From: Wietse Venema Date: Tue, 3 Apr 2018 05:00:00 +0000 (-0500) Subject: postfix-3.4-20180403 X-Git-Tag: v3.4.0-RC1~41 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0b850f68401bdbff5f647c9febfe78131df6421e;p=thirdparty%2Fpostfix.git postfix-3.4-20180403 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 165e75670..0d72eea39 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -23363,3 +23363,11 @@ Apologies for any names omitted. Portability: FreeBSD 11 is supported. Files: makedefs, util/sys_defs.h. + +20180403 + + Containers: "postfix start-fg" will now attempt to run the + master daemon as PID 1, and "postfix stop" will use a + stronger signal if the master does not stop. Files: + conf/postfix-script, master/master.c, master/master_sig.c, + postfix/postfix.c. diff --git a/postfix/conf/postfix-script b/postfix/conf/postfix-script index cd77dd973..4a14af7a6 100755 --- a/postfix/conf/postfix-script +++ b/postfix/conf/postfix-script @@ -150,11 +150,16 @@ start|start-fg) ;; start-fg) # Foreground start-up is incompatible with multi-instance mode. - # We can't use "exec $daemon_directory/master" here: that would - # break process group management, and "postfix stop" would kill - # too many processes. + # Use "exec $daemon_directory/master -i" only if PID == 1. + # Otherwise, doing so would break process group management, + # and "postfix stop" would kill too many processes. case $instances in - "") $daemon_directory/master + "") case $$ in + 1) exec $daemon_directory/master -i + $FATAL "cannot start-fg the master daemon" + exit 1;; + *) $daemon_directory/master;; + esac ;; *) $FATAL "start-fg does not support multi_instance_directories" exit 1 diff --git a/postfix/html/master.8.html b/postfix/html/master.8.html index 4a064c784..4376f7434 100644 --- a/postfix/html/master.8.html +++ b/postfix/html/master.8.html @@ -10,7 +10,7 @@ MASTER(8) MASTER(8) master - Postfix master process SYNOPSIS - master [-Ddtvw] [-c config_dir] [-e exit_time] + master [-Dditvw] [-c config_dir] [-e exit_time] DESCRIPTION The master(8) daemon is the resident process that runs Postfix daemons @@ -47,6 +47,10 @@ MASTER(8) MASTER(8) Terminate the master process after exit_time seconds. Child pro- cesses terminate at their convenience. + -i Enable init mode: do not attempt to become a session or process + group leader. This mode is allowed only if the process ID equals + 1. + -t Test mode. Return a zero exit status when the master.pid lock file does not exist or when that file is not locked. This is evidence that the master(8) daemon is not running. diff --git a/postfix/html/postfix.1.html b/postfix/html/postfix.1.html index cff351cc3..f994fc339 100644 --- a/postfix/html/postfix.1.html +++ b/postfix/html/postfix.1.html @@ -38,100 +38,101 @@ POSTFIX(1) POSTFIX(1) start-fg Like start, but keep the master daemon running in the fore- - ground. This requires that multi-instance support is disabled - (i.e. the multi_instance_directories parameter value must be - empty). When running Postfix inside a container, mount the con- - tainer host's /dev/log socket inside the container (example: - "docker run -v /dev/log:/dev/log ...") and specify a distinct - Postfix "syslog_name" prefix that identifies logging from the - Postfix instance. + ground, if possible as PID 1. This command requires that + multi-instance support is disabled (i.e. the + multi_instance_directories parameter value must be empty). When + running Postfix inside a container, mount the container host's + /dev/log socket inside the container (example: "docker run -v + /dev/log:/dev/log ...") and specify a distinct Postfix "sys- + log_name" prefix that identifies logging from the Postfix + instance. stop Stop the Postfix mail system in an orderly fashion. If possible, - running processes are allowed to terminate at their earliest + running processes are allowed to terminate at their earliest convenience. - Note: in order to refresh the Postfix mail system after a con- - figuration change, do not use the start and stop commands in + Note: in order to refresh the Postfix mail system after a con- + figuration change, do not use the start and stop commands in succession. Use the reload command instead. - abort Stop the Postfix mail system abruptly. Running processes are + abort Stop the Postfix mail system abruptly. Running processes are signaled to stop immediately. flush Force delivery: attempt to deliver every message in the deferred mail queue. Normally, attempts to deliver delayed mail happen at - regular intervals, the interval doubling after each failed + regular intervals, the interval doubling after each failed attempt. - Warning: flushing undeliverable mail frequently will result in + Warning: flushing undeliverable mail frequently will result in poor delivery performance of all other mail. - reload Re-read configuration files. Running processes terminate at + reload Re-read configuration files. Running processes terminate at their earliest convenience. status Indicate if the Postfix mail system is currently running. set-permissions [name=value ...] - Set the ownership and permissions of Postfix related files and + Set the ownership and permissions of Postfix related files and directories, as specified in the postfix-files file. - Specify name=value to override and update specific main.cf con- - figuration parameters. Use this, for example, to change the - mail_owner or setgid_group setting for an already installed + Specify name=value to override and update specific main.cf con- + figuration parameters. Use this, for example, to change the + mail_owner or setgid_group setting for an already installed Postfix system. - This feature is available in Postfix 2.1 and later. With Post- - fix 2.0 and earlier, use "$config_directory/post-install + This feature is available in Postfix 2.1 and later. With Post- + fix 2.0 and earlier, use "$config_directory/post-install set-permissions". tls subcommand - Enable opportunistic TLS in the Postfix SMTP client or server, - and manage Postfix SMTP server TLS private keys and certifi- + Enable opportunistic TLS in the Postfix SMTP client or server, + and manage Postfix SMTP server TLS private keys and certifi- cates. See postfix-tls(1) for documentation. This feature is available in Postfix 3.1 and later. upgrade-configuration [name=value ...] - Update the main.cf and master.cf files with information that - Postfix needs in order to run: add or update services, and add + Update the main.cf and master.cf files with information that + Postfix needs in order to run: add or update services, and add or update configuration parameter settings. - Specify name=value to override and update specific main.cf con- + Specify name=value to override and update specific main.cf con- figuration parameters. - This feature is available in Postfix 2.1 and later. With Post- - fix 2.0 and earlier, use "$config_directory/post-install + This feature is available in Postfix 2.1 and later. With Post- + fix 2.0 and earlier, use "$config_directory/post-install upgrade-configuration". The following options are implemented: -c config_dir - Read the main.cf and master.cf configuration files in the named - directory instead of the default configuration directory. Use - this to distinguish between multiple Postfix instances on the + Read the main.cf and master.cf configuration files in the named + directory instead of the default configuration directory. Use + this to distinguish between multiple Postfix instances on the same host. - With Postfix 2.6 and later, this option forces the postfix(1) + With Postfix 2.6 and later, this option forces the postfix(1) command to operate on the specified Postfix instance only. This - behavior is inherited by postfix(1) commands that run as a + behavior is inherited by postfix(1) commands that run as a descendant of the current process. -D (with postfix start only) Run each Postfix daemon under control of a debugger as specified via the debugger_command configuration parameter. - -v Enable verbose logging for debugging purposes. Multiple -v + -v Enable verbose logging for debugging purposes. Multiple -v options make the software increasingly verbose. ENVIRONMENT - The postfix(1) command exports the following environment variables + The postfix(1) command exports the following environment variables before executing the postfix-script file: MAIL_CONFIG This is set when the -c command-line option is present. With Postfix 2.6 and later, this environment variable forces the - postfix(1) command to operate on the specified Postfix instance - only. This behavior is inherited by postfix(1) commands that + postfix(1) command to operate on the specified Postfix instance + only. This behavior is inherited by postfix(1) commands that run as a descendant of the current process. MAIL_VERBOSE @@ -145,7 +146,7 @@ POSTFIX(1) POSTFIX(1) ment variables with the same names: config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. command_directory (see 'postconf -d' output) @@ -155,22 +156,22 @@ POSTFIX(1) POSTFIX(1) The directory with Postfix support programs and daemon programs. html_directory (see 'postconf -d' output) - The location of Postfix HTML files that describe how to build, + The location of Postfix HTML files that describe how to build, configure or operate a specific Postfix subsystem or feature. mail_owner (postfix) - The UNIX system account that owns the Postfix queue and most + The UNIX system account that owns the Postfix queue and most Postfix daemon processes. mailq_path (see 'postconf -d' output) - Sendmail compatibility feature that specifies where the Postfix + Sendmail compatibility feature that specifies where the Postfix mailq(1) command is installed. manpage_directory (see 'postconf -d' output) Where the Postfix manual pages are installed. newaliases_path (see 'postconf -d' output) - Sendmail compatibility feature that specifies the location of + Sendmail compatibility feature that specifies the location of the newaliases(1) command. queue_directory (see 'postconf -d' output) @@ -181,31 +182,31 @@ POSTFIX(1) POSTFIX(1) configure or operate a specific Postfix subsystem or feature. sendmail_path (see 'postconf -d' output) - A Sendmail compatibility feature that specifies the location of + A Sendmail compatibility feature that specifies the location of the Postfix sendmail(1) command. setgid_group (postdrop) - The group ownership of set-gid Postfix commands and of + The group ownership of set-gid Postfix commands and of group-writable Postfix directories. Available in Postfix version 2.5 and later: data_directory (see 'postconf -d' output) - The directory with Postfix-writable data files (for example: + The directory with Postfix-writable data files (for example: caches, pseudo-random numbers). Available in Postfix version 3.0 and later: meta_directory (see 'postconf -d' output) - The location of non-executable files that are shared among mul- - tiple Postfix instances, such as postfix-files, dynamicmaps.cf, - and the multi-instance template files main.cf.proto and mas- + The location of non-executable files that are shared among mul- + tiple Postfix instances, such as postfix-files, dynamicmaps.cf, + and the multi-instance template files main.cf.proto and mas- ter.cf.proto. shlib_directory (see 'postconf -d' output) - The location of Postfix dynamically-linked libraries (libpost- - fix-*.so), and the default location of Postfix database plugins - (postfix-*.so) that have a relative pathname in the dynam- + The location of Postfix dynamically-linked libraries (libpost- + fix-*.so), and the default location of Postfix database plugins + (postfix-*.so) that have a relative pathname in the dynam- icmaps.cf file. Available in Postfix version 3.1 and later: @@ -216,29 +217,29 @@ POSTFIX(1) POSTFIX(1) Other configuration parameters: import_environment (see 'postconf -d' output) - The list of environment parameters that a privileged Postfix - process will import from a non-Postfix parent process, or + The list of environment parameters that a privileged Postfix + process will import from a non-Postfix parent process, or name=value environment overrides. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". Available in Postfix version 2.6 and later: multi_instance_directories (empty) - An optional list of non-default Postfix configuration directo- - ries; these directories belong to additional Postfix instances - that share the Postfix executable files and documentation with - the default Postfix instance, and that are started, stopped, + An optional list of non-default Postfix configuration directo- + ries; these directories belong to additional Postfix instances + that share the Postfix executable files and documentation with + the default Postfix instance, and that are started, stopped, etc., together with the default Postfix instance. multi_instance_wrapper (empty) - The pathname of a multi-instance manager command that the post- - fix(1) command invokes when the multi_instance_directories + The pathname of a multi-instance manager command that the post- + fix(1) command invokes when the multi_instance_directories parameter value is non-empty. multi_instance_group (empty) @@ -248,15 +249,15 @@ POSTFIX(1) POSTFIX(1) The optional instance name of this Postfix instance. multi_instance_enable (no) - Allow this Postfix instance to be started, stopped, etc., by a + Allow this Postfix instance to be started, stopped, etc., by a multi-instance manager. FILES - Prior to Postfix version 2.6, all of the following files were in $con- + Prior to Postfix version 2.6, all of the following files were in $con- fig_directory. Some files are now in $daemon_directory so that they can be shared among multiple instances that run the same Postfix version. - Use the command "postconf config_directory" or "postconf daemon_direc- + Use the command "postconf config_directory" or "postconf daemon_direc- tory" to expand the names into their actual values. $config_directory/main.cf, Postfix configuration parameters diff --git a/postfix/man/man1/postfix.1 b/postfix/man/man1/postfix.1 index fa0216050..d2a78285d 100644 --- a/postfix/man/man1/postfix.1 +++ b/postfix/man/man1/postfix.1 @@ -39,13 +39,14 @@ Start the Postfix mail system. This also runs the configuration check described above. .IP \fBstart\-fg\fR Like \fBstart\fR, but keep the master daemon running in the -foreground. This requires that multi\-instance support is -disabled (i.e. the multi_instance_directories parameter -value must be empty). When running Postfix inside a container, -mount the container host's /dev/log socket inside the -container (example: "docker run \-v /dev/log:/dev/log ...") -and specify a distinct Postfix "syslog_name" prefix that -identifies logging from the Postfix instance. +foreground, if possible as PID 1. This command requires +that multi\-instance support is disabled (i.e. the +multi_instance_directories parameter value must be empty). +When running Postfix inside a container, mount the container +host's /dev/log socket inside the container (example: "docker +run \-v /dev/log:/dev/log ...") and specify a distinct +Postfix "syslog_name" prefix that identifies logging from +the Postfix instance. .IP \fBstop\fR Stop the Postfix mail system in an orderly fashion. If possible, running processes are allowed to terminate at diff --git a/postfix/man/man8/master.8 b/postfix/man/man8/master.8 index 1eda9afe7..9316dea17 100644 --- a/postfix/man/man8/master.8 +++ b/postfix/man/man8/master.8 @@ -8,7 +8,7 @@ Postfix master process .SH "SYNOPSIS" .na .nf -\fBmaster\fR [\fB\-Ddtvw\fR] [\fB\-c \fIconfig_dir\fR] [\fB\-e \fIexit_time\fR] +\fBmaster\fR [\fB\-Dditvw\fR] [\fB\-c \fIconfig_dir\fR] [\fB\-e \fIexit_time\fR] .SH DESCRIPTION .ad .fi @@ -43,6 +43,10 @@ for debugging only. .IP "\fB\-e \fIexit_time\fR" Terminate the master process after \fIexit_time\fR seconds. Child processes terminate at their convenience. +.IP \fB\-i\fR +Enable \fBinit\fR mode: do not attempt to become a session +or process group leader. This mode is allowed only if the +process ID equals 1. .IP \fB\-t\fR Test mode. Return a zero exit status when the \fBmaster.pid\fR lock file does not exist or when that file is not locked. This is evidence diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index e63652161..86fd40339 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20180401" +#define MAIL_RELEASE_DATE "20180403" #define MAIL_VERSION_NUMBER "3.4" #ifdef SNAPSHOT diff --git a/postfix/src/master/master.c b/postfix/src/master/master.c index 846b2a415..6e9e604aa 100644 --- a/postfix/src/master/master.c +++ b/postfix/src/master/master.c @@ -4,7 +4,7 @@ /* SUMMARY /* Postfix master process /* SYNOPSIS -/* \fBmaster\fR [\fB-Ddtvw\fR] [\fB-c \fIconfig_dir\fR] [\fB-e \fIexit_time\fR] +/* \fBmaster\fR [\fB-Dditvw\fR] [\fB-c \fIconfig_dir\fR] [\fB-e \fIexit_time\fR] /* DESCRIPTION /* The \fBmaster\fR(8) daemon is the resident process that runs Postfix /* daemons on demand: daemons to send or receive messages via the @@ -37,6 +37,10 @@ /* .IP "\fB-e \fIexit_time\fR" /* Terminate the master process after \fIexit_time\fR seconds. Child /* processes terminate at their convenience. +/* .IP \fB-i\fR +/* Enable \fBinit\fR mode: do not attempt to become a session +/* or process group leader. This mode is allowed only if the +/* process ID equals 1. /* .IP \fB-t\fR /* Test mode. Return a zero exit status when the \fBmaster.pid\fR lock /* file does not exist or when that file is not locked. This is evidence @@ -266,6 +270,7 @@ int main(int argc, char **argv) ARGV *import_env; int wait_flag = 0; int monitor_fd = -1; + int init_mode = 0; /* * Fingerprint executables and core dumps. @@ -334,7 +339,7 @@ int main(int argc, char **argv) /* * Process JCL. */ - while ((ch = GETOPT(argc, argv, "c:Dde:tvw")) > 0) { + while ((ch = GETOPT(argc, argv, "c:Dde:itvw")) > 0) { switch (ch) { case 'c': if (setenv(CONF_ENV_PATH, optarg, 1) < 0) @@ -346,6 +351,11 @@ int main(int argc, char **argv) case 'e': event_request_timer(master_exit_event, (void *) 0, atoi(optarg)); break; + case 'i': + if (getpid() != 1) + msg_fatal("-i is allowed with for PID 1 process"); + init_mode = 1; + break; case 'D': debug_me = 1; break; @@ -375,6 +385,8 @@ int main(int argc, char **argv) */ if (test_lock && wait_flag) msg_fatal("the -t and -w options cannot be used together"); + if (init_mode + debug_me + !master_detach + wait_flag > 1) + msg_fatal("specify one of -i, -D, -d, or -w"); /* * Run a foreground monitor process that returns an exit status of 0 when @@ -403,7 +415,8 @@ int main(int argc, char **argv) * all MTA processes cleanly. Give up if we can't separate from our * parent process. We're not supposed to blow away the parent. */ - if (debug_me == 0 && master_detach != 0 && setsid() == -1 && getsid(0) != getpid()) + if (init_mode == 0 && debug_me == 0 && master_detach != 0 + && setsid() == -1 && getsid(0) != getpid()) msg_fatal("unable to set session and process group ID: %m"); /* diff --git a/postfix/src/master/master_sig.c b/postfix/src/master/master_sig.c index 81ae7f460..88f6f2305 100644 --- a/postfix/src/master/master_sig.c +++ b/postfix/src/master/master_sig.c @@ -210,6 +210,8 @@ static void master_sigdeath(int sig) msg_fatal("%s: sigaction: %m", myname); if (kill(pid, sig) < 0) msg_fatal("%s: kill myself: %m", myname); + if (kill(pid, SIGKILL) < 0) + msg_fatal("%s: kill myself: %m", myname); } /* master_sigsetup - set up signal handlers */ diff --git a/postfix/src/postfix/postfix.c b/postfix/src/postfix/postfix.c index c9b3174e8..4ca42f193 100644 --- a/postfix/src/postfix/postfix.c +++ b/postfix/src/postfix/postfix.c @@ -33,13 +33,14 @@ /* check described above. /* .IP \fBstart-fg\fR /* Like \fBstart\fR, but keep the master daemon running in the -/* foreground. This requires that multi-instance support is -/* disabled (i.e. the multi_instance_directories parameter -/* value must be empty). When running Postfix inside a container, -/* mount the container host's /dev/log socket inside the -/* container (example: "docker run -v /dev/log:/dev/log ...") -/* and specify a distinct Postfix "syslog_name" prefix that -/* identifies logging from the Postfix instance. +/* foreground, if possible as PID 1. This command requires +/* that multi-instance support is disabled (i.e. the +/* multi_instance_directories parameter value must be empty). +/* When running Postfix inside a container, mount the container +/* host's /dev/log socket inside the container (example: "docker +/* run -v /dev/log:/dev/log ...") and specify a distinct +/* Postfix "syslog_name" prefix that identifies logging from +/* the Postfix instance. /* .IP \fBstop\fR /* Stop the Postfix mail system in an orderly fashion. If /* possible, running processes are allowed to terminate at