* [Buildroot] [PATCH] package/restorecond: Add new init script
@ 2021-07-27 12:07 José Pekkarinen
2021-08-16 6:37 ` José Pekkarinen
2021-08-17 8:11 ` José Pekkarinen
0 siblings, 2 replies; 6+ messages in thread
From: José Pekkarinen @ 2021-07-27 12:07 UTC (permalink / raw)
To: buildroot; +Cc: José Pekkarinen
The current restorecond upstream init script is no
good fit for the user space generated by buildroot,
this script is an extension of the original, that
brings some changes from the debian init script to
use start-stop-daemon instead of daemon, while
removing dependencies on /etc/rc.d/init.d/functions
and /lib/lsb/init-functions.
Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
---
package/restorecond/S02restorecond | 113 +++++++++++++++++++++++++++++
package/restorecond/restorecond.mk | 4 +-
2 files changed, 115 insertions(+), 2 deletions(-)
create mode 100644 package/restorecond/S02restorecond
diff --git a/package/restorecond/S02restorecond b/package/restorecond/S02restorecond
new file mode 100644
index 0000000000..24ee30853f
--- /dev/null
+++ b/package/restorecond/S02restorecond
@@ -0,0 +1,113 @@
+#!/bin/sh
+#
+# restorecond: Daemon used to maintain path file context
+#
+# chkconfig: - 12 87
+# description: restorecond uses inotify to look for creation of new files \
+# listed in the /etc/selinux/restorecond.conf file, and restores the \
+# correct security context.
+#
+# processname: /usr/sbin/restorecond
+# config: /etc/selinux/restorecond.conf
+# pidfile: /run/restorecond.pid
+#
+# Return values according to LSB for all commands but status:
+# 0 - success
+# 1 - generic or unspecified error
+# 2 - invalid or excess argument(s)
+# 3 - unimplemented feature (e.g. "reload")
+# 4 - insufficient privilege
+# 5 - program is not installed
+# 6 - program is not configured
+# 7 - program is not running
+
+PATH=/sbin:/bin:/usr/bin:/usr/sbin
+DESC="SELinux file context maintaining daemon"
+NAME=restorecond
+DAEMON=/usr/sbin/$NAME
+DAEMON_ARGS=""
+PIDFILE=/var/run/$NAME.pid
+LOCKFILE=/var/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+
+[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7
+
+# Check that we are root ... so non-root users stop here
+test $EUID = 0 || exit 4
+
+test -x /usr/sbin/restorecond || exit 5
+test -f /etc/selinux/restorecond.conf || exit 6
+
+RETVAL=0
+
+start()
+{
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
+ $DAEMON_ARGS \
+ || return 2
+ touch $LOCKFILE
+ return "$RETVAL"
+}
+
+stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+
+ rm -f $PIDFILE
+ rm -f $LOCKFILE
+ return "$RETVAL"
+}
+
+restart()
+{
+ stop
+ start
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ echo -n $"Starting restorecond: "
+ start
+ case "$?" in
+ 0|1) echo "Ok!" ;;
+ 2) echo "Failed" ;;
+ esac
+ ;;
+ stop)
+ echo -n $"Shutting down restorecond: "
+ stop
+ case "$?" in
+ 0|1) echo "Ok!" ;;
+ 2) echo "Failed" ;;
+ esac
+ ;;
+ status)
+ status restorecond
+ RETVAL=$?
+ ;;
+ force-reload|restart|reload)
+ restart
+ ;;
+ condrestart)
+ [ -e /var/lock/subsys/restorecond ] && restart || :
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|restart|force-reload|status|condrestart}"
+ RETVAL=3
+esac
+
+exit $RETVAL
diff --git a/package/restorecond/restorecond.mk b/package/restorecond/restorecond.mk
index 7ab7e978dd..3c6fb57ea6 100644
--- a/package/restorecond/restorecond.mk
+++ b/package/restorecond/restorecond.mk
@@ -27,8 +27,8 @@ define RESTORECOND_BUILD_CMDS
endef
define RESTORECOND_INSTALL_INIT_SYSV
- $(INSTALL) -m 0755 -D $(@D)/restorecond.init \
- $(TARGET_DIR)/etc/init.d/S20restorecond
+ $(INSTALL) -m 0755 -D package/restorecond/S02restorecond \
+ $(TARGET_DIR)/etc/init.d/S02restorecond
endef
define RESTORECOND_INSTALL_INIT_SYSTEMD
--
2.25.1
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [Buildroot] [PATCH] package/restorecond: Add new init script
2021-07-27 12:07 [Buildroot] [PATCH] package/restorecond: Add new init script José Pekkarinen
@ 2021-08-16 6:37 ` José Pekkarinen
2021-08-17 8:11 ` José Pekkarinen
1 sibling, 0 replies; 6+ messages in thread
From: José Pekkarinen @ 2021-08-16 6:37 UTC (permalink / raw)
To: buildroot
[-- Attachment #1.1: Type: text/plain, Size: 4935 bytes --]
On Tue, Jul 27, 2021 at 3:07 PM José Pekkarinen <jose.pekkarinen@unikie.com>
wrote:
> The current restorecond upstream init script is no
> good fit for the user space generated by buildroot,
> this script is an extension of the original, that
> brings some changes from the debian init script to
> use start-stop-daemon instead of daemon, while
> removing dependencies on /etc/rc.d/init.d/functions
> and /lib/lsb/init-functions.
>
> Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
> ---
> package/restorecond/S02restorecond | 113 +++++++++++++++++++++++++++++
> package/restorecond/restorecond.mk | 4 +-
> 2 files changed, 115 insertions(+), 2 deletions(-)
> create mode 100644 package/restorecond/S02restorecond
>
> diff --git a/package/restorecond/S02restorecond
> b/package/restorecond/S02restorecond
> new file mode 100644
> index 0000000000..24ee30853f
> --- /dev/null
> +++ b/package/restorecond/S02restorecond
> @@ -0,0 +1,113 @@
> +#!/bin/sh
> +#
> +# restorecond: Daemon used to maintain path file context
> +#
> +# chkconfig: - 12 87
> +# description: restorecond uses inotify to look for creation of new files
> \
> +# listed in the /etc/selinux/restorecond.conf file, and restores the \
> +# correct security context.
> +#
> +# processname: /usr/sbin/restorecond
> +# config: /etc/selinux/restorecond.conf
> +# pidfile: /run/restorecond.pid
> +#
> +# Return values according to LSB for all commands but status:
> +# 0 - success
> +# 1 - generic or unspecified error
> +# 2 - invalid or excess argument(s)
> +# 3 - unimplemented feature (e.g. "reload")
> +# 4 - insufficient privilege
> +# 5 - program is not installed
> +# 6 - program is not configured
> +# 7 - program is not running
> +
> +PATH=/sbin:/bin:/usr/bin:/usr/sbin
> +DESC="SELinux file context maintaining daemon"
> +NAME=restorecond
> +DAEMON=/usr/sbin/$NAME
> +DAEMON_ARGS=""
> +PIDFILE=/var/run/$NAME.pid
> +LOCKFILE=/var/run/$NAME.pid
> +SCRIPTNAME=/etc/init.d/$NAME
> +
> +[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7
> +
> +# Check that we are root ... so non-root users stop here
> +test $EUID = 0 || exit 4
> +
> +test -x /usr/sbin/restorecond || exit 5
> +test -f /etc/selinux/restorecond.conf || exit 6
> +
> +RETVAL=0
> +
> +start()
> +{
> + # Return
> + # 0 if daemon has been started
> + # 1 if daemon was already running
> + # 2 if daemon could not be started
> + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec
> $DAEMON --test > /dev/null \
> + || return 1
> + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec
> $DAEMON -- \
> + $DAEMON_ARGS \
> + || return 2
> + touch $LOCKFILE
> + return "$RETVAL"
> +}
> +
> +stop()
> +{
> + # Return
> + # 0 if daemon has been stopped
> + # 1 if daemon was already stopped
> + # 2 if daemon could not be stopped
> + # other if a failure occurred
> + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile
> $PIDFILE --name $NAME
> + RETVAL="$?"
> + [ "$RETVAL" = 2 ] && return 2
> +
> + rm -f $PIDFILE
> + rm -f $LOCKFILE
> + return "$RETVAL"
> +}
> +
> +restart()
> +{
> + stop
> + start
> +}
> +
> +# See how we were called.
> +case "$1" in
> + start)
> + echo -n $"Starting restorecond: "
> + start
> + case "$?" in
> + 0|1) echo "Ok!" ;;
> + 2) echo "Failed" ;;
> + esac
> + ;;
> + stop)
> + echo -n $"Shutting down restorecond: "
> + stop
> + case "$?" in
> + 0|1) echo "Ok!" ;;
> + 2) echo "Failed" ;;
> + esac
> + ;;
> + status)
> + status restorecond
> + RETVAL=$?
> + ;;
> + force-reload|restart|reload)
> + restart
> + ;;
> + condrestart)
> + [ -e /var/lock/subsys/restorecond ] && restart || :
> + ;;
> + *)
> + echo $"Usage: $0
> {start|stop|restart|force-reload|status|condrestart}"
> + RETVAL=3
> +esac
> +
> +exit $RETVAL
> diff --git a/package/restorecond/restorecond.mk b/package/restorecond/
> restorecond.mk
> index 7ab7e978dd..3c6fb57ea6 100644
> --- a/package/restorecond/restorecond.mk
> +++ b/package/restorecond/restorecond.mk
> @@ -27,8 +27,8 @@ define RESTORECOND_BUILD_CMDS
> endef
>
> define RESTORECOND_INSTALL_INIT_SYSV
> - $(INSTALL) -m 0755 -D $(@D)/restorecond.init \
> - $(TARGET_DIR)/etc/init.d/S20restorecond
> + $(INSTALL) -m 0755 -D package/restorecond/S02restorecond \
> + $(TARGET_DIR)/etc/init.d/S02restorecond
> endef
>
> define RESTORECOND_INSTALL_INIT_SYSTEMD
> --
> 2.25.1
>
>
Hi,
Can I have some comments in this patch?
Thanks!
José.
[-- Attachment #1.2: Type: text/html, Size: 6857 bytes --]
[-- Attachment #2: Type: text/plain, Size: 145 bytes --]
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Buildroot] [PATCH] package/restorecond: Add new init script
2021-07-27 12:07 [Buildroot] [PATCH] package/restorecond: Add new init script José Pekkarinen
2021-08-16 6:37 ` José Pekkarinen
@ 2021-08-17 8:11 ` José Pekkarinen
1 sibling, 0 replies; 6+ messages in thread
From: José Pekkarinen @ 2021-08-17 8:11 UTC (permalink / raw)
To: Thomas Petazzoni; +Cc: buildroot
[-- Attachment #1.1: Type: text/plain, Size: 5059 bytes --]
Hi,
Would you mind to take a look here or forward
it to the relevant people? The get_developers script
doesn't give much of a clue.
Thanks!
José Pekkarinen.
On Tue, Jul 27, 2021 at 3:07 PM José Pekkarinen <jose.pekkarinen@unikie.com>
wrote:
> The current restorecond upstream init script is no
> good fit for the user space generated by buildroot,
> this script is an extension of the original, that
> brings some changes from the debian init script to
> use start-stop-daemon instead of daemon, while
> removing dependencies on /etc/rc.d/init.d/functions
> and /lib/lsb/init-functions.
>
> Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
> ---
> package/restorecond/S02restorecond | 113 +++++++++++++++++++++++++++++
> package/restorecond/restorecond.mk | 4 +-
> 2 files changed, 115 insertions(+), 2 deletions(-)
> create mode 100644 package/restorecond/S02restorecond
>
> diff --git a/package/restorecond/S02restorecond
> b/package/restorecond/S02restorecond
> new file mode 100644
> index 0000000000..24ee30853f
> --- /dev/null
> +++ b/package/restorecond/S02restorecond
> @@ -0,0 +1,113 @@
> +#!/bin/sh
> +#
> +# restorecond: Daemon used to maintain path file context
> +#
> +# chkconfig: - 12 87
> +# description: restorecond uses inotify to look for creation of new files
> \
> +# listed in the /etc/selinux/restorecond.conf file, and restores the \
> +# correct security context.
> +#
> +# processname: /usr/sbin/restorecond
> +# config: /etc/selinux/restorecond.conf
> +# pidfile: /run/restorecond.pid
> +#
> +# Return values according to LSB for all commands but status:
> +# 0 - success
> +# 1 - generic or unspecified error
> +# 2 - invalid or excess argument(s)
> +# 3 - unimplemented feature (e.g. "reload")
> +# 4 - insufficient privilege
> +# 5 - program is not installed
> +# 6 - program is not configured
> +# 7 - program is not running
> +
> +PATH=/sbin:/bin:/usr/bin:/usr/sbin
> +DESC="SELinux file context maintaining daemon"
> +NAME=restorecond
> +DAEMON=/usr/sbin/$NAME
> +DAEMON_ARGS=""
> +PIDFILE=/var/run/$NAME.pid
> +LOCKFILE=/var/run/$NAME.pid
> +SCRIPTNAME=/etc/init.d/$NAME
> +
> +[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7
> +
> +# Check that we are root ... so non-root users stop here
> +test $EUID = 0 || exit 4
> +
> +test -x /usr/sbin/restorecond || exit 5
> +test -f /etc/selinux/restorecond.conf || exit 6
> +
> +RETVAL=0
> +
> +start()
> +{
> + # Return
> + # 0 if daemon has been started
> + # 1 if daemon was already running
> + # 2 if daemon could not be started
> + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec
> $DAEMON --test > /dev/null \
> + || return 1
> + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec
> $DAEMON -- \
> + $DAEMON_ARGS \
> + || return 2
> + touch $LOCKFILE
> + return "$RETVAL"
> +}
> +
> +stop()
> +{
> + # Return
> + # 0 if daemon has been stopped
> + # 1 if daemon was already stopped
> + # 2 if daemon could not be stopped
> + # other if a failure occurred
> + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile
> $PIDFILE --name $NAME
> + RETVAL="$?"
> + [ "$RETVAL" = 2 ] && return 2
> +
> + rm -f $PIDFILE
> + rm -f $LOCKFILE
> + return "$RETVAL"
> +}
> +
> +restart()
> +{
> + stop
> + start
> +}
> +
> +# See how we were called.
> +case "$1" in
> + start)
> + echo -n $"Starting restorecond: "
> + start
> + case "$?" in
> + 0|1) echo "Ok!" ;;
> + 2) echo "Failed" ;;
> + esac
> + ;;
> + stop)
> + echo -n $"Shutting down restorecond: "
> + stop
> + case "$?" in
> + 0|1) echo "Ok!" ;;
> + 2) echo "Failed" ;;
> + esac
> + ;;
> + status)
> + status restorecond
> + RETVAL=$?
> + ;;
> + force-reload|restart|reload)
> + restart
> + ;;
> + condrestart)
> + [ -e /var/lock/subsys/restorecond ] && restart || :
> + ;;
> + *)
> + echo $"Usage: $0
> {start|stop|restart|force-reload|status|condrestart}"
> + RETVAL=3
> +esac
> +
> +exit $RETVAL
> diff --git a/package/restorecond/restorecond.mk b/package/restorecond/
> restorecond.mk
> index 7ab7e978dd..3c6fb57ea6 100644
> --- a/package/restorecond/restorecond.mk
> +++ b/package/restorecond/restorecond.mk
> @@ -27,8 +27,8 @@ define RESTORECOND_BUILD_CMDS
> endef
>
> define RESTORECOND_INSTALL_INIT_SYSV
> - $(INSTALL) -m 0755 -D $(@D)/restorecond.init \
> - $(TARGET_DIR)/etc/init.d/S20restorecond
> + $(INSTALL) -m 0755 -D package/restorecond/S02restorecond \
> + $(TARGET_DIR)/etc/init.d/S02restorecond
> endef
>
> define RESTORECOND_INSTALL_INIT_SYSTEMD
> --
> 2.25.1
>
>
--
José.
[-- Attachment #1.2: Type: text/html, Size: 7073 bytes --]
[-- Attachment #2: Type: text/plain, Size: 145 bytes --]
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Buildroot] [PATCH] package/restorecond: Add new init script
2021-08-19 21:21 ` Thomas Petazzoni
@ 2021-08-20 12:09 ` José Pekkarinen
0 siblings, 0 replies; 6+ messages in thread
From: José Pekkarinen @ 2021-08-20 12:09 UTC (permalink / raw)
To: Thomas Petazzoni; +Cc: buildroot
[-- Attachment #1.1: Type: text/plain, Size: 3895 bytes --]
On Fri, Aug 20, 2021 at 12:21 AM Thomas Petazzoni <
thomas.petazzoni@bootlin.com> wrote:
> Hello José,
>
> On Mon, 9 Aug 2021 08:55:57 +0300
> José Pekkarinen <jose.pekkarinen@unikie.com> wrote:
>
> > The current restorecond upstream init script is no
> > good fit for the user space generated by buildroot,
> > this script is an extension of the original, that
> > brings some changes from the debian init script to
> > use start-stop-daemon instead of daemon, while
> > removing dependencies on /etc/rc.d/init.d/functions
> > and /lib/lsb/init-functions.
> >
> > Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
>
> Thanks a lot, but unfortunately your proposed script still doesn't
> follow the model/template of package/busybox/S01syslogd. Could you try
> to follow the template as closely as possible ?
>
> > diff --git a/package/restorecond/S02restorecond
> b/package/restorecond/S02restorecond
> > new file mode 100644
> > index 0000000000..24ee30853f
> > --- /dev/null
> > +++ b/package/restorecond/S02restorecond
> > @@ -0,0 +1,113 @@
> > +#!/bin/sh
> > +#
> > +# restorecond: Daemon used to maintain path file context
> > +#
> > +# chkconfig: - 12 87
> > +# description: restorecond uses inotify to look for creation of
> new files \
> > +# listed in the /etc/selinux/restorecond.conf file, and restores the \
> > +# correct security context.
> > +#
> > +# processname: /usr/sbin/restorecond
> > +# config: /etc/selinux/restorecond.conf
> > +# pidfile: /run/restorecond.pid
> > +#
> > +# Return values according to LSB for all commands but status:
> > +# 0 - success
> > +# 1 - generic or unspecified error
> > +# 2 - invalid or excess argument(s)
> > +# 3 - unimplemented feature (e.g. "reload")
> > +# 4 - insufficient privilege
> > +# 5 - program is not installed
> > +# 6 - program is not configured
> > +# 7 - program is not running
>
> We don't care about all those comments.
>
> > +PATH=/sbin:/bin:/usr/bin:/usr/sbin
> > +DESC="SELinux file context maintaining daemon"
>
> These variables are not needed.
>
> > +NAME=restorecond
> > +DAEMON=/usr/sbin/$NAME
> > +DAEMON_ARGS=""
> > +PIDFILE=/var/run/$NAME.pid
> > +LOCKFILE=/var/run/$NAME.pid
> > +SCRIPTNAME=/etc/init.d/$NAME
> > +
> > +[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7
>
> We don't care about this either.
>
> > +# Check that we are root ... so non-root users stop here
> > +test $EUID = 0 || exit 4
>
> Same.
>
> > +test -x /usr/sbin/restorecond || exit 5
> > +test -f /etc/selinux/restorecond.conf || exit 6
>
> Same.
>
> > +
> > +RETVAL=0
> > +
> > +start()
> > +{
> > + # Return
> > + # 0 if daemon has been started
> > + # 1 if daemon was already running
> > + # 2 if daemon could not be started
> > + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec
> $DAEMON --test > /dev/null \
> > + || return 1
>
> Don't test.
>
> > + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec
> $DAEMON -- \
> > + $DAEMON_ARGS \
> > + || return 2
>
> Please see S01syslogd on how to do this.
>
> > +stop()
> > +{
> > + # Return
> > + # 0 if daemon has been stopped
> > + # 1 if daemon was already stopped
> > + # 2 if daemon could not be stopped
> > + # other if a failure occurred
> > + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile
> $PIDFILE --name $NAME
> > + RETVAL="$?"
> > + [ "$RETVAL" = 2 ] && return 2
> > +
> > + rm -f $PIDFILE
> > + rm -f $LOCKFILE
> > + return "$RETVAL"
>
> Please do like S01syslogd.
>
> Thanks a lot!
>
Thanks for the comments! A new version is now
ready for consumption for when somebody have some
time to check it.
Best regards.
José.
[-- Attachment #1.2: Type: text/html, Size: 5403 bytes --]
[-- Attachment #2: Type: text/plain, Size: 145 bytes --]
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Buildroot] [PATCH] package/restorecond: Add new init script
2021-08-09 5:55 José Pekkarinen
@ 2021-08-19 21:21 ` Thomas Petazzoni
2021-08-20 12:09 ` José Pekkarinen
0 siblings, 1 reply; 6+ messages in thread
From: Thomas Petazzoni @ 2021-08-19 21:21 UTC (permalink / raw)
To: José Pekkarinen; +Cc: buildroot
Hello José,
On Mon, 9 Aug 2021 08:55:57 +0300
José Pekkarinen <jose.pekkarinen@unikie.com> wrote:
> The current restorecond upstream init script is no
> good fit for the user space generated by buildroot,
> this script is an extension of the original, that
> brings some changes from the debian init script to
> use start-stop-daemon instead of daemon, while
> removing dependencies on /etc/rc.d/init.d/functions
> and /lib/lsb/init-functions.
>
> Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Thanks a lot, but unfortunately your proposed script still doesn't
follow the model/template of package/busybox/S01syslogd. Could you try
to follow the template as closely as possible ?
> diff --git a/package/restorecond/S02restorecond b/package/restorecond/S02restorecond
> new file mode 100644
> index 0000000000..24ee30853f
> --- /dev/null
> +++ b/package/restorecond/S02restorecond
> @@ -0,0 +1,113 @@
> +#!/bin/sh
> +#
> +# restorecond: Daemon used to maintain path file context
> +#
> +# chkconfig: - 12 87
> +# description: restorecond uses inotify to look for creation of new files \
> +# listed in the /etc/selinux/restorecond.conf file, and restores the \
> +# correct security context.
> +#
> +# processname: /usr/sbin/restorecond
> +# config: /etc/selinux/restorecond.conf
> +# pidfile: /run/restorecond.pid
> +#
> +# Return values according to LSB for all commands but status:
> +# 0 - success
> +# 1 - generic or unspecified error
> +# 2 - invalid or excess argument(s)
> +# 3 - unimplemented feature (e.g. "reload")
> +# 4 - insufficient privilege
> +# 5 - program is not installed
> +# 6 - program is not configured
> +# 7 - program is not running
We don't care about all those comments.
> +PATH=/sbin:/bin:/usr/bin:/usr/sbin
> +DESC="SELinux file context maintaining daemon"
These variables are not needed.
> +NAME=restorecond
> +DAEMON=/usr/sbin/$NAME
> +DAEMON_ARGS=""
> +PIDFILE=/var/run/$NAME.pid
> +LOCKFILE=/var/run/$NAME.pid
> +SCRIPTNAME=/etc/init.d/$NAME
> +
> +[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7
We don't care about this either.
> +# Check that we are root ... so non-root users stop here
> +test $EUID = 0 || exit 4
Same.
> +test -x /usr/sbin/restorecond || exit 5
> +test -f /etc/selinux/restorecond.conf || exit 6
Same.
> +
> +RETVAL=0
> +
> +start()
> +{
> + # Return
> + # 0 if daemon has been started
> + # 1 if daemon was already running
> + # 2 if daemon could not be started
> + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
> + || return 1
Don't test.
> + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
> + $DAEMON_ARGS \
> + || return 2
Please see S01syslogd on how to do this.
> +stop()
> +{
> + # Return
> + # 0 if daemon has been stopped
> + # 1 if daemon was already stopped
> + # 2 if daemon could not be stopped
> + # other if a failure occurred
> + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
> + RETVAL="$?"
> + [ "$RETVAL" = 2 ] && return 2
> +
> + rm -f $PIDFILE
> + rm -f $LOCKFILE
> + return "$RETVAL"
Please do like S01syslogd.
Thanks a lot!
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH] package/restorecond: Add new init script
@ 2021-08-09 5:55 José Pekkarinen
2021-08-19 21:21 ` Thomas Petazzoni
0 siblings, 1 reply; 6+ messages in thread
From: José Pekkarinen @ 2021-08-09 5:55 UTC (permalink / raw)
To: buildroot; +Cc: José Pekkarinen
The current restorecond upstream init script is no
good fit for the user space generated by buildroot,
this script is an extension of the original, that
brings some changes from the debian init script to
use start-stop-daemon instead of daemon, while
removing dependencies on /etc/rc.d/init.d/functions
and /lib/lsb/init-functions.
Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
---
package/restorecond/S02restorecond | 113 +++++++++++++++++++++++++++++
package/restorecond/restorecond.mk | 4 +-
2 files changed, 115 insertions(+), 2 deletions(-)
create mode 100644 package/restorecond/S02restorecond
diff --git a/package/restorecond/S02restorecond b/package/restorecond/S02restorecond
new file mode 100644
index 0000000000..24ee30853f
--- /dev/null
+++ b/package/restorecond/S02restorecond
@@ -0,0 +1,113 @@
+#!/bin/sh
+#
+# restorecond: Daemon used to maintain path file context
+#
+# chkconfig: - 12 87
+# description: restorecond uses inotify to look for creation of new files \
+# listed in the /etc/selinux/restorecond.conf file, and restores the \
+# correct security context.
+#
+# processname: /usr/sbin/restorecond
+# config: /etc/selinux/restorecond.conf
+# pidfile: /run/restorecond.pid
+#
+# Return values according to LSB for all commands but status:
+# 0 - success
+# 1 - generic or unspecified error
+# 2 - invalid or excess argument(s)
+# 3 - unimplemented feature (e.g. "reload")
+# 4 - insufficient privilege
+# 5 - program is not installed
+# 6 - program is not configured
+# 7 - program is not running
+
+PATH=/sbin:/bin:/usr/bin:/usr/sbin
+DESC="SELinux file context maintaining daemon"
+NAME=restorecond
+DAEMON=/usr/sbin/$NAME
+DAEMON_ARGS=""
+PIDFILE=/var/run/$NAME.pid
+LOCKFILE=/var/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+
+[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7
+
+# Check that we are root ... so non-root users stop here
+test $EUID = 0 || exit 4
+
+test -x /usr/sbin/restorecond || exit 5
+test -f /etc/selinux/restorecond.conf || exit 6
+
+RETVAL=0
+
+start()
+{
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
+ $DAEMON_ARGS \
+ || return 2
+ touch $LOCKFILE
+ return "$RETVAL"
+}
+
+stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+
+ rm -f $PIDFILE
+ rm -f $LOCKFILE
+ return "$RETVAL"
+}
+
+restart()
+{
+ stop
+ start
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ echo -n $"Starting restorecond: "
+ start
+ case "$?" in
+ 0|1) echo "Ok!" ;;
+ 2) echo "Failed" ;;
+ esac
+ ;;
+ stop)
+ echo -n $"Shutting down restorecond: "
+ stop
+ case "$?" in
+ 0|1) echo "Ok!" ;;
+ 2) echo "Failed" ;;
+ esac
+ ;;
+ status)
+ status restorecond
+ RETVAL=$?
+ ;;
+ force-reload|restart|reload)
+ restart
+ ;;
+ condrestart)
+ [ -e /var/lock/subsys/restorecond ] && restart || :
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|restart|force-reload|status|condrestart}"
+ RETVAL=3
+esac
+
+exit $RETVAL
diff --git a/package/restorecond/restorecond.mk b/package/restorecond/restorecond.mk
index 7ab7e978dd..3c6fb57ea6 100644
--- a/package/restorecond/restorecond.mk
+++ b/package/restorecond/restorecond.mk
@@ -27,8 +27,8 @@ define RESTORECOND_BUILD_CMDS
endef
define RESTORECOND_INSTALL_INIT_SYSV
- $(INSTALL) -m 0755 -D $(@D)/restorecond.init \
- $(TARGET_DIR)/etc/init.d/S20restorecond
+ $(INSTALL) -m 0755 -D package/restorecond/S02restorecond \
+ $(TARGET_DIR)/etc/init.d/S02restorecond
endef
define RESTORECOND_INSTALL_INIT_SYSTEMD
--
2.25.1
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-08-20 12:09 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-27 12:07 [Buildroot] [PATCH] package/restorecond: Add new init script José Pekkarinen
2021-08-16 6:37 ` José Pekkarinen
2021-08-17 8:11 ` José Pekkarinen
2021-08-09 5:55 José Pekkarinen
2021-08-19 21:21 ` Thomas Petazzoni
2021-08-20 12:09 ` José Pekkarinen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.