* [Buildroot] [PATCH 1/1] package/restorecond: Fix restorecond init script.
@ 2020-02-04 10:09 Adam Duskett
2020-02-20 18:15 ` Thomas Petazzoni
0 siblings, 1 reply; 2+ messages in thread
From: Adam Duskett @ 2020-02-04 10:09 UTC (permalink / raw)
To: buildroot
The current restorecond init script has several issues which prevent
it from starting:
- Busybox ash will error at "test $EUID = 0 || exit 4" with the error
"sh: 0: unknown operand"
- start-stop-daemon is not used
- Failures happen silently.
Add our own S20restorecond to the package file and use that instead.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
package/restorecond/S20restorecond | 45 ++++++++++++++++++++++++++++++
package/restorecond/restorecond.mk | 2 +-
2 files changed, 46 insertions(+), 1 deletion(-)
create mode 100644 package/restorecond/S20restorecond
diff --git a/package/restorecond/S20restorecond b/package/restorecond/S20restorecond
new file mode 100644
index 0000000000..1abf678177
--- /dev/null
+++ b/package/restorecond/S20restorecond
@@ -0,0 +1,45 @@
+#!/bin/sh
+RESTORECOND=/usr/sbin/restorecond
+PIDFILE=/run/restorecond.pid
+if [ -x /usr/sbin/selinuxenabled ]; then
+ if ! /usr/sbin/selinuxenabled; then
+ echo "Selinux is not enabled!"
+ exit 7
+ fi
+fi
+
+# Check that we are root ... so non-root users stop here
+if [ $EUID != 0 ]; then
+ echo "Restorecond must be ran as root!"
+ exit 4
+fi
+
+test -x /usr/sbin/restorecond || exit 5
+test -f /etc/selinux/restorecond.conf || exit 6
+
+case "$1" in
+ start)
+ echo "Starting restorecond..."
+ unset HOME MAIL USER USERNAME
+ start-stop-daemon -S -x "${RESTORECOND}" -p "${PIDFILE}"
+ ;;
+ stop)
+ echo "Stopping restorecond..."
+ start-stop-daemon -K -x "${RESTORECOND}" -p "${PIDFILE}" -o
+ ;;
+ reload|force-reload)
+ echo "Reloading restorecond..."
+ restart
+ ;;
+ restart)
+ stop
+ start
+ ;;
+ condrestart)
+ [ -e /var/lock/subsys/restorecond ] && restart
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|reload|force-reload|condrestart}"
+ exit 3
+ ;;
+esac
diff --git a/package/restorecond/restorecond.mk b/package/restorecond/restorecond.mk
index c519b5de2b..cb4859c2d0 100644
--- a/package/restorecond/restorecond.mk
+++ b/package/restorecond/restorecond.mk
@@ -27,7 +27,7 @@ define RESTORECOND_BUILD_CMDS
endef
define RESTORECOND_INSTALL_INIT_SYSV
- $(INSTALL) -m 0755 -D $(@D)/restorecond.init \
+ $(INSTALL) -m 0755 -D $(RESTORECOND_PKGDIR)/S20restorecond \
$(TARGET_DIR)/etc/init.d/S20restorecond
endef
--
2.24.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Buildroot] [PATCH 1/1] package/restorecond: Fix restorecond init script.
2020-02-04 10:09 [Buildroot] [PATCH 1/1] package/restorecond: Fix restorecond init script Adam Duskett
@ 2020-02-20 18:15 ` Thomas Petazzoni
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni @ 2020-02-20 18:15 UTC (permalink / raw)
To: buildroot
Hello,
On Tue, 4 Feb 2020 02:09:42 -0800
Adam Duskett <aduskett@gmail.com> wrote:
> diff --git a/package/restorecond/S20restorecond b/package/restorecond/S20restorecond
> new file mode 100644
> index 0000000000..1abf678177
> --- /dev/null
> +++ b/package/restorecond/S20restorecond
This script needs to be rewritten to follow the coding style / best
practices of package/busybox/S01syslogd, which is our reference init
script.
> @@ -0,0 +1,45 @@
> +#!/bin/sh
> +RESTORECOND=/usr/sbin/restorecond
> +PIDFILE=/run/restorecond.pid
> +if [ -x /usr/sbin/selinuxenabled ]; then
Do we need to check if it's available ? Isn't selinuxenabled one of the
dependencies of this package anyway ?
> + if ! /usr/sbin/selinuxenabled; then
> + echo "Selinux is not enabled!"
> + exit 7
Why 7 ?
> + fi
> +fi
> +
> +# Check that we are root ... so non-root users stop here
> +if [ $EUID != 0 ]; then
> + echo "Restorecond must be ran as root!"
Useless, init scripts in Buildroot are executed as root.
> + exit 4
> +fi
> +
> +test -x /usr/sbin/restorecond || exit 5
> +test -f /etc/selinux/restorecond.conf || exit 6
Please drop these checks as well.
> +
> +case "$1" in
> + start)
> + echo "Starting restorecond..."
> + unset HOME MAIL USER USERNAME
> + start-stop-daemon -S -x "${RESTORECOND}" -p "${PIDFILE}"
> + ;;
> + stop)
> + echo "Stopping restorecond..."
> + start-stop-daemon -K -x "${RESTORECOND}" -p "${PIDFILE}" -o
> + ;;
> + reload|force-reload)
> + echo "Reloading restorecond..."
> + restart
> + ;;
> + restart)
> + stop
> + start
Follow the coding style of package/busybox/S01syslogd here.
> + condrestart)
> + [ -e /var/lock/subsys/restorecond ] && restart
We don't have any condrestart target in any other script.
Best regards,
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-02-20 18:15 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-02-04 10:09 [Buildroot] [PATCH 1/1] package/restorecond: Fix restorecond init script Adam Duskett
2020-02-20 18:15 ` Thomas Petazzoni
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox