commit 355d6a83810e1b7bb3bc2ccd3102141dbea63821
parent 6920ddc814d709bc60c162c1fef794b108940e95
Author: Laurent Bercot <ska-skaware@skarnet.org>
Date: Sun, 21 Aug 2022 02:37:46 +0000
Add upper limit to -c in s6-svscan
Also document it, and document changes to s6-supervise
Signed-off-by: Laurent Bercot <ska@appnovation.com>
Diffstat:
5 files changed, 35 insertions(+), 14 deletions(-)
diff --git a/doc/s6-supervise.html b/doc/s6-supervise.html
@@ -135,7 +135,12 @@ effective group id as the s6-supervise process.
If it already exists, it uses it as is, without modifying the subscription rights. </li>
<li> It <a href="libs6/ftrigw.html">sends</a> a <tt>'s'</tt> event to <tt>./event</tt>. </li>
<li> If the default service state is up (i.e. there is no <tt>./down</tt> file),
-s6-supervise spawns <tt>./run</tt>. </li>
+s6-supervise spawns <tt>./run</tt>. One argument is given to the <tt>./run</tt>
+program: <em>servicedir</em>, the name of the directory s6-supervise is being
+run on. It is given exactly as given to s6-supervise, without recanonicalization.
+In particular, if s6-supervise is being managed by <a href="s6-svscan.html">s6-svscan</a>,
+<em>servicedir</em> is always of the form <tt><em>foo</em></tt> or <tt><em>foo</em>/log</tt>,
+and <em>foo</em> contains no slashes. </li>
<li> s6-supervise sends a <tt>'u'</tt> event to <tt>./event</tt> whenever it
successfully spawns <tt>./run</tt>. </li>
<li> If there is a <tt>./notification-fd</tt> file in the service directory and,
@@ -152,7 +157,8 @@ service for readiness. </li>
It then spawns <tt>./finish</tt> if it exists.
<tt>./finish</tt> will have <tt>./run</tt>'s exit code as first argument, or 256 if
<tt>./run</tt> was signaled; it will have the number of the signal that killed <tt>./run</tt>
-as second argument, or an undefined number if <tt>./run</tt> was not signaled. </li>
+as second argument, or an undefined number if <tt>./run</tt> was not signaled;
+and it will have <em>servicedir</em> as third argument. </li>
<li> By default, <tt>./finish</tt> must exit in less than 5 seconds. If it takes more than that,
s6-supervise kills it with a SIGKILL. This can be configured via the
<tt>./timeout-finish</tt> file, see the description in the
diff --git a/doc/s6-svscan.html b/doc/s6-svscan.html
@@ -76,10 +76,11 @@ where all error messages go to the <tt>s6-svscan-log</tt> catch-all logger servi
default, except messages from this service itself, which fall back to <em>consoleholder</em>.
If you're not sure what to use this option for, or how, you don't need it. </li>
<li> <tt>-c <em>max</em></tt> : maintain services for up to <em>max</em>
-service directories. Default is 500. Lower limit is 2. There is no upper limit, but:
+service directories. Default is 500. Lower limit is 2. Upper limit is 90000. If
+you're increasing this value from the default, please note that:
<ul>
<li> The higher <em>max</em> is, the more stack memory s6-svscan will use,
-approximately 50 bytes per service. </li>
+up to 100 bytes per service. </li>
<li> s6-svscan uses 2 file descriptors per logged service. </li>
</ul>
It is the admin's responsibility to make sure that s6-svscan has enough available
diff --git a/doc/servicedir.html b/doc/servicedir.html
@@ -45,11 +45,22 @@ file (such as a binary file or a link to any other executable file),
but most of the time it will be a script, called <em>run script</em>.
This file is the most important one in your service directory: it
contains the commands that will setup and run your <em>foo</em> service.
-It is forked and executed by <a href="s6-supervise.html">s6-supervise</a>
+ <ul>
+ <li> It is forked and executed by <a href="s6-supervise.html">s6-supervise</a>
every time the service must be started, i.e. normally when
<a href="s6-supervise.html">s6-supervise</a> starts, and whenever
-the service goes down when it is supposed to be up. A run script
-should normally:
+the service goes down when it is supposed to be up. </li>
+ <li> It is given one argument, which is the same argument that the
+<a href="s6-supervise.html">s6-supervise</a> process is running with,
+i.e. the name of the service directory — or, if
+<a href="s6-supervise.html">s6-supervise</a> is run under
+<a href="s6-svscan.html">s6-svscan</a>, the name of the service directory
+as seen by <a href="s6-svscan.html">s6-svscan</a> in its
+<a href="scandir.html">scan directory</a>. That is, <tt><em>foo</em></tt>
+or <tt><em>foo</em>/log</tt>, if <em>foo</em> is the name of the
+<em>symbolic link</em> in the scan directory. </li> </ul>
+
+<p> A run script should normally: </p>
<ul>
<li> adjust redirections for stdin, stdout and stderr. When a run
script starts, it inherits its standard file descriptors from
@@ -107,10 +118,12 @@ process has been killed. If the <em>foo</em> service is supposed to be up,
script, not the finish script, should be running; the finish script should really
be short-lived.) The maximum duration of a <tt>finish</tt> execution can be
configured via the <tt>timeout-finish</tt> file, see below. </li>
- <li> The finish script is
-executed with two arguments: the exit code from the run script (resp. 256 if the
-run script was killed by a signal), and an undefined number (resp. the number of
-the signal that killed the run script). </li>
+ <li> The finish script is executed with three arguments:
+ <ol>
+ <li> the exit code from the run script (resp. 256 if the run script was killed by a signal) </li>
+ <li> an undefined number (resp. the number of the signal that killed the run script) </li>
+ <li> the name of the service directory, the same that has been given to <tt>./run</tt>. </li>
+ </ol>
<li> If the finish script exits 125, then <a href="s6-supervise.html">s6-supervise</a>
interprets this as a permanent failure for the service, and does not restart it,
as if an <a href="s6-svc.html">s6-svc -O</a> command had been sent. </li>
@@ -122,8 +135,8 @@ stdin and stdout pointing to <tt>/dev/null</tt>. </li>
<li style="margin-bottom:1em"> A directory named <tt>supervise</tt>. It is automatically created by
<a href="s6-supervise.html">s6-supervise</a> if it does not exist. This is where
-<a href="s6-supervise.html">s6-supervise</a> stores its information. The directory
-must be writable. </li>
+<a href="s6-supervise.html">s6-supervise</a> stores its internal information.
+The directory must be writable. </li>
<li style="margin-bottom:1em"> An optional, empty, regular file named <tt>down</tt>. If such a file exists,
the default state of the service is considered down, not up: s6-supervise will not
diff --git a/src/supervision/s6-supervise.c b/src/supervision/s6-supervise.c
@@ -456,7 +456,7 @@ static int uplastup_z (void)
{
char fmt0[UINT_FMT] ;
char fmt1[UINT_FMT] ;
- char *cargv[5] = { "finish", fmt0, fmt1, servicename, 0 } ;
+ char *cargv[5] = { "finish", fmt0, fmt1, (char *)servicename, 0 } ;
selfpipe_finish() ;
fmt0[uint_fmt(fmt0, WIFSIGNALED(status.wstat) ? 256 : WEXITSTATUS(status.wstat))] = 0 ;
fmt1[uint_fmt(fmt1, WTERMSIG(status.wstat))] = 0 ;
diff --git a/src/supervision/s6-svscan.c b/src/supervision/s6-svscan.c
@@ -560,6 +560,7 @@ int main (int argc, char const *const *argv)
if (t) tain_from_millisecs(&defaulttimeout, t) ;
else defaulttimeout = tain_infinite_relative ;
if (max < 2) max = 2 ;
+ if (max > 90000) max = 90000 ;
}
if (notif >= 0)