Send signals as Icinga user in safe-reload and logrotate

In contrast to the regular `kill` binary, `icinga2 internal signal` drops permissions before sending the signal. This is important as the PID file can be written by the Icinga user, dropping the permissions prevents that user from using this to send signals to processes it is not supposed to signal. SIGUSR1 wasn't among the list of signals supported by `icinga2 internal signal`, so it is added there.
2025-09-26 02:58:43 +02:00 · 2025-08-01 11:27:48 +02:00 · 2025-08-01 11:27:48 +02:00 · 51ec73cbd9
commit 51ec73cbd9
parent d98caf2e3b
3 changed files with 4 additions and 2 deletions
--- a/etc/initsystem/safe-reload.cmake
+++ b/etc/initsystem/safe-reload.cmake
@ -43,7 +43,7 @@ if [ ! -e "$ICINGA2_PID_FILE" ]; then
 fi

 pid=`cat "$ICINGA2_PID_FILE"`
-if ! kill -HUP "$pid" >/dev/null 2>&1; then
+if ! "$DAEMON" internal signal --sig SIGHUP --pid "$pid" >/dev/null 2>&1; then
 	echo "Error: Icinga not running"
 	exit 7
 fi
--- a/etc/logrotate.d/icinga2.cmake
+++ b/etc/logrotate.d/icinga2.cmake
@ -6,7 +6,7 @@
 	missingok
 	notifempty@LOGROTATE_CREATE@
 	postrotate
-		/bin/kill -USR1 $(cat @ICINGA2_INITRUNDIR@/icinga2.pid 2> /dev/null) 2> /dev/null || true
+		@CMAKE_INSTALL_FULL_SBINDIR@/icinga2 internal signal --sig SIGUSR1 --pid "$(cat @ICINGA2_INITRUNDIR@/icinga2.pid 2> /dev/null)" 2> /dev/null || true
 	endscript
 }

--- a/lib/cli/internalsignalcommand.cpp
+++ b/lib/cli/internalsignalcommand.cpp
@ -57,6 +57,8 @@ int InternalSignalCommand::Run(const boost::program_options::variables_map& vm,
 		return kill(vm["pid"].as<int>(), SIGCHLD);
 	if (signal == "SIGHUP")
 		return kill(vm["pid"].as<int>(), SIGHUP);
+	if (signal == "SIGUSR1")
+		return kill(vm["pid"].as<int>(), SIGUSR1);

 	Log(LogCritical, "cli") << "Unsupported signal \"" << signal << "\"";
 #else