fix: limit pgrep/pkill to host namespace

emhttp/plugins/dynamix/DateTime.page

@@ -183,7 +183,7 @@ var service = false;
 var oldDate, oldTime, oldZone;
 
 // ptp daemon is running?
-var ptpd = <?=exec("pgrep -cf /usr/sbin/ptp4l") ? 'true' : 'false'?>;
+var ptpd = <?=exec("pgrep --ns $$ -cf /usr/sbin/ptp4l") ? 'true' : 'false'?>;
 
 function hwclock(form,port) {
   // disable hardware clock if not supported

emhttp/plugins/dynamix/include/DashboardApps.php

@@ -21,7 +21,7 @@ require_once "$docroot/plugins/dynamix.docker.manager/include/DockerClient.php";
 require_once "$docroot/plugins/dynamix.vm.manager/include/libvirt_helpers.php";
 
 if (isset($_POST['ntp'])) {
-  if (exec("pgrep -cf /usr/sbin/ptp4l")) {
+  if (exec("pgrep --ns $$ -cf /usr/sbin/ptp4l")) {
     // ptp sync
     if (exec("pmc -ub0 'GET TIME_STATUS'|awk '$1==\"gmPresent\"{print $2;exit}'")) {
       $ptp = abs(exec("pmc -ub0 'GET CURRENT'|awk '$1==\"offsetFromMaster\"{print $2;exit}'"));
@@ -37,7 +37,7 @@ if (isset($_POST['ntp'])) {
     } else {
       die(_('Clock is unsynchronized with no PTP servers'));
     }
-  } elseif (exec("pgrep -cf /usr/sbin/ntpd")) {
+  } elseif (exec("pgrep --ns $$ -cf /usr/sbin/ntpd")) {
     // ntp sync
     $ntp = exec("ntpq -pn|awk '$1~/^\*/{print $9;exit}'");
     if ($ntp) {

emhttp/plugins/dynamix/include/DefaultPageLayout.php

@@ -65,7 +65,7 @@ if (count($pages)) {
   foreach ($stop as $row) {
     [$script, $opt] = my_explode(':', $row);
     if ($opt == 'stop') {
-      exec("pkill -f $docroot/$script &>/dev/null &");
+      exec('pkill --ns $$ -f '.escapeshellarg($docroot.'/'.$script).' &>/dev/null &');
       array_splice($running, array_search($row, $running), 1);
     }
   }

emhttp/plugins/dynamix/include/ResetTZ.php

@@ -22,7 +22,7 @@ if (!is_file($pidfile)) exit;
 foreach ($scripts as $script) {
   if (exec("grep -Pom1 '^$nchan/$script' $pidfile")) {
     // restart selected script
-    exec("pkill -f $nchan/$script");
+    exec('pkill --ns $$ -f '.escapeshellarg($nchan.'/'.$script));
     exec("$docroot/$nchan/$script &>/dev/null &");
   }
 }

emhttp/plugins/dynamix/scripts/reiserfs_check

@@ -19,7 +19,7 @@ case "$1" in
   pgrep --ns $$ -f "/sbin/reiserfsck $2" >/dev/null
 ;;
 'cancel')
-  pkill -f "/sbin/reiserfsck $2"
+  pkill --ns $$ -f "/sbin/reiserfsck $2"
   echo "Cancelled" >> /var/lib/reiserfs/check.status.$3
 ;;
 esac

emhttp/plugins/dynamix/scripts/upnp_port

@@ -49,7 +49,7 @@ case "$1" in
 'del')
   upnpc -u $XML -m $LINK -d $3 $4 >/dev/null 2>&1
   if [[ $? -eq 0 ]]; then
-    [[ -z $WG && -n $(pgrep -f $POLLER) ]] && pkill -f $POLLER
+    [[ -z $WG && -n $(pgrep --ns $$ -f $POLLER) ]] && pkill --ns $$ -f $POLLER
     log "Deleted port $3/$4"
   else
     log "Failed to delete port $3/$4"

etc/rc.d/rc.cgroup2unraid

@@ -17,7 +17,7 @@ PID="/var/run/cgroup2-unraid.pid"
 
 cgroup2daemon_running(){
   sleep 0.1
-  [[ $(pgrep -cf $CGROUP2) -gt 0 ]]
+  [[ $(pgrep --ns $$ -cf $CGROUP2) -gt 0 ]]
 }
 
 case "$1" in
@@ -26,7 +26,7 @@ case "$1" in
       REPLY="Already started"
     else
       $CGROUP2 --daemon
-      echo $(pgrep -f $CGROUP2) > $PID
+      echo $(pgrep --ns $$ -f $CGROUP2) > $PID
       if cgroup2daemon_running; then
         REPLY="Started"
       else

etc/rc.d/rc.nginx

@@ -736,7 +736,7 @@ nginx_stop(){
     kill -QUIT $(cat $PID)
     nginx_waitfor_shutdown
     # safety hammer
-    pkill -f $NGINX
+    pkill --ns $$ -f $NGINX
     nginx_waitfor_shutdown
     if ! nginx_running; then REPLY="Stopped"; else REPLY="Failed"; fi
   fi
@@ -806,7 +806,7 @@ nginx_reload(){
 
 nginx_renew(){
   # stop unconditionally
-  pkill -f $NGINX
+  pkill --ns $$ -f $NGINX
   # rebuild configuration
   build_ssl
   # start unconditionally

etc/rc.d/rc.ntpd

@@ -23,7 +23,7 @@ IDENT="/boot/config/ident.cfg"
 
 ntpd_running(){
   sleep 0.1
-  [[ $(pgrep -cf $NTPD) -gt 0 ]]
+  [[ $(pgrep --ns $$ -cf $NTPD) -gt 0 ]]
 }
 
 ntpd_build(){

etc/rc.d/rc.ptpd

@@ -24,7 +24,7 @@ IDENT="/boot/config/ident.cfg"
 
 ptpd_running(){
   sleep 0.1
-  [[ $(pgrep -cf $PTPD) -gt 0 ]]
+  [[ $(pgrep --ns $$ -cf $PTPD) -gt 0 ]]
 }
 
 ptpd_build(){
@@ -83,8 +83,8 @@ ptpd_stop(){
   if ! ptpd_running; then
     REPLY="Already stopped"
   else
-    pkill -f $PTPD 2>/dev/null
-    pkill -f $PHC 2>/dev/null
+    pkill --ns $$ -f $PTPD 2>/dev/null
+    pkill --ns $$ -f $PHC 2>/dev/null
     if ! ptpd_running; then REPLY="Stopped"; else REPLY="Failed"; fi
   fi
   log "$DAEMON...  $REPLY."

etc/rc.d/rc.wireless

@@ -283,7 +283,7 @@ wifi_stop(){
   IPV4=$(ip -4 -br addr show scope global primary dev shim-$PORT | awk '{print $3,$4,$5;exit}')
   [[ -n $IPV4 ]] && run ip addr del $IPV4 dev shim-$PORT
   run ip addr flush dev $PORT
-  run pkill wpa_supplicant
+  run pkill --ns $$ wpa_supplicant
   run iw dev $PORT disconnect
   run rm -f $INI
   # restart services when static assignments

sbin/emhttp

@@ -41,7 +41,7 @@ case "${1:-start}" in
 'start')
   log "Starting emhttpd..."
   # verify emhttpd not already started
-  if [[ -n $(pgrep emhttpd) ]]; then
+  if [[ -n $(pgrep --ns $$ emhttpd) ]]; then
     log "emhttpd already started."
     exit 1
   fi
@@ -54,7 +54,7 @@ case "${1:-start}" in
   /etc/rc.d/rc.nginx stop
   /etc/rc.d/rc.php-fpm stop
   log "Stopping emhttpd..."
-  pkill emhttpd
+  pkill --ns $$ emhttpd
   rmmod md-mod
   log "All services...  Stopped."
   ;;

sbin/monitor_nchan

@@ -27,14 +27,14 @@ nchan_stop() {
   while IFS=$'\n' read -r nchan; do
     [[ ${nchan##*/} == '.*' ]] && continue
     echo $nchan >>$nchan_list
-    pkill -f $nchan
+    pkill --ns $$ -f $nchan
   done <<< $(ps -eo cmd | grep -Po '/usr/local/emhttp/.*/nchan/.*')
 }
 
 nchan_start() {
   [[ -e $nchan_list ]] || return
   while IFS=$'\n' read -r nchan; do
-    if ! pgrep -f $nchan >/dev/null; then
+    if ! pgrep --ns $$ -f $nchan >/dev/null; then
       $nchan &>/dev/null &
     fi
   done < $nchan_list