| Message ID | 20210727120711.4160529-1-jose.pekkarinen@unikie.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | package/restorecond: Add new init script | expand |
On Tue, Jul 27, 2021 at 3:07 PM José Pekkarinen <jose.pekkarinen@unikie.com> wrote: > The current restorecond upstream init script is no > good fit for the user space generated by buildroot, > this script is an extension of the original, that > brings some changes from the debian init script to > use start-stop-daemon instead of daemon, while > removing dependencies on /etc/rc.d/init.d/functions > and /lib/lsb/init-functions. > > Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com> > --- > package/restorecond/S02restorecond | 113 +++++++++++++++++++++++++++++ > package/restorecond/restorecond.mk | 4 +- > 2 files changed, 115 insertions(+), 2 deletions(-) > create mode 100644 package/restorecond/S02restorecond > > diff --git a/package/restorecond/S02restorecond > b/package/restorecond/S02restorecond > new file mode 100644 > index 0000000000..24ee30853f > --- /dev/null > +++ b/package/restorecond/S02restorecond > @@ -0,0 +1,113 @@ > +#!/bin/sh > +# > +# restorecond: Daemon used to maintain path file context > +# > +# chkconfig: - 12 87 > +# description: restorecond uses inotify to look for creation of new files > \ > +# listed in the /etc/selinux/restorecond.conf file, and restores the \ > +# correct security context. > +# > +# processname: /usr/sbin/restorecond > +# config: /etc/selinux/restorecond.conf > +# pidfile: /run/restorecond.pid > +# > +# Return values according to LSB for all commands but status: > +# 0 - success > +# 1 - generic or unspecified error > +# 2 - invalid or excess argument(s) > +# 3 - unimplemented feature (e.g. "reload") > +# 4 - insufficient privilege > +# 5 - program is not installed > +# 6 - program is not configured > +# 7 - program is not running > + > +PATH=/sbin:/bin:/usr/bin:/usr/sbin > +DESC="SELinux file context maintaining daemon" > +NAME=restorecond > +DAEMON=/usr/sbin/$NAME > +DAEMON_ARGS="" > +PIDFILE=/var/run/$NAME.pid > +LOCKFILE=/var/run/$NAME.pid > +SCRIPTNAME=/etc/init.d/$NAME > + > +[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7 > + > +# Check that we are root ... so non-root users stop here > +test $EUID = 0 || exit 4 > + > +test -x /usr/sbin/restorecond || exit 5 > +test -f /etc/selinux/restorecond.conf || exit 6 > + > +RETVAL=0 > + > +start() > +{ > + # Return > + # 0 if daemon has been started > + # 1 if daemon was already running > + # 2 if daemon could not be started > + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec > $DAEMON --test > /dev/null \ > + || return 1 > + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec > $DAEMON -- \ > + $DAEMON_ARGS \ > + || return 2 > + touch $LOCKFILE > + return "$RETVAL" > +} > + > +stop() > +{ > + # Return > + # 0 if daemon has been stopped > + # 1 if daemon was already stopped > + # 2 if daemon could not be stopped > + # other if a failure occurred > + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile > $PIDFILE --name $NAME > + RETVAL="$?" > + [ "$RETVAL" = 2 ] && return 2 > + > + rm -f $PIDFILE > + rm -f $LOCKFILE > + return "$RETVAL" > +} > + > +restart() > +{ > + stop > + start > +} > + > +# See how we were called. > +case "$1" in > + start) > + echo -n $"Starting restorecond: " > + start > + case "$?" in > + 0|1) echo "Ok!" ;; > + 2) echo "Failed" ;; > + esac > + ;; > + stop) > + echo -n $"Shutting down restorecond: " > + stop > + case "$?" in > + 0|1) echo "Ok!" ;; > + 2) echo "Failed" ;; > + esac > + ;; > + status) > + status restorecond > + RETVAL=$? > + ;; > + force-reload|restart|reload) > + restart > + ;; > + condrestart) > + [ -e /var/lock/subsys/restorecond ] && restart || : > + ;; > + *) > + echo $"Usage: $0 > {start|stop|restart|force-reload|status|condrestart}" > + RETVAL=3 > +esac > + > +exit $RETVAL > diff --git a/package/restorecond/restorecond.mk b/package/restorecond/ > restorecond.mk > index 7ab7e978dd..3c6fb57ea6 100644 > --- a/package/restorecond/restorecond.mk > +++ b/package/restorecond/restorecond.mk > @@ -27,8 +27,8 @@ define RESTORECOND_BUILD_CMDS > endef > > define RESTORECOND_INSTALL_INIT_SYSV > - $(INSTALL) -m 0755 -D $(@D)/restorecond.init \ > - $(TARGET_DIR)/etc/init.d/S20restorecond > + $(INSTALL) -m 0755 -D package/restorecond/S02restorecond \ > + $(TARGET_DIR)/etc/init.d/S02restorecond > endef > > define RESTORECOND_INSTALL_INIT_SYSTEMD > -- > 2.25.1 > > Hi, Can I have some comments in this patch? Thanks! José.
Hi, Would you mind to take a look here or forward it to the relevant people? The get_developers script doesn't give much of a clue. Thanks! José Pekkarinen. On Tue, Jul 27, 2021 at 3:07 PM José Pekkarinen <jose.pekkarinen@unikie.com> wrote: > The current restorecond upstream init script is no > good fit for the user space generated by buildroot, > this script is an extension of the original, that > brings some changes from the debian init script to > use start-stop-daemon instead of daemon, while > removing dependencies on /etc/rc.d/init.d/functions > and /lib/lsb/init-functions. > > Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com> > --- > package/restorecond/S02restorecond | 113 +++++++++++++++++++++++++++++ > package/restorecond/restorecond.mk | 4 +- > 2 files changed, 115 insertions(+), 2 deletions(-) > create mode 100644 package/restorecond/S02restorecond > > diff --git a/package/restorecond/S02restorecond > b/package/restorecond/S02restorecond > new file mode 100644 > index 0000000000..24ee30853f > --- /dev/null > +++ b/package/restorecond/S02restorecond > @@ -0,0 +1,113 @@ > +#!/bin/sh > +# > +# restorecond: Daemon used to maintain path file context > +# > +# chkconfig: - 12 87 > +# description: restorecond uses inotify to look for creation of new files > \ > +# listed in the /etc/selinux/restorecond.conf file, and restores the \ > +# correct security context. > +# > +# processname: /usr/sbin/restorecond > +# config: /etc/selinux/restorecond.conf > +# pidfile: /run/restorecond.pid > +# > +# Return values according to LSB for all commands but status: > +# 0 - success > +# 1 - generic or unspecified error > +# 2 - invalid or excess argument(s) > +# 3 - unimplemented feature (e.g. "reload") > +# 4 - insufficient privilege > +# 5 - program is not installed > +# 6 - program is not configured > +# 7 - program is not running > + > +PATH=/sbin:/bin:/usr/bin:/usr/sbin > +DESC="SELinux file context maintaining daemon" > +NAME=restorecond > +DAEMON=/usr/sbin/$NAME > +DAEMON_ARGS="" > +PIDFILE=/var/run/$NAME.pid > +LOCKFILE=/var/run/$NAME.pid > +SCRIPTNAME=/etc/init.d/$NAME > + > +[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7 > + > +# Check that we are root ... so non-root users stop here > +test $EUID = 0 || exit 4 > + > +test -x /usr/sbin/restorecond || exit 5 > +test -f /etc/selinux/restorecond.conf || exit 6 > + > +RETVAL=0 > + > +start() > +{ > + # Return > + # 0 if daemon has been started > + # 1 if daemon was already running > + # 2 if daemon could not be started > + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec > $DAEMON --test > /dev/null \ > + || return 1 > + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec > $DAEMON -- \ > + $DAEMON_ARGS \ > + || return 2 > + touch $LOCKFILE > + return "$RETVAL" > +} > + > +stop() > +{ > + # Return > + # 0 if daemon has been stopped > + # 1 if daemon was already stopped > + # 2 if daemon could not be stopped > + # other if a failure occurred > + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile > $PIDFILE --name $NAME > + RETVAL="$?" > + [ "$RETVAL" = 2 ] && return 2 > + > + rm -f $PIDFILE > + rm -f $LOCKFILE > + return "$RETVAL" > +} > + > +restart() > +{ > + stop > + start > +} > + > +# See how we were called. > +case "$1" in > + start) > + echo -n $"Starting restorecond: " > + start > + case "$?" in > + 0|1) echo "Ok!" ;; > + 2) echo "Failed" ;; > + esac > + ;; > + stop) > + echo -n $"Shutting down restorecond: " > + stop > + case "$?" in > + 0|1) echo "Ok!" ;; > + 2) echo "Failed" ;; > + esac > + ;; > + status) > + status restorecond > + RETVAL=$? > + ;; > + force-reload|restart|reload) > + restart > + ;; > + condrestart) > + [ -e /var/lock/subsys/restorecond ] && restart || : > + ;; > + *) > + echo $"Usage: $0 > {start|stop|restart|force-reload|status|condrestart}" > + RETVAL=3 > +esac > + > +exit $RETVAL > diff --git a/package/restorecond/restorecond.mk b/package/restorecond/ > restorecond.mk > index 7ab7e978dd..3c6fb57ea6 100644 > --- a/package/restorecond/restorecond.mk > +++ b/package/restorecond/restorecond.mk > @@ -27,8 +27,8 @@ define RESTORECOND_BUILD_CMDS > endef > > define RESTORECOND_INSTALL_INIT_SYSV > - $(INSTALL) -m 0755 -D $(@D)/restorecond.init \ > - $(TARGET_DIR)/etc/init.d/S20restorecond > + $(INSTALL) -m 0755 -D package/restorecond/S02restorecond \ > + $(TARGET_DIR)/etc/init.d/S02restorecond > endef > > define RESTORECOND_INSTALL_INIT_SYSTEMD > -- > 2.25.1 > >
diff --git a/package/restorecond/S02restorecond b/package/restorecond/S02restorecond new file mode 100644 index 0000000000..24ee30853f --- /dev/null +++ b/package/restorecond/S02restorecond @@ -0,0 +1,113 @@ +#!/bin/sh +# +# restorecond: Daemon used to maintain path file context +# +# chkconfig: - 12 87 +# description: restorecond uses inotify to look for creation of new files \ +# listed in the /etc/selinux/restorecond.conf file, and restores the \ +# correct security context. +# +# processname: /usr/sbin/restorecond +# config: /etc/selinux/restorecond.conf +# pidfile: /run/restorecond.pid +# +# Return values according to LSB for all commands but status: +# 0 - success +# 1 - generic or unspecified error +# 2 - invalid or excess argument(s) +# 3 - unimplemented feature (e.g. "reload") +# 4 - insufficient privilege +# 5 - program is not installed +# 6 - program is not configured +# 7 - program is not running + +PATH=/sbin:/bin:/usr/bin:/usr/sbin +DESC="SELinux file context maintaining daemon" +NAME=restorecond +DAEMON=/usr/sbin/$NAME +DAEMON_ARGS="" +PIDFILE=/var/run/$NAME.pid +LOCKFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME + +[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7 + +# Check that we are root ... so non-root users stop here +test $EUID = 0 || exit 4 + +test -x /usr/sbin/restorecond || exit 5 +test -f /etc/selinux/restorecond.conf || exit 6 + +RETVAL=0 + +start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return 2 + touch $LOCKFILE + return "$RETVAL" +} + +stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + + rm -f $PIDFILE + rm -f $LOCKFILE + return "$RETVAL" +} + +restart() +{ + stop + start +} + +# See how we were called. +case "$1" in + start) + echo -n $"Starting restorecond: " + start + case "$?" in + 0|1) echo "Ok!" ;; + 2) echo "Failed" ;; + esac + ;; + stop) + echo -n $"Shutting down restorecond: " + stop + case "$?" in + 0|1) echo "Ok!" ;; + 2) echo "Failed" ;; + esac + ;; + status) + status restorecond + RETVAL=$? + ;; + force-reload|restart|reload) + restart + ;; + condrestart) + [ -e /var/lock/subsys/restorecond ] && restart || : + ;; + *) + echo $"Usage: $0 {start|stop|restart|force-reload|status|condrestart}" + RETVAL=3 +esac + +exit $RETVAL diff --git a/package/restorecond/restorecond.mk b/package/restorecond/restorecond.mk index 7ab7e978dd..3c6fb57ea6 100644 --- a/package/restorecond/restorecond.mk +++ b/package/restorecond/restorecond.mk @@ -27,8 +27,8 @@ define RESTORECOND_BUILD_CMDS endef define RESTORECOND_INSTALL_INIT_SYSV - $(INSTALL) -m 0755 -D $(@D)/restorecond.init \ - $(TARGET_DIR)/etc/init.d/S20restorecond + $(INSTALL) -m 0755 -D package/restorecond/S02restorecond \ + $(TARGET_DIR)/etc/init.d/S02restorecond endef define RESTORECOND_INSTALL_INIT_SYSTEMD
The current restorecond upstream init script is no good fit for the user space generated by buildroot, this script is an extension of the original, that brings some changes from the debian init script to use start-stop-daemon instead of daemon, while removing dependencies on /etc/rc.d/init.d/functions and /lib/lsb/init-functions. Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com> --- package/restorecond/S02restorecond | 113 +++++++++++++++++++++++++++++ package/restorecond/restorecond.mk | 4 +- 2 files changed, 115 insertions(+), 2 deletions(-) create mode 100644 package/restorecond/S02restorecond