[Buildroot] [PATCH] package/restorecond: Add new init script

José Pekkarinen jose.pekkarinen at unikie.com
Fri Aug 20 12:09:01 UTC 2021


On Fri, Aug 20, 2021 at 12:21 AM Thomas Petazzoni <
thomas.petazzoni at bootlin.com> wrote:

> Hello José,
>
> On Mon,  9 Aug 2021 08:55:57 +0300
> José Pekkarinen <jose.pekkarinen at unikie.com> wrote:
>
> > The current restorecond upstream init script is no
> > good fit for the user space generated by buildroot,
> > this script is an extension of the original, that
> > brings some changes from the debian init script to
> > use start-stop-daemon instead of daemon, while
> > removing dependencies on /etc/rc.d/init.d/functions
> > and /lib/lsb/init-functions.
> >
> > Signed-off-by: José Pekkarinen <jose.pekkarinen at unikie.com>
>
> Thanks a lot, but unfortunately your proposed script still doesn't
> follow the model/template of package/busybox/S01syslogd. Could you try
> to follow the template as closely as possible ?
>
> > diff --git a/package/restorecond/S02restorecond
> b/package/restorecond/S02restorecond
> > new file mode 100644
> > index 0000000000..24ee30853f
> > --- /dev/null
> > +++ b/package/restorecond/S02restorecond
> > @@ -0,0 +1,113 @@
> > +#!/bin/sh
> > +#
> > +# restorecond:               Daemon used to maintain path file context
> > +#
> > +# chkconfig: - 12 87
> > +# description:       restorecond uses inotify to look for creation of
> new files \
> > +# listed in the /etc/selinux/restorecond.conf file, and restores the \
> > +# correct security context.
> > +#
> > +# processname: /usr/sbin/restorecond
> > +# config: /etc/selinux/restorecond.conf
> > +# pidfile: /run/restorecond.pid
> > +#
> > +# Return values according to LSB for all commands but status:
> > +# 0 - success
> > +# 1 - generic or unspecified error
> > +# 2 - invalid or excess argument(s)
> > +# 3 - unimplemented feature (e.g. "reload")
> > +# 4 - insufficient privilege
> > +# 5 - program is not installed
> > +# 6 - program is not configured
> > +# 7 - program is not running
>
> We don't care about all those comments.
>
> > +PATH=/sbin:/bin:/usr/bin:/usr/sbin
> > +DESC="SELinux file context maintaining daemon"
>
> These variables are not needed.
>
> > +NAME=restorecond
> > +DAEMON=/usr/sbin/$NAME
> > +DAEMON_ARGS=""
> > +PIDFILE=/var/run/$NAME.pid
> > +LOCKFILE=/var/run/$NAME.pid
> > +SCRIPTNAME=/etc/init.d/$NAME
> > +
> > +[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7
>
> We don't care about this either.
>
> > +# Check that we are root ... so non-root users stop here
> > +test $EUID = 0  || exit 4
>
> Same.
>
> > +test -x /usr/sbin/restorecond  || exit 5
> > +test -f /etc/selinux/restorecond.conf  || exit 6
>
> Same.
>
> > +
> > +RETVAL=0
> > +
> > +start()
> > +{
> > +     # Return
> > +     #   0 if daemon has been started
> > +     #   1 if daemon was already running
> > +     #   2 if daemon could not be started
> > +     start-stop-daemon --start --quiet --pidfile $PIDFILE --exec
> $DAEMON --test > /dev/null \
> > +             || return 1
>
> Don't test.
>
> > +     start-stop-daemon --start --quiet --pidfile $PIDFILE --exec
> $DAEMON -- \
> > +             $DAEMON_ARGS \
> > +             || return 2
>
> Please see S01syslogd on how to do this.
>
> > +stop()
> > +{
> > +     # Return
> > +     #   0 if daemon has been stopped
> > +     #   1 if daemon was already stopped
> > +     #   2 if daemon could not be stopped
> > +     #   other if a failure occurred
> > +     start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile
> $PIDFILE --name $NAME
> > +     RETVAL="$?"
> > +     [ "$RETVAL" = 2 ] && return 2
> > +
> > +     rm -f $PIDFILE
> > +     rm -f $LOCKFILE
> > +     return "$RETVAL"
>
> Please do like S01syslogd.
>
> Thanks a lot!
>

Thanks for the comments! A new version is now

ready for consumption for when somebody have some
time to check it.

Best regards.

José.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20210820/b56d44b2/attachment.html>


More information about the buildroot mailing list