Message ID | 20210809055557.8698-1-jose.pekkarinen@unikie.com |
---|---|
State | Changes Requested |
Headers | show |
Series | package/restorecond: Add new init script | expand |
Hello José, On Mon, 9 Aug 2021 08:55:57 +0300 José Pekkarinen <jose.pekkarinen@unikie.com> wrote: > The current restorecond upstream init script is no > good fit for the user space generated by buildroot, > this script is an extension of the original, that > brings some changes from the debian init script to > use start-stop-daemon instead of daemon, while > removing dependencies on /etc/rc.d/init.d/functions > and /lib/lsb/init-functions. > > Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com> Thanks a lot, but unfortunately your proposed script still doesn't follow the model/template of package/busybox/S01syslogd. Could you try to follow the template as closely as possible ? > diff --git a/package/restorecond/S02restorecond b/package/restorecond/S02restorecond > new file mode 100644 > index 0000000000..24ee30853f > --- /dev/null > +++ b/package/restorecond/S02restorecond > @@ -0,0 +1,113 @@ > +#!/bin/sh > +# > +# restorecond: Daemon used to maintain path file context > +# > +# chkconfig: - 12 87 > +# description: restorecond uses inotify to look for creation of new files \ > +# listed in the /etc/selinux/restorecond.conf file, and restores the \ > +# correct security context. > +# > +# processname: /usr/sbin/restorecond > +# config: /etc/selinux/restorecond.conf > +# pidfile: /run/restorecond.pid > +# > +# Return values according to LSB for all commands but status: > +# 0 - success > +# 1 - generic or unspecified error > +# 2 - invalid or excess argument(s) > +# 3 - unimplemented feature (e.g. "reload") > +# 4 - insufficient privilege > +# 5 - program is not installed > +# 6 - program is not configured > +# 7 - program is not running We don't care about all those comments. > +PATH=/sbin:/bin:/usr/bin:/usr/sbin > +DESC="SELinux file context maintaining daemon" These variables are not needed. > +NAME=restorecond > +DAEMON=/usr/sbin/$NAME > +DAEMON_ARGS="" > +PIDFILE=/var/run/$NAME.pid > +LOCKFILE=/var/run/$NAME.pid > +SCRIPTNAME=/etc/init.d/$NAME > + > +[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7 We don't care about this either. > +# Check that we are root ... so non-root users stop here > +test $EUID = 0 || exit 4 Same. > +test -x /usr/sbin/restorecond || exit 5 > +test -f /etc/selinux/restorecond.conf || exit 6 Same. > + > +RETVAL=0 > + > +start() > +{ > + # Return > + # 0 if daemon has been started > + # 1 if daemon was already running > + # 2 if daemon could not be started > + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ > + || return 1 Don't test. > + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ > + $DAEMON_ARGS \ > + || return 2 Please see S01syslogd on how to do this. > +stop() > +{ > + # Return > + # 0 if daemon has been stopped > + # 1 if daemon was already stopped > + # 2 if daemon could not be stopped > + # other if a failure occurred > + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME > + RETVAL="$?" > + [ "$RETVAL" = 2 ] && return 2 > + > + rm -f $PIDFILE > + rm -f $LOCKFILE > + return "$RETVAL" Please do like S01syslogd. Thanks a lot! Thomas
On Fri, Aug 20, 2021 at 12:21 AM Thomas Petazzoni < thomas.petazzoni@bootlin.com> wrote: > Hello José, > > On Mon, 9 Aug 2021 08:55:57 +0300 > José Pekkarinen <jose.pekkarinen@unikie.com> wrote: > > > The current restorecond upstream init script is no > > good fit for the user space generated by buildroot, > > this script is an extension of the original, that > > brings some changes from the debian init script to > > use start-stop-daemon instead of daemon, while > > removing dependencies on /etc/rc.d/init.d/functions > > and /lib/lsb/init-functions. > > > > Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com> > > Thanks a lot, but unfortunately your proposed script still doesn't > follow the model/template of package/busybox/S01syslogd. Could you try > to follow the template as closely as possible ? > > > diff --git a/package/restorecond/S02restorecond > b/package/restorecond/S02restorecond > > new file mode 100644 > > index 0000000000..24ee30853f > > --- /dev/null > > +++ b/package/restorecond/S02restorecond > > @@ -0,0 +1,113 @@ > > +#!/bin/sh > > +# > > +# restorecond: Daemon used to maintain path file context > > +# > > +# chkconfig: - 12 87 > > +# description: restorecond uses inotify to look for creation of > new files \ > > +# listed in the /etc/selinux/restorecond.conf file, and restores the \ > > +# correct security context. > > +# > > +# processname: /usr/sbin/restorecond > > +# config: /etc/selinux/restorecond.conf > > +# pidfile: /run/restorecond.pid > > +# > > +# Return values according to LSB for all commands but status: > > +# 0 - success > > +# 1 - generic or unspecified error > > +# 2 - invalid or excess argument(s) > > +# 3 - unimplemented feature (e.g. "reload") > > +# 4 - insufficient privilege > > +# 5 - program is not installed > > +# 6 - program is not configured > > +# 7 - program is not running > > We don't care about all those comments. > > > +PATH=/sbin:/bin:/usr/bin:/usr/sbin > > +DESC="SELinux file context maintaining daemon" > > These variables are not needed. > > > +NAME=restorecond > > +DAEMON=/usr/sbin/$NAME > > +DAEMON_ARGS="" > > +PIDFILE=/var/run/$NAME.pid > > +LOCKFILE=/var/run/$NAME.pid > > +SCRIPTNAME=/etc/init.d/$NAME > > + > > +[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7 > > We don't care about this either. > > > +# Check that we are root ... so non-root users stop here > > +test $EUID = 0 || exit 4 > > Same. > > > +test -x /usr/sbin/restorecond || exit 5 > > +test -f /etc/selinux/restorecond.conf || exit 6 > > Same. > > > + > > +RETVAL=0 > > + > > +start() > > +{ > > + # Return > > + # 0 if daemon has been started > > + # 1 if daemon was already running > > + # 2 if daemon could not be started > > + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec > $DAEMON --test > /dev/null \ > > + || return 1 > > Don't test. > > > + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec > $DAEMON -- \ > > + $DAEMON_ARGS \ > > + || return 2 > > Please see S01syslogd on how to do this. > > > +stop() > > +{ > > + # Return > > + # 0 if daemon has been stopped > > + # 1 if daemon was already stopped > > + # 2 if daemon could not be stopped > > + # other if a failure occurred > > + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile > $PIDFILE --name $NAME > > + RETVAL="$?" > > + [ "$RETVAL" = 2 ] && return 2 > > + > > + rm -f $PIDFILE > > + rm -f $LOCKFILE > > + return "$RETVAL" > > Please do like S01syslogd. > > Thanks a lot! > Thanks for the comments! A new version is now ready for consumption for when somebody have some time to check it. Best regards. José.
diff --git a/package/restorecond/S02restorecond b/package/restorecond/S02restorecond new file mode 100644 index 0000000000..24ee30853f --- /dev/null +++ b/package/restorecond/S02restorecond @@ -0,0 +1,113 @@ +#!/bin/sh +# +# restorecond: Daemon used to maintain path file context +# +# chkconfig: - 12 87 +# description: restorecond uses inotify to look for creation of new files \ +# listed in the /etc/selinux/restorecond.conf file, and restores the \ +# correct security context. +# +# processname: /usr/sbin/restorecond +# config: /etc/selinux/restorecond.conf +# pidfile: /run/restorecond.pid +# +# Return values according to LSB for all commands but status: +# 0 - success +# 1 - generic or unspecified error +# 2 - invalid or excess argument(s) +# 3 - unimplemented feature (e.g. "reload") +# 4 - insufficient privilege +# 5 - program is not installed +# 6 - program is not configured +# 7 - program is not running + +PATH=/sbin:/bin:/usr/bin:/usr/sbin +DESC="SELinux file context maintaining daemon" +NAME=restorecond +DAEMON=/usr/sbin/$NAME +DAEMON_ARGS="" +PIDFILE=/var/run/$NAME.pid +LOCKFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME + +[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7 + +# Check that we are root ... so non-root users stop here +test $EUID = 0 || exit 4 + +test -x /usr/sbin/restorecond || exit 5 +test -f /etc/selinux/restorecond.conf || exit 6 + +RETVAL=0 + +start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return 2 + touch $LOCKFILE + return "$RETVAL" +} + +stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + + rm -f $PIDFILE + rm -f $LOCKFILE + return "$RETVAL" +} + +restart() +{ + stop + start +} + +# See how we were called. +case "$1" in + start) + echo -n $"Starting restorecond: " + start + case "$?" in + 0|1) echo "Ok!" ;; + 2) echo "Failed" ;; + esac + ;; + stop) + echo -n $"Shutting down restorecond: " + stop + case "$?" in + 0|1) echo "Ok!" ;; + 2) echo "Failed" ;; + esac + ;; + status) + status restorecond + RETVAL=$? + ;; + force-reload|restart|reload) + restart + ;; + condrestart) + [ -e /var/lock/subsys/restorecond ] && restart || : + ;; + *) + echo $"Usage: $0 {start|stop|restart|force-reload|status|condrestart}" + RETVAL=3 +esac + +exit $RETVAL diff --git a/package/restorecond/restorecond.mk b/package/restorecond/restorecond.mk index 7ab7e978dd..3c6fb57ea6 100644 --- a/package/restorecond/restorecond.mk +++ b/package/restorecond/restorecond.mk @@ -27,8 +27,8 @@ define RESTORECOND_BUILD_CMDS endef define RESTORECOND_INSTALL_INIT_SYSV - $(INSTALL) -m 0755 -D $(@D)/restorecond.init \ - $(TARGET_DIR)/etc/init.d/S20restorecond + $(INSTALL) -m 0755 -D package/restorecond/S02restorecond \ + $(TARGET_DIR)/etc/init.d/S02restorecond endef define RESTORECOND_INSTALL_INIT_SYSTEMD
The current restorecond upstream init script is no good fit for the user space generated by buildroot, this script is an extension of the original, that brings some changes from the debian init script to use start-stop-daemon instead of daemon, while removing dependencies on /etc/rc.d/init.d/functions and /lib/lsb/init-functions. Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com> --- package/restorecond/S02restorecond | 113 +++++++++++++++++++++++++++++ package/restorecond/restorecond.mk | 4 +- 2 files changed, 115 insertions(+), 2 deletions(-) create mode 100644 package/restorecond/S02restorecond