From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI
	autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 5330 invoked from network); 6 Oct 2020 10:29:10 -0000
Received: from alyss.skarnet.org (95.142.172.232)
  by inbox.vuxu.org with ESMTPUTF8; 6 Oct 2020 10:29:10 -0000
Received: (qmail 26647 invoked by uid 89); 6 Oct 2020 10:29:31 -0000
Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm
Sender: <supervision@list.skarnet.org>
Precedence: bulk
List-Post: <mailto:supervision@list.skarnet.org>
List-Help: <mailto:supervision-help@list.skarnet.org>
List-Unsubscribe: <mailto:supervision-unsubscribe@list.skarnet.org>
List-Subscribe: <mailto:supervision-subscribe@list.skarnet.org>
List-Id: <supervision.list.skarnet.org>
Received: (qmail 26640 invoked from network); 6 Oct 2020 10:29:31 -0000
From: "Laurent Bercot" <ska-supervision@skarnet.org>
To: "Dewayne Geraghty" <dewayne@heuristicsystems.com.au>,
 "supervision@list.skarnet.org" <supervision@list.skarnet.org>
Subject: Re: s6-rc : Anomalies or normal behaviour
Date: Tue, 06 Oct 2020 10:29:04 +0000
Message-Id: <emc1b119ae-695f-4a29-b48a-ea9893347c64@elzian>
In-Reply-To: <ff40e153-44f5-93f2-406a-1d9d27c1e0e2@heuristicsystems.com.au>
References: <780655eb-a904-8b29-b559-80a7a0abc9f1@heuristicsystems.com.au>
 <em7ac79949-ed7c-4913-8318-9dd0afc38f59@elzian>
 <ff40e153-44f5-93f2-406a-1d9d27c1e0e2@heuristicsystems.com.au>
Reply-To: "Laurent Bercot" <ska-supervision@skarnet.org>
User-Agent: eM_Client/8.0.3385.0
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: -100
X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedujedrgeeggddvjecutefuodetggdotffvucfrrhhofhhilhgvmecupfgfoffgtffkveetuefngfdpqfgfvfenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvufffkfgjfhhrfgggtgfgsehtqhertddtreejnecuhfhrohhmpedfnfgruhhrvghnthcuuegvrhgtohhtfdcuoehskhgrqdhsuhhpvghrvhhishhiohhnsehskhgrrhhnvghtrdhorhhgqeenucggtffrrghtthgvrhhnpedvgfevffeuleegvdektdffteegvdeiieefkeetgfeuheffheelheejhfevueeijeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphhouhht


  Glad it's working for you!


>A significant reduction in complexity.  However, and the reason for my
>delay in replying.  Magic happened!  I was now transmitting data which
>crossed jail barriers (from b3 "named" to b2 "named logging").  I needed
>to consult with one of the FreeBSD developers to ensure that a security
>hole wasn't occurring. :)

  Well, that's also what you were doing with your former
b3:named2 and b3:named-log2, except you were transmitting the data via
a named pipe created in your run script explicitly instead of an
anonymous pipe created by s6-rc implicitly. The integrated pipe
feature does not touch your security model at all; if you were to
consult with a FreeBSD developer, you needed to do it before making
the change. :)


>It appears (and I'm assuming) that s6 uses pseudo terminal sub-system to
>communicate. In this specific case below, per pts/3

  No, s6 does not use pseudo-terminals at all; all it does is let
processes inherit fds from their parent. In your case, /dev/pts/3 seems
to be s6-svscan's stdout and stderr; if you don't want to have
pseudo-terminals, you should check the script that launches your
supervision tree, and redirect s6-svscan's outputs accordingly.

--
  Laurent