfile != "") if(outfile != "")
@ -887,5 +904,15 @@ exit:
// //
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
return falco_init(argc, argv); int rc;
// g_restart will cause the falco loop to exit, but we
// should reload everything and start over.
while((rc = falco_init(argc, argv)) == EXIT_SUCCESS && g_restart)
{
g_restart = false;
optind = 1;
}
return rc;
} }