From ccecce4cb6fc9a96652040af3c884645b88902a3 Mon Sep 17 00:00:00 2001 From: ljm42 Date: Fri, 30 May 2025 15:58:08 -0700 Subject: [PATCH] fix: limit pgrep/pkill to host namespace --- emhttp/plugins/dynamix/DateTime.page | 2 +- emhttp/plugins/dynamix/include/DashboardApps.php | 4 ++-- emhttp/plugins/dynamix/include/DefaultPageLayout.php | 2 +- emhttp/plugins/dynamix/include/ResetTZ.php | 2 +- emhttp/plugins/dynamix/scripts/reiserfs_check | 2 +- emhttp/plugins/dynamix/scripts/upnp_port | 2 +- etc/rc.d/rc.cgroup2unraid | 4 ++-- etc/rc.d/rc.nginx | 4 ++-- etc/rc.d/rc.ntpd | 2 +- etc/rc.d/rc.ptpd | 6 +++--- etc/rc.d/rc.wireless | 2 +- sbin/emhttp | 4 ++-- sbin/monitor_nchan | 4 ++-- 13 files changed, 20 insertions(+), 20 deletions(-) diff --git a/emhttp/plugins/dynamix/DateTime.page b/emhttp/plugins/dynamix/DateTime.page index bcfa41d24..fa2cfdd74 100644 --- a/emhttp/plugins/dynamix/DateTime.page +++ b/emhttp/plugins/dynamix/DateTime.page @@ -183,7 +183,7 @@ var service = false; var oldDate, oldTime, oldZone; // ptp daemon is running? -var ptpd = ; +var ptpd = ; function hwclock(form,port) { // disable hardware clock if not supported diff --git a/emhttp/plugins/dynamix/include/DashboardApps.php b/emhttp/plugins/dynamix/include/DashboardApps.php index 430c9551e..bd7ee2660 100644 --- a/emhttp/plugins/dynamix/include/DashboardApps.php +++ b/emhttp/plugins/dynamix/include/DashboardApps.php @@ -21,7 +21,7 @@ require_once "$docroot/plugins/dynamix.docker.manager/include/DockerClient.php"; require_once "$docroot/plugins/dynamix.vm.manager/include/libvirt_helpers.php"; if (isset($_POST['ntp'])) { - if (exec("pgrep -cf /usr/sbin/ptp4l")) { + if (exec("pgrep --ns $$ -cf /usr/sbin/ptp4l")) { // ptp sync if (exec("pmc -ub0 'GET TIME_STATUS'|awk '$1==\"gmPresent\"{print $2;exit}'")) { $ptp = abs(exec("pmc -ub0 'GET CURRENT'|awk '$1==\"offsetFromMaster\"{print $2;exit}'")); @@ -37,7 +37,7 @@ if (isset($_POST['ntp'])) { } else { die(_('Clock is unsynchronized with no PTP servers')); } - } elseif (exec("pgrep -cf /usr/sbin/ntpd")) { + } elseif (exec("pgrep --ns $$ -cf /usr/sbin/ntpd")) { // ntp sync $ntp = exec("ntpq -pn|awk '$1~/^\*/{print $9;exit}'"); if ($ntp) { diff --git a/emhttp/plugins/dynamix/include/DefaultPageLayout.php b/emhttp/plugins/dynamix/include/DefaultPageLayout.php index 44d422f4b..1b10cfde8 100644 --- a/emhttp/plugins/dynamix/include/DefaultPageLayout.php +++ b/emhttp/plugins/dynamix/include/DefaultPageLayout.php @@ -65,7 +65,7 @@ if (count($pages)) { foreach ($stop as $row) { [$script, $opt] = my_explode(':', $row); if ($opt == 'stop') { - exec("pkill -f $docroot/$script &>/dev/null &"); + exec('pkill --ns $$ -f '.escapeshellarg($docroot.'/'.$script).' &>/dev/null &'); array_splice($running, array_search($row, $running), 1); } } diff --git a/emhttp/plugins/dynamix/include/ResetTZ.php b/emhttp/plugins/dynamix/include/ResetTZ.php index 0fa61182d..9fdaa5ccb 100644 --- a/emhttp/plugins/dynamix/include/ResetTZ.php +++ b/emhttp/plugins/dynamix/include/ResetTZ.php @@ -22,7 +22,7 @@ if (!is_file($pidfile)) exit; foreach ($scripts as $script) { if (exec("grep -Pom1 '^$nchan/$script' $pidfile")) { // restart selected script - exec("pkill -f $nchan/$script"); + exec('pkill --ns $$ -f '.escapeshellarg($nchan.'/'.$script)); exec("$docroot/$nchan/$script &>/dev/null &"); } } diff --git a/emhttp/plugins/dynamix/scripts/reiserfs_check b/emhttp/plugins/dynamix/scripts/reiserfs_check index 0ec66fa9b..be520e6a3 100755 --- a/emhttp/plugins/dynamix/scripts/reiserfs_check +++ b/emhttp/plugins/dynamix/scripts/reiserfs_check @@ -19,7 +19,7 @@ case "$1" in pgrep --ns $$ -f "/sbin/reiserfsck $2" >/dev/null ;; 'cancel') - pkill -f "/sbin/reiserfsck $2" + pkill --ns $$ -f "/sbin/reiserfsck $2" echo "Cancelled" >> /var/lib/reiserfs/check.status.$3 ;; esac diff --git a/emhttp/plugins/dynamix/scripts/upnp_port b/emhttp/plugins/dynamix/scripts/upnp_port index d5f2c9984..f912de534 100755 --- a/emhttp/plugins/dynamix/scripts/upnp_port +++ b/emhttp/plugins/dynamix/scripts/upnp_port @@ -49,7 +49,7 @@ case "$1" in 'del') upnpc -u $XML -m $LINK -d $3 $4 >/dev/null 2>&1 if [[ $? -eq 0 ]]; then - [[ -z $WG && -n $(pgrep -f $POLLER) ]] && pkill -f $POLLER + [[ -z $WG && -n $(pgrep --ns $$ -f $POLLER) ]] && pkill --ns $$ -f $POLLER log "Deleted port $3/$4" else log "Failed to delete port $3/$4" diff --git a/etc/rc.d/rc.cgroup2unraid b/etc/rc.d/rc.cgroup2unraid index a29df36ee..7b91a3234 100755 --- a/etc/rc.d/rc.cgroup2unraid +++ b/etc/rc.d/rc.cgroup2unraid @@ -17,7 +17,7 @@ PID="/var/run/cgroup2-unraid.pid" cgroup2daemon_running(){ sleep 0.1 - [[ $(pgrep -cf $CGROUP2) -gt 0 ]] + [[ $(pgrep --ns $$ -cf $CGROUP2) -gt 0 ]] } case "$1" in @@ -26,7 +26,7 @@ case "$1" in REPLY="Already started" else $CGROUP2 --daemon - echo $(pgrep -f $CGROUP2) > $PID + echo $(pgrep --ns $$ -f $CGROUP2) > $PID if cgroup2daemon_running; then REPLY="Started" else diff --git a/etc/rc.d/rc.nginx b/etc/rc.d/rc.nginx index c9298385e..d59872e53 100755 --- a/etc/rc.d/rc.nginx +++ b/etc/rc.d/rc.nginx @@ -736,7 +736,7 @@ nginx_stop(){ kill -QUIT $(cat $PID) nginx_waitfor_shutdown # safety hammer - pkill -f $NGINX + pkill --ns $$ -f $NGINX nginx_waitfor_shutdown if ! nginx_running; then REPLY="Stopped"; else REPLY="Failed"; fi fi @@ -806,7 +806,7 @@ nginx_reload(){ nginx_renew(){ # stop unconditionally - pkill -f $NGINX + pkill --ns $$ -f $NGINX # rebuild configuration build_ssl # start unconditionally diff --git a/etc/rc.d/rc.ntpd b/etc/rc.d/rc.ntpd index 532c4a033..e529da80b 100755 --- a/etc/rc.d/rc.ntpd +++ b/etc/rc.d/rc.ntpd @@ -23,7 +23,7 @@ IDENT="/boot/config/ident.cfg" ntpd_running(){ sleep 0.1 - [[ $(pgrep -cf $NTPD) -gt 0 ]] + [[ $(pgrep --ns $$ -cf $NTPD) -gt 0 ]] } ntpd_build(){ diff --git a/etc/rc.d/rc.ptpd b/etc/rc.d/rc.ptpd index 692d7529d..be1dcc49a 100755 --- a/etc/rc.d/rc.ptpd +++ b/etc/rc.d/rc.ptpd @@ -24,7 +24,7 @@ IDENT="/boot/config/ident.cfg" ptpd_running(){ sleep 0.1 - [[ $(pgrep -cf $PTPD) -gt 0 ]] + [[ $(pgrep --ns $$ -cf $PTPD) -gt 0 ]] } ptpd_build(){ @@ -83,8 +83,8 @@ ptpd_stop(){ if ! ptpd_running; then REPLY="Already stopped" else - pkill -f $PTPD 2>/dev/null - pkill -f $PHC 2>/dev/null + pkill --ns $$ -f $PTPD 2>/dev/null + pkill --ns $$ -f $PHC 2>/dev/null if ! ptpd_running; then REPLY="Stopped"; else REPLY="Failed"; fi fi log "$DAEMON... $REPLY." diff --git a/etc/rc.d/rc.wireless b/etc/rc.d/rc.wireless index 8e16249ce..a8a122f56 100755 --- a/etc/rc.d/rc.wireless +++ b/etc/rc.d/rc.wireless @@ -283,7 +283,7 @@ wifi_stop(){ IPV4=$(ip -4 -br addr show scope global primary dev shim-$PORT | awk '{print $3,$4,$5;exit}') [[ -n $IPV4 ]] && run ip addr del $IPV4 dev shim-$PORT run ip addr flush dev $PORT - run pkill wpa_supplicant + run pkill --ns $$ wpa_supplicant run iw dev $PORT disconnect run rm -f $INI # restart services when static assignments diff --git a/sbin/emhttp b/sbin/emhttp index 5649a2e59..ad301c858 100755 --- a/sbin/emhttp +++ b/sbin/emhttp @@ -41,7 +41,7 @@ case "${1:-start}" in 'start') log "Starting emhttpd..." # verify emhttpd not already started - if [[ -n $(pgrep emhttpd) ]]; then + if [[ -n $(pgrep --ns $$ emhttpd) ]]; then log "emhttpd already started." exit 1 fi @@ -54,7 +54,7 @@ case "${1:-start}" in /etc/rc.d/rc.nginx stop /etc/rc.d/rc.php-fpm stop log "Stopping emhttpd..." - pkill emhttpd + pkill --ns $$ emhttpd rmmod md-mod log "All services... Stopped." ;; diff --git a/sbin/monitor_nchan b/sbin/monitor_nchan index 297af5632..076e6003c 100755 --- a/sbin/monitor_nchan +++ b/sbin/monitor_nchan @@ -27,14 +27,14 @@ nchan_stop() { while IFS=$'\n' read -r nchan; do [[ ${nchan##*/} == '.*' ]] && continue echo $nchan >>$nchan_list - pkill -f $nchan + pkill --ns $$ -f $nchan done <<< $(ps -eo cmd | grep -Po '/usr/local/emhttp/.*/nchan/.*') } nchan_start() { [[ -e $nchan_list ]] || return while IFS=$'\n' read -r nchan; do - if ! pgrep -f $nchan >/dev/null; then + if ! pgrep --ns $$ -f $nchan >/dev/null; then $nchan &>/dev/null & fi done < $nchan_list