static void setup(void) { isc_result_t result; isc_resourcevalue_t old_openfiles; #ifdef HAVE_LIBSCF char *instance = NULL; #endif /* * Get the user and group information before changing the root * directory, so the administrator does not need to keep a copy * of the user and group databases in the chroot'ed environment. */ ns_os_inituserinfo(ns_g_username); /* * Initialize time conversion information */ ns_os_tzset(); ns_os_opendevnull(); #ifdef HAVE_LIBSCF /* Check if named is under smf control, before chroot. */ result = ns_smf_get_instance(&instance, 0, ns_g_mctx); /* We don't care about instance, just check if we got one. */ if (result == ISC_R_SUCCESS) ns_smf_got_instance = 1; else ns_smf_got_instance = 0; if (instance != NULL) isc_mem_free(ns_g_mctx, instance); #endif /* HAVE_LIBSCF */ #ifdef PATH_RANDOMDEV /* * Initialize system's random device as fallback entropy source * if running chroot'ed. */ if (ns_g_chrootdir != NULL) { result = isc_entropy_create(ns_g_mctx, &ns_g_fallbackentropy); if (result != ISC_R_SUCCESS) ns_main_earlyfatal("isc_entropy_create() failed: %s", isc_result_totext(result)); result = isc_entropy_createfilesource(ns_g_fallbackentropy, PATH_RANDOMDEV); if (result != ISC_R_SUCCESS) { ns_main_earlywarning("could not open pre-chroot " "entropy source %s: %s", PATH_RANDOMDEV, isc_result_totext(result)); isc_entropy_detach(&ns_g_fallbackentropy); } } #endif #ifdef ISC_PLATFORM_USETHREADS /* * Check for the number of cpu's before ns_os_chroot(). */ ns_g_cpus_detected = isc_os_ncpus(); #endif ns_os_chroot(ns_g_chrootdir); /* * For operating systems which have a capability mechanism, now * is the time to switch to minimal privs and change our user id. * On traditional UNIX systems, this call will be a no-op, and we * will change the user ID after reading the config file the first * time. (We need to read the config file to know which possibly * privileged ports to bind() to.) */ ns_os_minprivs(); result = ns_log_init(ISC_TF(ns_g_username != NULL)); if (result != ISC_R_SUCCESS) ns_main_earlyfatal("ns_log_init() failed: %s", isc_result_totext(result)); /* * Now is the time to daemonize (if we're not running in the * foreground). We waited until now because we wanted to get * a valid logging context setup. We cannot daemonize any later, * because calling create_managers() will create threads, which * would be lost after fork(). */ if (!ns_g_foreground) ns_os_daemonize(); /* * We call isc_app_start() here as some versions of FreeBSD's fork() * destroys all the signal handling it sets up. */ result = isc_app_start(); if (result != ISC_R_SUCCESS) ns_main_earlyfatal("isc_app_start() failed: %s", isc_result_totext(result)); isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "starting %s %s%s%s <id:%s>%s", ns_g_product, ns_g_version, *ns_g_description ? " " : "", ns_g_description, ns_g_srcid, saved_command_line); isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "running on %s", ns_os_uname()); isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "built with %s", ns_g_configargs); isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "----------------------------------------------------"); isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "BIND 9 is maintained by Internet Systems Consortium,"); isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "Inc. (ISC), a non-profit 501(c)(3) public-benefit "); isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "corporation. Support and training for BIND 9 are "); isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "available at https://www.isc.org/support"); isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "----------------------------------------------------"); dump_symboltable(); /* * Get the initial resource limits. */ (void)isc_resource_getlimit(isc_resource_stacksize, &ns_g_initstacksize); (void)isc_resource_getlimit(isc_resource_datasize, &ns_g_initdatasize); (void)isc_resource_getlimit(isc_resource_coresize, &ns_g_initcoresize); (void)isc_resource_getlimit(isc_resource_openfiles, &ns_g_initopenfiles); /* * System resources cannot effectively be tuned on some systems. * Raise the limit in such cases for safety. */ old_openfiles = ns_g_initopenfiles; ns_os_adjustnofile(); (void)isc_resource_getlimit(isc_resource_openfiles, &ns_g_initopenfiles); if (old_openfiles != ns_g_initopenfiles) { isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "adjusted limit on open files from " "%" ISC_PRINT_QUADFORMAT "u to " "%" ISC_PRINT_QUADFORMAT "u", old_openfiles, ns_g_initopenfiles); } /* * If the named configuration filename is relative, prepend the current * directory's name before possibly changing to another directory. */ if (! isc_file_isabsolute(ns_g_conffile)) { result = isc_file_absolutepath(ns_g_conffile, absolute_conffile, sizeof(absolute_conffile)); if (result != ISC_R_SUCCESS) ns_main_earlyfatal("could not construct absolute path " "of configuration file: %s", isc_result_totext(result)); ns_g_conffile = absolute_conffile; } /* * Record the server's startup time. */ result = isc_time_now(&ns_g_boottime); if (result != ISC_R_SUCCESS) ns_main_earlyfatal("isc_time_now() failed: %s", isc_result_totext(result)); result = create_managers(); if (result != ISC_R_SUCCESS) ns_main_earlyfatal("create_managers() failed: %s", isc_result_totext(result)); ns_builtin_init(); /* * Add calls to register sdb drivers here. */ /* xxdb_init(); */ #ifdef ISC_DLZ_DLOPEN /* * Register the DLZ "dlopen" driver. */ result = dlz_dlopen_init(ns_g_mctx); if (result != ISC_R_SUCCESS) ns_main_earlyfatal("dlz_dlopen_init() failed: %s", isc_result_totext(result)); #endif #if CONTRIB_DLZ /* * Register any other contributed DLZ drivers. */ result = dlz_drivers_init(); if (result != ISC_R_SUCCESS) ns_main_earlyfatal("dlz_drivers_init() failed: %s", isc_result_totext(result)); #endif ns_server_create(ns_g_mctx, &ns_g_server); #ifdef HAVE_LIBSECCOMP setup_seccomp(); #endif /* HAVE_LIBSECCOMP */ }
isc_result_t isc_resource_getcurlimit(isc_resource_t resource, isc_resourcevalue_t *value) { return (isc_resource_getlimit(resource, value)); }