I just recently upgraded to Openwrt 22.03.0-rc1 and noticed some of the processes such as dnsmasq, wpa_suppilicant, ntpd are using ujail wrapper. I have a script that will parse my custom dnsmasq log file specified by logfacility every 15 minutes, recreate the log file (to prevent it from growing) and send SIGUSR2 to dnsmasq. My script initially involved reading the ".pid" file generated by dnsmasq instance (you can have multiple instances of dnsmasq) and sending SIGUSR2 to that instance. This was done every 15 minutes.
Because of the ujail wrapper, the content of the PID file for dnsmasq (in my case its /var/run/dnsmasq/dnsmasq.cfg01411c.pid) is 1. As expected, since this script runs every 15 minutes, on its first run
it sends kill -SIGUSR2 1 which instantly kills the router, and requires a manual reboot.
If i use pidof dnsmasq to retrieve the PID of dnsmasq, it now gives me 2 pids, one for ujail wrapper and the other being the actual spawned process id of dnsmasq.
My question is, what would be the proper way to get the pid of dnsmasq? This would probably impact any other scripts that require getting the pids of other processes that are now sandboxed by ujail.
EDIT: I was sending SIGUSR2 and not SIGHUP. Modified OP.
@ruralroots - That does get the correct pids (2 pids instead of 1). But I think things just got a bit more complicated. The documentation for dnsmasq states:
When logging to a file, dnsmasq will close and reopen the file
when it receives SIGUSR2.
This allows the log file to be rotated without stopping dnsmasq.
My script used to move the log file, recreate it, chown it for dnsmasq to be the owner and finally send SIGUSR2 to dnsmasq. Here is the general code:
LOGFILE=/var/log/dnsmasq.log
...
...
mv ${LOG_FILE} ${LOG_FILE}.tmp
touch ${LOG_FILE}
chown dnsmasq ${LOG_FILE}
### NOW OBSOLETE BECAUSE OF UJAIL
#### kill -SIGUSR2 `cat ${PID_FILE}`
kill -SIGUSR2 `pgrep -f ${PID_FILE} | head -n 1`
...
...
AS I mentioned, pgrep (along with pidof) returns two PID's for the instance of dnsmasq. So I tried both head and tail to send the SIGUSR2 to either pid, but dnsmasq no longer updates the log file and it stays at 0 bytes. I have to fully restart dnsmasq service which is not feasible to do every 15 minutes as that would have to reload the custom (adblock) hosts file every 15 minutes and that takes a while (block dns requests until reloaded).
I think this is because the inode of the new file is different, ujail would prevent dnsmasq from writing (perhaps even reading) to the new log file. I was working with the devs a day ago to get dnsmasq logfacility to work with ujail.
Rotating the log will require giving ujail access to the logfacility directory instead of the specific file file so I tweaked my dnsmasq init itself. This is more of an outlier solution atm.