{"id":25983455,"url":"https://github.com/arachsys/init","last_synced_at":"2025-03-05T10:03:14.639Z","repository":{"id":3445435,"uuid":"4498414","full_name":"arachsys/init","owner":"arachsys","description":"Lightweight BSD-style init tools","archived":false,"fork":false,"pushed_at":"2024-11-19T16:55:05.000Z","size":90,"stargazers_count":35,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-11-19T17:50:45.291Z","etag":null,"topics":["init-system","linux","logging","supervisor","uevent"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/arachsys.png","metadata":{"files":{"readme":"README","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2012-05-30T18:31:04.000Z","updated_at":"2024-11-19T16:55:09.000Z","dependencies_parsed_at":"2023-11-19T15:32:11.050Z","dependency_job_id":"7adde555-6beb-4762-a528-fb80ee75e4fc","html_url":"https://github.com/arachsys/init","commit_stats":null,"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arachsys%2Finit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arachsys%2Finit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arachsys%2Finit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arachsys%2Finit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/arachsys","download_url":"https://codeload.github.com/arachsys/init/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242005808,"owners_count":20056434,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["init-system","linux","logging","supervisor","uevent"],"created_at":"2025-03-05T10:02:08.656Z","updated_at":"2025-03-05T10:03:14.619Z","avatar_url":"https://github.com/arachsys.png","language":"C","readme":"Arachsys init\n=============\n\nThis is the lightweight BSD-style init and syslog system used in Arachsys\nLinux. It includes a number of small utilities, described below.\n\n\ndaemon\n------\n\nFreeBSD has included daemon(8) since 5.0-RELEASE in early 2003. This is a\nLinux-specific reimplementation which supports the same options as the\nFreeBSD version, together with additional features to make it a useful\nbuilding-block for simple dependency-based parallel execution during system\nboot.\n\nIts basic purpose is to detach from the controlling terminal and execute a\nspecified command as a background daemon. In common with the original, it\nhas options to change directory before starting, to lock, write and remove\na pidfile on behalf of the command, to restart the command when it exits,\nand to drop privileges to a different user and group before execution.\n\nThis version can also start a logger process to send output to syslog and\nuses inotify to implement simple dependencies, waiting for specified\nfilesystem paths to be created before starting the command. (Typically this\nis used with pidfiles or unix sockets in /run.)\n\nA simple subset of traditional inetd or tcpserver functionality is also\navailable: daemon can listen on TCP or unix stream sockets and run the\nspecified command as a handler for each inbound connection.\n\nNote that the daemon process is intentionally run as a session and process\ngroup leader. On Linux, a session leader without a controlling terminal can\nacquire one just by opening a terminal device. Pass the -f flag to disable\nthis behaviour: daemon will fork twice so it no longer leads the session.\n\n\ninit and reap\n-------------\n\nPrevious versions of this collection provided a minimal /bin/init, which\nlaunched an /etc/rc.startup script at boot, reaped orphans while waiting for\na signal to shut down, then ran an /etc/rc.shutdown script to gracefully\nterminate the system. Finally, /bin/init would call reboot() to halt, reboot\nor power-off depending on the signal that was sent.\n\nHowever, competent shells will always reap adopted children, so this was\nunnecessarily complicated. It is sufficient to make /etc/init an executable\nscript which starts the system exactly as /etc/rc.startup did, sleeps\nawaiting a signal to shutdown, then cleanly terminates the system like\n/etc/rc.startup, finally executing the stop utility below to reboot the\nkernel.\n\nLike the old /bin/init, an /etc/init script could sleep awaiting a signal,\nor for a more flexible interface, block reading commands from a /dev/initctl\nnamed pipe.\n\nA demonstration /etc/init is included in the examples/ subdirectory, along\nwith an example /etc/fstab showing the required pseudo-filesystems and\none-line scripts to trigger poweroff and reboot actions.\n\nSometimes a completely null init can be useful, such as for PID 1 in a PID\nnamespace. The reap utility is intended to fill this role: it does nothing\nexcept explicitly ignore SIGCHLD to discard the exit status of adopted\nchildren and prevent them from becoming zombies. You could also exec it at\nthe end of an /etc/init script if you'd prefer to avoid a long-running\nshell process as system init.\n\n\npivot\n-----\n\nThis is a replacement for pivot_root from util-linux. Run with two\narguments as\n\n  pivot NEW-ROOT PUT-OLD\n\nit simply makes a pivot_root() syscall to move the root filesystem of the\ncurrent mount namespace to the directory PUT-OLD and make NEW-ROOT the new\nroot filesystem.\n\nHowever, unlike util-linux pivot_root, it can also be run with a single\nargument NEW-ROOT, omitting PUT-OLD. In this case, it uses a pivot_root()\ncall to stack the old and new root filesystems on the same mount point,\nthen completely detaches the old root filesystem before returning.\n\nPerforming the detach operation atomically in a single command is helpful\nwhen constructing secure containers from a script. It eliminates the need\nto trust the umount binary within the container.\n\nDespite the extra functionality, pivot is smaller than util-linux pivot_root\nand doesn't defile /bin with an ugly command name containing an underscore.\n\n\nrunfg\n-----\n\nAn anti-backgrounding wrapper in the style of Dan Bernstein's fghack,\nthis uses the Linux-specific PR_SET_CHILD_SUBREAPER prctl to capture\nall descendants of the command it runs. It waits for them to exit before\nreturning the exit status of the original command. Unlike fghack, it does\nnot rely on unexpected file descriptors being left open, but as a subreaper\nit unavoidably adopts pre-existing children as well as the one it spawns.\n\n\nseal\n----\n\nLinux treats /proc/self/exe and /proc/PID/exe in a strange magic way.\nAlthough stat() sees a symlink to the absolute path of the binary, open()\naccesses the binary itself whether or not the symlink can be resolved in\nthe filesystem namespace of the opening process.\n\nSometimes when sandboxing processes, this can leak a path to a host binary\nfrom inside an otherwise isolated container. For example, this led to the\nCVE-2019-5736 vulnerability in runC 'privileged containers'.\n\nOne robust defence against this is to exec such processes from a sealed\nmemfd rather than directly from the host filesystem. The seal utility\nprovides an easy way to do this for an arbitrary program. Invoked as\n\n  seal PROG [ARG]...\n\nit locates PROG on the PATH, clones it to a new sealed memfd, then executes\nthe memfd with the given arguments using fexecve().\n\nThe behaviour of the shell and execvp/execlp is mirrored as closely as\npossible: PROG must be executable and program names containing '/'\ncharacters are assumed to be a full pathname, bypassing PATH.\n\n\nstop\n----\n\nSince a shell script cannot directly perform the final reboot() system call\nat the end of shutdown, the stop utility is provided to do this. This\nexpects a single argument of 'halt', 'kexec', poweroff', 'reboot' or\n'shutdown' to indicate the type of reboot() call required. Run without an\naction argument, stop will list the available actions together with a\nwarning about its lack of gracefulness.\n\n\nsyslog and syslogd\n------------------\n\nThis little system logger daemon takes a different approach to its\nmainstream competitors, more in keeping with the Unix 'toolkit' philosophy.\n\nsyslog reads messages as they arrive at /dev/log and /dev/kmsg, printing\nthem to stdout in a format chosen for ease of handling in a shell-script\nread loop.\n\nBy default, syslog uses UTC timestamps. Each line of output consists of\neight space-separated fields:\n\n  - process ID of the sender, or 0 for a kernel messsage\n  - numeric user ID of the sender, or 0 for a kernel message\n  - numeric group ID of the sender, or 0 for a kernel message\n  - facility name: daemon, kern, authpriv, etc.\n  - numeric log level from 0 (LOG_EMERG) to 7 (LOG_DEBUG)\n  - date in the format YYYY-MM-DD\n  - time in the 24-hour format HH:MM:SS\n  - the log message itself\n\nIf TZ is non-empty in the environment, local time is used instead of UTC and\nthe zone offset in the format +HHMM or -HHMM is appended to the time field.\nThis resolves any ambiguity with times during daylight saving changes. To\nstamp log entries with the default local zone, run with TZ=:/etc/localtime.\n\nWhen run with the -b option, syslog also prints old messages in the kernel\nring buffer. This is useful for capturing kernel boot messages at system\nstartup. With the -n option, the output format includes numeric facilities\ninstead of names.\n\nOn glibc systems, syslog(3) sends datagrams to /dev/log with dates in the\ntime zone of the calling process. On musl systems, these time stamps are\nalways UTC. The right behaviour should be chosen automatically but can be\nexplicitly configured at compile time with -DUTCLOG=0 or -DUTCLOG=1.\n\nA simple syslogd script which wraps syslog is installed with it.\n\n\nuevent, ueventd and ueventwait\n------------------------------\n\nThe kernel notifies userspace of device creation with uevents sent to\nclients listening on a NETLINK_KOBJECT_UEVENT sockets. As they arrive,\n'uevent -l 1' lists the uevent properties to stdout in a space-separated\nkey/value format with a blank line terminating the record. This format is\nchosen for easy of handling in a shell-script read loop.\n\nOn startup, once uevent is bound to the netlink socket, it emits an\ninitial blank line which can be used to avoid a race in scripts which\nalso scan /sys for existing devices.\n\nAn example uevent property list for a newly created disk device is\n\n  ACTION add\n  DEVPATH /devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda\n  SUBSYSTEM block\n  MAJOR 8\n  MINOR 0\n  DEVNAME sda\n  DEVTYPE disk\n  SEQNUM 5561\n\nDEVPATH is the path within the sysfs mount for the relevant device, and\nDEVNAME (if set) is the path of the kernel-created device node in devtmpfs.\nNetwork interfaces will instead have an INTERFACE property with their name\nthat was allocated by the kernel.\n\nMore generally, uevent can listen on any combination of netlink groups,\nspecified as a mask argument in 'uevent -l GROUPS'. The kernel reports\nuevents on group 1, but groups 2, 4, 8, ... are available for userspace.\n\nRun as 'uevent -b GROUPS', uevent will instead read key/value properties\nfrom stdin, terminated by a blank line, and broadcast them via netlink.\n\nA simple ueventd script to handle uevent output is installed with it, as\ncleaner, more flexible replacement for udev. To use this, define bash\nfunctions add(), remove(), change(), etc. (matching the event ACTION types)\nin /etc/ueventd.conf, which is sourced by the script on start. The event()\nshell function is also called for all events, with the ACTION and DEVPATH in\nits first two arguments.\n\nAll of the shell functions defined in /etc/ueventd.conf will be called with\nthe uevent environment list (properties) in an associative array ENV\ntogether with the most commonly accessed properties in the shell variables\nACTION, DEVNAME, DEVPATH, DRIVER, INTERFACE and SUBSYSTEM. SYSPATH is also\nset to the absolute path of the device directory, i.e. ${SYSFS}${DEVPATH}\nwhere $SYSFS is typically /sys.\n\nTo rebroadcast filtered events to userspace, such as programs linked against\nlibudev-zero, run ueventd with the -b option and adjust ENV as required in\nthe handler functions. To completely suppress an event, unset ENV or return\nwith non-zero status.\n\nThe ueventwait script provides a lighter-weight mechanism to wait for\na single device without a persistent ueventd, matching devices against\narguments of the form KEY=PATTERN, where KEY is a property name and PATTERN\nis a bash extended-glob pattern to match against its value. It scans /sys\nto check if a matching device already exists, awaits one using a uevent\nlistener if not, and reports the sysfs path of the device to stdout.\n\n\nBuilding and installing\n-----------------------\n\nUnpack the source tar.gz file and change to the unpacked directory.\n\nRun 'make', then 'make install' to install the scripts and binaries in /bin.\nAlternatively, you can set DESTDIR and/or BINDIR to install in a different\nlocation, or strip and copy the compiled binaries and scripts into the\ncorrect place manually.\n\nArachsys init was developed on GNU/Linux and is unlikely to be portable to\nother platforms as it uses a number of Linux-specific facilities. Please\nreport any problems or bugs to Chris Webb \u003cchris@arachsys.com\u003e.\n\n\nCopying\n-------\n\nArachsys init was written by Chris Webb \u003cchris@arachsys.com\u003e and is\ndistributed as Free Software under the terms of the MIT license in COPYING.\n","funding_links":[],"categories":["systemd-udev"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farachsys%2Finit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Farachsys%2Finit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farachsys%2Finit/lists"}