Various fix and hardenings; doc clarification

Signed-off-by: Laurent Bercot <[email protected]>

README.md

@@ -809,15 +809,29 @@ image's `/etc/passwd`. Every bit of privilege separation helps a little with sec
   * **`0`**: Continue silently even if any script (`fix-attrs` or `cont-init`) has failed.
   * **`1`**: Continue but warn with an annoying error message.
   * **`2`**: Stop by sending a termination signal to the supervision tree.
-* `S6_KILL_FINISH_MAXTIME` (default = 5000): The maximum time (in milliseconds) a script in `/etc/cont-finish.d` could take before sending a `KILL` signal to it. Take into account that this parameter will be used per each script execution, it's not a max time for the whole set of scripts.
-* `S6_SERVICES_GRACETIME` (default = 3000): How long (in milliseconds) `s6` should wait services before sending a `TERM` signal.
-* `S6_KILL_GRACETIME` (default = 3000): How long (in milliseconds) `s6` should wait to reap zombies before sending a `KILL` signal.
+* `S6_KILL_FINISH_MAXTIME` (default = 5000): How long (in milliseconds) the system should
+wait, at shutdown time, for a script in `/etc/cont-finish.d` to finish naturally. After this
+duration, the script will be sent a SIGKILL. Bear in mind that scripts in `/etc/cont.finish.d`
+are run sequentially, and the shutdown sequence will potentially wait for `S6_KILL_FINISH_MAXTIME`
+milliseconds for *each* script.
+* `S6_SERVICES_GRACETIME` (default = 3000): How long (in milliseconds) `s6` should wait,
+at shutdown time, for services declared in `/etc/services.d` to die before proceeding
+with the rest of the shutdown.
+* `S6_KILL_GRACETIME` (default = 3000): How long (in milliseconds) `s6` should wait, at the end of
+the shutdown procedure when all the processes have received a TERM signal, for them to die
+before sending a `KILL` signal to make *sure* they're dead.
 * `S6_LOGGING_SCRIPT` (default = "n20 s1000000 T"): This env decides what to log and how, by default every line will prepend with ISO8601, rotated when the current logging file reaches 1mb and archived, at most, with 20 files.
 * `S6_CMD_ARG0` (default = not set): Value of this env var will be prepended to any `CMD` args passed by docker. Use it if you are migrting an existing image to a s6-overlay and want to make it a drop-in replacement, then setting this variable to a value of previously used ENTRYPOINT will improve compatibility with the way image is used.
 * `S6_FIX_ATTRS_HIDDEN` (default = 0): Controls how `fix-attrs.d` scripts process files and directories.
   * **`0`**: Hidden files and directories are excluded.
   * **`1`**: All files and directories are processed.
-* `S6_CMD_WAIT_FOR_SERVICES` (default = 0): In order to proceed executing CMD overlay will wait until services are up. Be aware that up doesn't mean ready. Depending if `notification-fd` was found inside the servicedir overlay will use `s6-svwait -U` or `s6-svwait -u` as the waiting statement.
+* `S6_CMD_WAIT_FOR_SERVICES` (default = 0): By default when the container starts,
+services in `/etc/services.d` will be started and execution will proceed to
+starting the `user2` bundle and the CMD, if any of these is defined. If
+`S6_CMD_WAIT_FOR_SERVICES` is nonzero, however, the container starting sequence
+will wait until the services in `/etc/services.d` are *ready* before proceeding
+with the rest of the sequence. Note that this is only significant if the services in `/etc/services.d`
+[notify their readiness](https://skarnet.org/software/s6/notifywhenup.html) to s6.
 * `S6_CMD_WAIT_FOR_SERVICES_MAXTIME` (default = 5000): The maximum time (in milliseconds) the services could take to bring up before proceding to CMD executing.
 Note that this value also includes the time setting up legacy container initialization (`/etc/cont-init.d`) and services (`/etc/services.d`),
 and that it is taken into account even if you are not running a CMD. In other words: no matter whether you're running a CMD or not,

layout/rootfs-overlay/package/admin/s6-overlay-@VERSION@/etc/s6-linux-init/skel/rc.init

@@ -7,15 +7,13 @@ if test -d /run/s6/container_environment ; then
   s6-chmod 0755 /run/s6/container_environment
 fi
 
-if v=`printcontenv S6_VERBOSITY` && s6-test "$v" =~ '^[[:digit:]]*$' ; then
-  if test "$v" -gt 0 ; then
-    cv=$((v - 1))
-  else
-    cv=0
-  fi
-else
+if v=`printcontenv S6_VERBOSITY` && s6-test "$v" =~ '^[[:digit:]]+$' ; then : ; else
   v=2
-  cv=1
+  cv=$((v - 1))
+fi
+
+if test "$cv" -lt 0 ; then
+  cv=0
 fi
 
 if hook=`printcontenv S6_STAGE2_HOOK` && test -n "$hook" ; then
@@ -23,7 +21,7 @@ if hook=`printcontenv S6_STAGE2_HOOK` && test -n "$hook" ; then
   $hook
   r=$?
   set -e
-  if test "$r" -gt 0 && test "$v" -gt 0 ; then
+  if s6-test "$r" -gt 0 -a "$v" -gt 0 ; then
     echo "$prog: warning: hook $hook exited $r" 1>&2
   fi
 fi
@@ -37,7 +35,7 @@ fi
 s6-rc-compile -v"$cv" /run/s6/db "$etc/s6-overlay/s6-rc.d" /package/admin/s6-overlay-@VERSION@/etc/s6-rc/sources
 s6-rc-init -c /run/s6/db /run/service
 
-if timeout=`printcontenv S6_CMD_WAIT_FOR_SERVICES_MAXTIME` && test "$timeout" -ge 0 ; then : ; else
+if timeout=`printcontenv S6_CMD_WAIT_FOR_SERVICES_MAXTIME` && s6-test "$timeout" =~ '^[[:digit:]]+$' ; then : ; else
   timeout=5000
 fi
 
@@ -46,7 +44,7 @@ s6-rc -v$v -u -t "$timeout" -- change "$top"
 r=$?
 set -e
 
-if test "$r" -ne 0 && b=0`printcontenv S6_BEHAVIOUR_IF_STAGE2_FAILS` && test "$b" -ne 0 ; then
+if b=`printcontenv S6_BEHAVIOUR_IF_STAGE2_FAILS` && s6-test "$r" -gt 0 -a "$b" =~ '^[[:digit:]]+$' -a "$b" -gt 0 ; then
   echo "$prog: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information." 1>&2
   if test "$b" -ge 2 ; then
     echo "prog: fatal: stopping the container." 1>&2
@@ -55,7 +53,7 @@ if test "$r" -ne 0 && b=0`printcontenv S6_BEHAVIOUR_IF_STAGE2_FAILS` && test "$b
   fi
 fi
 
-if test "$#" -ne 0 ; then
+if test "$#" -gt 0 ; then
   cd `s6-cat < /run/s6/workdir`
   set +e
   arg0=`printcontenv S6_CMD_ARG0`

layout/rootfs-overlay/package/admin/s6-overlay-@VERSION@/etc/s6-linux-init/skel/rc.shutdown

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-if v=`printcontenv S6_VERBOSITY` && s6-test "$v" =~ '^[[:digit:]]*$' ; then : ; else
+if v=`printcontenv S6_VERBOSITY` && s6-test "$v" =~ '^[[:digit:]]+$' ; then : ; else
   v=2
 fi
 

layout/rootfs-overlay/package/admin/s6-overlay-@VERSION@/etc/s6-rc/scripts/cont-finish

@@ -6,7 +6,7 @@ else
   etc=/etc
 fi
 
-if ! kimeout=`printcontenv S6_KILL_FINISH_MAXTIME` ; then
+if kimeout=`printcontenv S6_KILL_FINISH_MAXTIME` && s6-test "$kimeout" =~ '^[[:digit:]]+$' ; then : ; else
   kimeout=0
 fi
 

layout/rootfs-overlay/package/admin/s6-overlay-@VERSION@/etc/s6-rc/scripts/services-down

@@ -15,7 +15,7 @@ done
 if test -n "$list" ; then
   s6-rmrf $links
   s6-svscanctl -an /run/service
-  if ! grace=`printcontenv S6_SERVICES_GRACETIME` ; then
+  if grace=`printcontenv S6_SERVICES_GRACETIME` && s6-test "$grace" =~ '^[[:digit:]]+$' ; then : ; else
     grace=3000
   fi
   s6-svwait -D -t "$grace" -- $list

layout/rootfs-overlay/package/admin/s6-overlay-@VERSION@/etc/s6-rc/scripts/services-up

@@ -34,8 +34,8 @@ done
 
 s6-svscanctl -a /run/service
 
-if test 0`printcontenv S6_CMD_WAIT_FOR_SERVICES` -ne 0 ; then
-  if ! maxtime=`printcontenv S6_CMD_WAIT_FOR_SERVICES_MAXTIME` ; then
+if dowait=`printcontenv S6_CMD_WAIT_FOR_SERVICES` && s6-test "$dowait" =~ '^[[:digit:]]+$' -a "$dowait" -gt 0 ; then
+  if maxtime=`printcontenv S6_CMD_WAIT_FOR_SERVICES_MAXTIME` && s6-test "$maxtime" =~ '^[[:digit:]]+$' ; then : ; else
     maxtime=0
   fi
 
@@ -49,7 +49,7 @@ if test 0`printcontenv S6_CMD_WAIT_FOR_SERVICES` -ne 0 ; then
   if test -n "$notifyes" && ! s6-svwait -U -t "$maxtime" -- $notifyes ; then
     r=true
   fi
-  if $r && b=0`printcontenv S6_BEHAVIOUR_IF_STAGE2_FAILS` && test "$b" -ne 0 ; then
+  if $r && b=`printcontenv S6_BEHAVIOUR_IF_STAGE2_FAILS` && s6-test "$b" =~ '^[[:digit:]]+$' -a "$b" -gt 0 ; then
     echo 'services-up: warning: some legacy longruns failed to start' 1>&2
     if test "$b" -ge 2 ; then
       exit 1