configurable. File log failures are ignored by default for consistency
with syslog. Audit errors are ignored by default to allow the admin
to fix the issue. I/O log file errors are still fatal by default
since if I/O logging is activated it is usually to have an audit trail.
Bug #751
waitpid() will return 0 when the command is resumed after being
suspended, which we were treating the same as -1. Fixes suspend
and resume on Linux and probably others.
an exec error. We don't want to overwrite the error status but we
do need to indicate that the command is no longer running.
Fixes as hang on execve(2) error when running in a pty.
for this because that corresponds to the value for atomic pipe
writes. The actual pipe buffer is much larger on modern systems
and 64K is what BSD and Linux support for large pipe buffers.
time, only when the user suspends sudo. Fixes a problem where all
buffers might not get flushed at exit when logging I/O. Reproducible
via "sudo tar cf - foo | (cd /tmp && sudo tar xf -)" on OpenBSD.
is no associated reader just return as there is nothing else to be
done. In practice is it not possible for SUDO_EV_READ to be set
if revent is NULL but an early return is harmless and possibly
easier to understand. Coverity CID 104124.
the signal is in a different container since the PID namespaces in
different conatiners are separate. Avoid looking up the process
group by id when si_pid is 0 since getpgid(0) returns the process
group of the current process. Since sudo ignores signals sent
by processes in its own process group, this had the effect of
ignoring signals sent from other containers. From Maarten de Vries
SUDO_EV_READ and SUDO_EV_WRITE are set and read() returns 0 (EOF)
we don't close the fd before the write() is performed.
If the write() returns EPIPE, ENXIO, EIO or EBADF, clear SUDO_EV_READ
before we close the fd to avoid calling read() on a closed fd.
the command. Fixes a problem where pam_gnome_keyring installs its
own SIGCHLD handler and may not restore the original one. As a
result, we now have to explicitly wait for the askpass helper to
finish. Bug #657
sudo front-end will now set the default debug instance appropriately
before calling into the plugin. This means the plugin no longer needs
to do the sudo_debug_set_default_instance() dance.
For -1 (error) return, we now kill the command and disable
the I/O logging function that returned the error.
For a 0 (reject) return, we no longer display the rejected
output to the user's terminal. The plugin API revision is now 1.6.
foregroup process group. Instead of calling tcgetpgrp(), which is
racy, we set a temporary handler for SIGTTOU and check whether it
was received after a failed call to tcsetattr().
then calls gettext().
Add U_ macro that calls warning_gettext() instead of gettext().
Rename warning2()/error2() back to warning_nodebug()/error_nodebug().
