[Buildroot] [PATCH] Fix restorecond startup for sysvinit builds

José Pekkarinen jose.pekkarinen at unikie.com
Fri Jul 23 12:47:54 UTC 2021 

Currently restorecond init script sources the
file /etc/rc.d/init.d/functions, that in some
init systems, like sysvinit, may not be available,
however, it doesn't actually uses any function
from it.

Also, the init script uses daemon, that is not
marked as a dependency. So this patches adds its
dependency to guarantee it's present in the build.

Signed-off-by: José Pekkarinen <jose.pekkarinen at unikie.com>
---
 package/restorecond/Config.in      |  2 +
 package/restorecond/S20restorecond | 86 ++++++++++++++++++++++++++++++
 package/restorecond/restorecond.mk |  4 +-
 3 files changed, 90 insertions(+), 2 deletions(-)
 create mode 100644 package/restorecond/S20restorecond

diff --git a/package/restorecond/Config.in b/package/restorecond/Config.in
index 31f85f2882..c2e773eace 100644
--- a/package/restorecond/Config.in
+++ b/package/restorecond/Config.in
@@ -4,11 +4,13 @@ config BR2_PACKAGE_RESTORECOND
 	depends on BR2_USE_WCHAR # libglib2
 	depends on BR2_TOOLCHAIN_HAS_THREADS # libglib2
 	depends on !BR2_STATIC_LIBS # libselinux
+	depends on BR2_PACKAGE_DAEMON # daemon
 	select BR2_PACKAGE_DBUS
 	select BR2_PACKAGE_DBUS_GLIB
 	select BR2_PACKAGE_LIBGLIB2
 	select BR2_PACKAGE_LIBSELINUX
 	select BR2_PACKAGE_LIBSEPOL
+	select BR2_PACKAGE_DAEMON
 	help
 	  restorecond is a daemon that watches for file creation and
 	  then sets the default SELinux file context for that file.
diff --git a/package/restorecond/S20restorecond b/package/restorecond/S20restorecond
new file mode 100644
index 0000000000..df6f53fe3f
--- /dev/null
+++ b/package/restorecond/S20restorecond
@@ -0,0 +1,86 @@
+#!/bin/sh
+#
+# restorecond:		Daemon used to maintain path file context
+#
+# chkconfig:	- 12 87
+# description:	restorecond uses inotify to look for creation of new files \
+# listed in the /etc/selinux/restorecond.conf file, and restores the \
+# correct security context.
+#
+# processname: /usr/sbin/restorecond
+# config: /etc/selinux/restorecond.conf
+# pidfile: /run/restorecond.pid
+#
+# Return values according to LSB for all commands but status:
+# 0 - success
+# 1 - generic or unspecified error
+# 2 - invalid or excess argument(s)
+# 3 - unimplemented feature (e.g. "reload")
+# 4 - insufficient privilege
+# 5 - program is not installed
+# 6 - program is not configured
+# 7 - program is not running
+
+PATH=/sbin:/bin:/usr/bin:/usr/sbin
+
+[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7
+
+# Check that we are root ... so non-root users stop here
+test $EUID = 0  || exit 4
+
+test -x /usr/sbin/restorecond  || exit 5
+test -f /etc/selinux/restorecond.conf  || exit 6
+
+RETVAL=0
+
+start()
+{
+        echo -n $"Starting restorecond: "
+	unset HOME MAIL USER USERNAME
+        daemon /usr/sbin/restorecond
+	RETVAL=$?
+	touch /var/lock/subsys/restorecond
+        echo
+	return $RETVAL
+}
+
+stop()
+{
+        echo -n $"Shutting down restorecond: "
+	killproc restorecond
+	RETVAL=$?
+	rm -f  /var/lock/subsys/restorecond
+        echo
+	return $RETVAL
+}
+
+restart()
+{
+    stop
+    start
+}
+
+# See how we were called.
+case "$1" in
+  start)
+	start
+        ;;
+  stop)
+	stop
+        ;;
+  status)
+	status restorecond
+	RETVAL=$?
+	;;
+  force-reload|restart|reload)
+	restart
+	;;
+  condrestart)
+	[ -e /var/lock/subsys/restorecond ] && restart || :
+	;;
+  *)
+        echo $"Usage: $0 {start|stop|restart|force-reload|status|condrestart}"
+        RETVAL=3
+esac
+
+exit $RETVAL
diff --git a/package/restorecond/restorecond.mk b/package/restorecond/restorecond.mk
index 7ab7e978dd..1546661baf 100644
--- a/package/restorecond/restorecond.mk
+++ b/package/restorecond/restorecond.mk
@@ -9,7 +9,7 @@ RESTORECOND_SITE = https://github.com/SELinuxProject/selinux/releases/download/2
 RESTORECOND_LICENSE = GPL-2.0
 RESTORECOND_LICENSE_FILES = COPYING
 
-RESTORECOND_DEPENDENCIES = libglib2 libsepol libselinux dbus-glib
+RESTORECOND_DEPENDENCIES = libglib2 libsepol libselinux dbus-glib daemon
 
 # Undefining _FILE_OFFSET_BITS here because of a "bug" with glibc fts.h
 # large file support.
@@ -27,7 +27,7 @@ define RESTORECOND_BUILD_CMDS
 endef
 
 define RESTORECOND_INSTALL_INIT_SYSV
-	$(INSTALL) -m 0755 -D $(@D)/restorecond.init \
+	$(INSTALL) -m 0755 -D package/restorecond/S20restorecond \
 		$(TARGET_DIR)/etc/init.d/S20restorecond
 endef
 
-- 
2.25.1

More information about the buildroot mailing list