18fae3551SRodney W. GrimesPOSIX and init: 28fae3551SRodney W. Grimes-------------- 38fae3551SRodney W. Grimes 48fae3551SRodney W. GrimesPOSIX.1 does not define 'init' but it mentions it in a few places. 58fae3551SRodney W. Grimes 68fae3551SRodney W. GrimesB.2.2.2, p205 line 873: 78fae3551SRodney W. Grimes 88fae3551SRodney W. Grimes This is part of the extensive 'job control' glossary entry. 98fae3551SRodney W. Grimes This specific reference says that 'init' must by default provide 108fae3551SRodney W. Grimes protection from job control signals to jobs it starts -- 118fae3551SRodney W. Grimes it sets SIGTSTP, SIGTTIN and SIGTTOU to SIG_IGN. 128fae3551SRodney W. Grimes 138fae3551SRodney W. GrimesB.2.2.2, p206 line 889: 148fae3551SRodney W. Grimes 158fae3551SRodney W. Grimes Here is a reference to 'vhangup'. It says, 'POSIX.1 does 168fae3551SRodney W. Grimes not specify how controlling terminal access is affected by 178fae3551SRodney W. Grimes a user logging out (that is, by a controlling process 188fae3551SRodney W. Grimes terminating).' vhangup() is recognized as one way to handle 198fae3551SRodney W. Grimes the problem. I'm not clear what happens in Reno; I have 208fae3551SRodney W. Grimes the impression that when the controlling process terminates, 218fae3551SRodney W. Grimes references to the controlling terminal are converted to 228fae3551SRodney W. Grimes references to a 'dead' vnode. I don't know whether vhangup() 238fae3551SRodney W. Grimes is required. 248fae3551SRodney W. Grimes 258fae3551SRodney W. GrimesB.2.2.2, p206 line 921: 268fae3551SRodney W. Grimes 278fae3551SRodney W. Grimes Orphaned process groups bear indirectly on this issue. A 288fae3551SRodney W. Grimes session leader's process group is considered to be orphaned; 298fae3551SRodney W. Grimes that is, it's immune to job control signals from the terminal. 308fae3551SRodney W. Grimes 318fae3551SRodney W. GrimesB.2.2.2, p233 line 2055: 328fae3551SRodney W. Grimes 338fae3551SRodney W. Grimes 'Historically, the implementation-dependent process that 348fae3551SRodney W. Grimes inherits children whose parents have terminated without 358fae3551SRodney W. Grimes waiting on them is called "init" and has a process ID of 1.' 368fae3551SRodney W. Grimes 378fae3551SRodney W. Grimes It goes on to note that it used to be the case that 'init' 388fae3551SRodney W. Grimes was responsible for sending SIGHUP to the foreground process 398fae3551SRodney W. Grimes group of a tty whose controlling process has exited, using 408fae3551SRodney W. Grimes vhangup(). It is now the responsibility of the kernel to 418fae3551SRodney W. Grimes do this when the controlling process calls _exit(). The 428fae3551SRodney W. Grimes kernel is also responsible for sending SIGCONT to stopped 438fae3551SRodney W. Grimes process groups that become orphaned. This is like old BSD 448fae3551SRodney W. Grimes but entire process groups are signaled instead of individual 458fae3551SRodney W. Grimes processes. 468fae3551SRodney W. Grimes 478fae3551SRodney W. Grimes In general it appears that the kernel now automatically 488fae3551SRodney W. Grimes takes care of orphans, relieving 'init' of any responsibility. 498fae3551SRodney W. Grimes Specifics are listed on the _exit() page (p50). 508fae3551SRodney W. Grimes 518fae3551SRodney W. GrimesOn setsid(): 528fae3551SRodney W. Grimes----------- 538fae3551SRodney W. Grimes 548fae3551SRodney W. GrimesIt appears that neither getty nor login call setsid(), so init must 558fae3551SRodney W. Grimesdo this -- seems reasonable. B.4.3.2 p 248 implies that this is the 568fae3551SRodney W. Grimesway that 'init' should work; it says that setsid() should be called 578fae3551SRodney W. Grimesafter forking. 588fae3551SRodney W. Grimes 598fae3551SRodney W. GrimesProcess group leaders cannot call setsid() -- another reason to 608fae3551SRodney W. Grimesfork! Of course setsid() causes the current process to become a 618fae3551SRodney W. Grimesprocess group leader, so we can only call setsid() once. Note that 628fae3551SRodney W. Grimesthe controlling terminal acquires the session leader's process 638fae3551SRodney W. Grimesgroup when opened. 648fae3551SRodney W. Grimes 658fae3551SRodney W. GrimesControlling terminals: 668fae3551SRodney W. Grimes--------------------- 678fae3551SRodney W. Grimes 688fae3551SRodney W. GrimesB.7.1.1.3 p276: 'POSIX.1 does not specify a mechanism by which to 698fae3551SRodney W. Grimesallocate a controlling terminal. This is normally done by a system 708fae3551SRodney W. Grimesutility (such as 'getty') and is considered ... outside the scope 718fae3551SRodney W. Grimesof POSIX.1.' It goes on to say that historically the first open() 728fae3551SRodney W. Grimesof a tty in a session sets the controlling terminal. P130 has the 738fae3551SRodney W. Grimesfull details; nothing particularly surprising. 748fae3551SRodney W. Grimes 758fae3551SRodney W. GrimesThe glossary p12 describes a 'controlling process' as the first 768fae3551SRodney W. Grimesprocess in a session that acquires a controlling terminal. Access 778fae3551SRodney W. Grimesto the terminal from the session is revoked if the controlling 788fae3551SRodney W. Grimesprocess exits (see p50, in the discussion of process termination). 798fae3551SRodney W. Grimes 808fae3551SRodney W. GrimesDesign notes: 818fae3551SRodney W. Grimes------------ 828fae3551SRodney W. Grimes 838fae3551SRodney W. Grimesyour generic finite state machine 848fae3551SRodney W. Grimeswe are fascist about which signals we elect to receive, 858fae3551SRodney W. Grimes even signals purportedly generated by hardware 868fae3551SRodney W. Grimeshandle fatal errors gracefully if possible (we reboot if we goof!!) 878fae3551SRodney W. Grimes if we get a segmentation fault etc., print a message on the console 888fae3551SRodney W. Grimes and spin for a while before rebooting 898fae3551SRodney W. Grimes (this at least decreases the amount of paper consumed :-) 908fae3551SRodney W. Grimesapply hysteresis to rapidly exiting gettys 918fae3551SRodney W. Grimescheck wait status of children we reap 928fae3551SRodney W. Grimes don't wait for stopped children 938fae3551SRodney W. Grimesdon't use SIGCHILD, it's too expensive 948fae3551SRodney W. Grimes but it may close windows and avoid races, sigh 958fae3551SRodney W. Grimeslook for EINTR in case we need to change state 968fae3551SRodney W. Grimesinit is responsible for utmp and wtmp maintenance (ick) 978fae3551SRodney W. Grimes maybe now we can consider replacements? maintain them in parallel 988fae3551SRodney W. Grimes init only removes utmp and closes out wtmp entries... 998fae3551SRodney W. Grimes 1008fae3551SRodney W. Grimesnecessary states and state transitions (gleaned from the man page): 1018fae3551SRodney W. Grimes 1: single user shell (with password checking?); on exit, go to 2 1028fae3551SRodney W. Grimes 2: rc script: on exit 0, go to 3; on exit N (error), go to 1 1038fae3551SRodney W. Grimes 3: read ttys file: on completion, go to 4 1048fae3551SRodney W. Grimes 4: multi-user operation: on SIGTERM, go to 7; on SIGHUP, go to 5; 1058fae3551SRodney W. Grimes on SIGTSTP, go to 6 1068fae3551SRodney W. Grimes 5: clean up mode (re-read ttys file, killing off controlling processes 1078fae3551SRodney W. Grimes on lines that are now 'off', starting them on lines newly 'on') 1088fae3551SRodney W. Grimes on completion, go to 4 1098fae3551SRodney W. Grimes 6: boring mode (no new sessions); signals as in 4 1108fae3551SRodney W. Grimes 7: death: send SIGHUP to all controlling processes, reap for 30 seconds, 1118fae3551SRodney W. Grimes then go to 1 (warn if not all processes died, i.e. wait blocks) 1128fae3551SRodney W. GrimesGiven the -s flag, we start at state 1; otherwise state 2 113