From 3272261479c2a3ed860f71523497f5662ada55eb Mon Sep 17 00:00:00 2001 From: William Hubbs Date: Thu, 23 Feb 2012 16:47:52 -0600 Subject: Skip pam if running as root Reported-by: Piotr Karbowski X-Gentoo-Bug: 386623 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=386623 --- src/rc/start-stop-daemon.c | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/src/rc/start-stop-daemon.c b/src/rc/start-stop-daemon.c index a8a7bd3..965b331 100644 --- a/src/rc/start-stop-daemon.c +++ b/src/rc/start-stop-daemon.c @@ -1178,20 +1178,18 @@ start_stop_daemon(int argc, char **argv) } #ifdef HAVE_PAM - if (changeuser != NULL) + if (changeuser != NULL) { pamr = pam_start("start-stop-daemon", changeuser, &conv, &pamh); - else - pamr = pam_start("start-stop-daemon", - "nobody", &conv, &pamh); - - if (pamr == PAM_SUCCESS) - pamr = pam_acct_mgmt(pamh, PAM_SILENT); - if (pamr == PAM_SUCCESS) - pamr = pam_open_session(pamh, PAM_SILENT); - if (pamr != PAM_SUCCESS) - eerrorx("%s: pam error: %s", - applet, pam_strerror(pamh, pamr)); + + if (pamr == PAM_SUCCESS) + pamr = pam_acct_mgmt(pamh, PAM_SILENT); + if (pamr == PAM_SUCCESS) + pamr = pam_open_session(pamh, PAM_SILENT); + if (pamr != PAM_SUCCESS) + eerrorx("%s: pam error: %s", + applet, pam_strerror(pamh, pamr)); + } #endif if (gid && setgid(gid)) @@ -1219,15 +1217,17 @@ start_stop_daemon(int argc, char **argv) rc_stringlist_add(env_list, environ[i++]); #ifdef HAVE_PAM - pamenv = (const char *const *)pam_getenvlist(pamh); - if (pamenv) { - while (*pamenv) { - /* Don't add strings unless they set a var */ - if (strchr(*pamenv, '=')) - putenv(xstrdup(*pamenv)); - else - unsetenv(*pamenv); - pamenv++; + if (changeuser != NULL) { + pamenv = (const char *const *)pam_getenvlist(pamh); + if (pamenv) { + while (*pamenv) { + /* Don't add strings unless they set a var */ + if (strchr(*pamenv, '=')) + putenv(xstrdup(*pamenv)); + else + unsetenv(*pamenv); + pamenv++; + } } } #endif @@ -1304,7 +1304,7 @@ start_stop_daemon(int argc, char **argv) setsid(); execvp(exec, argv); #ifdef HAVE_PAM - if (pamr == PAM_SUCCESS) + if (changeuser != NULL && pamr == PAM_SUCCESS) pam_close_session(pamh, PAM_SILENT); #endif eerrorx("%s: failed to exec `%s': %s", -- cgit v1.2.3 From de6323ba51fb8525fb1e48b0331c15daf86d5916 Mon Sep 17 00:00:00 2001 From: Christian Ruppert Date: Sat, 25 Feb 2012 17:53:43 +0100 Subject: Fix rc_proc_getent() undeclared on BSD X-Gentoo-Bug: 405713 X-Gentoo-Bug-URL: https://bugs.gentoo.org/405713 Reported-by: Dmitri Bogomolov <4glitch@gmail.com> --- src/librc/librc.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/librc/librc.h b/src/librc/librc.h index 54c9a1a..6d4cdc3 100644 --- a/src/librc/librc.h +++ b/src/librc/librc.h @@ -87,7 +87,9 @@ librc_hidden_proto(rc_find_pids) librc_hidden_proto(rc_getfile) librc_hidden_proto(rc_getline) librc_hidden_proto(rc_newer_than) +#ifdef __linux__ librc_hidden_proto(rc_proc_getent) +#endif librc_hidden_proto(rc_older_than) librc_hidden_proto(rc_runlevel_exists) librc_hidden_proto(rc_runlevel_get) -- cgit v1.2.3 From 582c8e986840158db3162a89cf85c29ec4bf7107 Mon Sep 17 00:00:00 2001 From: William Hubbs Date: Sat, 25 Feb 2012 15:00:03 -0600 Subject: librc: make rc_proc_getent available for all operating systems This looks up an option on the kernel command line. For now, itworks on linux and returns NULL on the bsds, but we are definitely open to patches for that side. --- src/librc/librc-misc.c | 6 ++++-- src/librc/librc.h | 2 -- src/librc/rc.h.in | 2 -- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/src/librc/librc-misc.c b/src/librc/librc-misc.c index 6e9fce6..06f97e7 100644 --- a/src/librc/librc-misc.c +++ b/src/librc/librc-misc.c @@ -128,10 +128,10 @@ rc_getline(char **line, size_t *len, FILE *fp) } librc_hidden_def(rc_getline) -#ifdef __linux__ char * rc_proc_getent(const char *ent) { +#ifdef __linux__ FILE *fp; char *proc, *p, *value = NULL; size_t i, len; @@ -171,9 +171,11 @@ rc_proc_getent(const char *ent) free(proc); return value; +#else + return NULL; +#endif } librc_hidden_def(rc_proc_getent) -#endif RC_STRINGLIST * rc_config_list(const char *file) diff --git a/src/librc/librc.h b/src/librc/librc.h index 6d4cdc3..54c9a1a 100644 --- a/src/librc/librc.h +++ b/src/librc/librc.h @@ -87,9 +87,7 @@ librc_hidden_proto(rc_find_pids) librc_hidden_proto(rc_getfile) librc_hidden_proto(rc_getline) librc_hidden_proto(rc_newer_than) -#ifdef __linux__ librc_hidden_proto(rc_proc_getent) -#endif librc_hidden_proto(rc_older_than) librc_hidden_proto(rc_runlevel_exists) librc_hidden_proto(rc_runlevel_get) diff --git a/src/librc/rc.h.in b/src/librc/rc.h.in index 468990e..eaae25f 100644 --- a/src/librc/rc.h.in +++ b/src/librc/rc.h.in @@ -360,12 +360,10 @@ bool rc_newer_than(const char *, const char *, time_t *, char *); * @return true if source is older than target, otherwise false */ bool rc_older_than(const char *, const char *, time_t *, char *); -#ifdef __linux__ /*! Read variables/values from /proc/cmdline * @param value * @return pointer to the value, otherwise NULL */ char *rc_proc_getent(const char *); -#endif /*! Update the cached dependency tree if it's older than any init script, * its configuration file or an external configuration file the init script -- cgit v1.2.3 From 0fa164dff25969dd56a868446e0644396b2587dc Mon Sep 17 00:00:00 2001 From: William Hubbs Date: Wed, 29 Feb 2012 09:37:23 -0600 Subject: Clarify the meaning of the clock_hctosys variable Reported-by: Ian Abbott X-Gentoo-Bug: 405861 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=405861 --- conf.d/hwclock | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/conf.d/hwclock b/conf.d/hwclock index 230d81d..59bb732 100644 --- a/conf.d/hwclock +++ b/conf.d/hwclock @@ -4,9 +4,11 @@ # you should set it to "local". clock="UTC" -# If you want to set the system time to the current hardware clock -# during bootup, then say "YES" here. You do not need this if you are -# running a modern kernel with CONFIG_RTC_HCTOSYS set to y. +# If you want the hwclock script to set the system time (software clock) +# to match the current hardware clock during bootup, leave this +# commented out. +# However, you can set this to "NO" ifyou are running a modern kernel +# with CONFIG_RTC_HCTOSYS set to y and your hardware clock set to UTC. #clock_hctosys="YES" # If you do not want to set the hardware clock to the current system -- cgit v1.2.3 From 0dc9431bdb989231cfa20560d69aebebd487a926 Mon Sep 17 00:00:00 2001 From: "Robin H. Johnson" Date: Fri, 2 Mar 2012 19:51:09 +0000 Subject: Add a potential future problem I can see with metric calculation and interfaces that change often. Signed-off-by: Robin H. Johnson --- TODO | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/TODO b/TODO index cd9ac0c..ccc074b 100644 --- a/TODO +++ b/TODO @@ -5,3 +5,17 @@ - oldnet[bridging]: Review setting of bridge configuration on dynamic interface add - Document rc-depend binary. + +- _ifindex is not a reliable means of calculating metrics: + _ifindex is used for calculating metrics for new devices but has a major + problem: Since it's only the nth entry in /proc/net/dev + And devices may be removed from that file, and reordered, you won't always + get the same result. + If you do: + - add eth0 - _ifindex (eth0=0) + - add vlan1 - _ifindex (eth0=0,vlan1=1) + - add vlan2 - _ifindex (eth0=0,vlan1=1,vlan2=2) + - rem vlan1 - _ifindex (eth0=0,vlan2=1) + - add vlan3 - _ifindex (eth0=0,vlan2=1,vlan3=2) + Now your routing table has entries for both vlan2 and vlan3 with a metric of 2. + -- cgit v1.2.3 From 7a1e4ef606a814b124fc35136c2821484981e6cb Mon Sep 17 00:00:00 2001 From: "Robin H. Johnson" Date: Fri, 2 Mar 2012 19:54:48 +0000 Subject: Bug #405491: _exists can give a false negative since /proc/net/dev can be slow to update sometimes when interfaces are added rapidly. Use sysfs instead. Signed-off-by: Robin H. Johnson --- net/ifconfig.sh.Linux.in | 2 +- net/iproute2.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net/ifconfig.sh.Linux.in b/net/ifconfig.sh.Linux.in index 80a0b98..9eaa7c5 100644 --- a/net/ifconfig.sh.Linux.in +++ b/net/ifconfig.sh.Linux.in @@ -19,7 +19,7 @@ _down() _exists() { - grep -Eq "^[[:space:]]*${IFACE}:" /proc/net/dev + [ -e /sys/class/net/"$IFACE" ] } _ifindex() diff --git a/net/iproute2.sh b/net/iproute2.sh index 09912bf..e06152f 100644 --- a/net/iproute2.sh +++ b/net/iproute2.sh @@ -20,7 +20,7 @@ _down() _exists() { - grep -Eq "^[[:space:]]*${IFACE}:" /proc/net/dev + [ -e /sys/class/net/"$IFACE" ] } _ifindex() -- cgit v1.2.3 From 9fa54a8e8036262a7ea599d68e04fcbd8213506e Mon Sep 17 00:00:00 2001 From: William Hubbs Date: Sat, 3 Mar 2012 09:16:27 -0600 Subject: Runscript: allow extra_commands to be run in chroots The commands defined in the extra_commands variable do not depend on whether the service is stopped or started, so it is valid to run them in chroot environments. Also, add a note to the runscript man page about the commands in extra_commands being able to run whether or not the service is started. Reported-by: Robin Johnson X-Gentoo-Bug: 406713 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=406713 --- man/runscript.8 | 3 ++- sh/runscript.sh.in | 35 +++++++++++++++++++++-------------- 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/man/runscript.8 b/man/runscript.8 index 3b037ce..64f36b1 100644 --- a/man/runscript.8 +++ b/man/runscript.8 @@ -92,7 +92,8 @@ or stopping them. The following variables affect the service script: .Bl -tag -width "RC_DEFAULTLEVEL" .It Ar extra_commands -Space separated list of extra commands the service defines. +Space separated list of extra commands the service defines. These should +not depend on the service being stopped or started. .It Ar extra_started_commands Space separated list of extra commands the service defines. These only work if the service has already been started. diff --git a/sh/runscript.sh.in b/sh/runscript.sh.in index 83db42b..15cdb86 100644 --- a/sh/runscript.sh.in +++ b/sh/runscript.sh.in @@ -4,6 +4,22 @@ # Copyright (c) 2007-2009 Roy Marples # Released under the 2-clause BSD license. +verify_boot() +{ + if [ ! -e ${RC_SVCDIR}/softlevel ]; then + eerror "You are attempting to run an openrc service on a" + eerror "system which openrc did not boot." + eerror "You may be inside a chroot or you may have used" + eerror "another initialization system to boot this system." + eerror "In this situation, you will get unpredictable results!" + eerror + eerror "If you really want to do this, issue the following command:" + eerror "touch ${RC_SVCDIR}/softlevel" + exit 1 + fi + return 0 +} + sourcex() { if [ "$1" = "-e" ]; then @@ -24,18 +40,6 @@ if sourcex -e "/sbin/livecd-functions.sh"; then livecd_read_commandline fi -if [ ! -e ${RC_SVCDIR}/softlevel ]; then - eerror "You are attempting to run an openrc service on a" - eerror "system which openrc did not boot." - eerror "You may be inside a chroot or you may have used" - eerror "another initialization system to boot this system." - eerror "In this situation, you will get unpredictable results!" - eerror - eerror "If you really want to do this, issue the following command:" - eerror "touch ${RC_SVCDIR}/softlevel" - exit 1 -fi - if [ -z "$1" -o -z "$2" ]; then eerror "$RC_SVCNAME: not enough arguments" exit 1 @@ -256,7 +260,7 @@ while [ -n "$1" ]; do # we can run this command for _cmd in $extra_started_commands; do if [ "$_cmd" = "$1" ]; then - if ! service_started; then + if verify_boot && ! service_started; then eerror "$RC_SVCNAME: cannot \`$1' as it has not been started" exit 1 fi @@ -266,13 +270,16 @@ while [ -n "$1" ]; do # we can run this command for _cmd in $extra_stopped_commands; do if [ "$_cmd" = "$1" ]; then - if ! service_stopped; then + if verify_boot && ! service_stopped; then eerror "$RC_SVCNAME: cannot \`$1' as it has not been stopped" exit 1 fi fi done unset _cmd + case $1 in + start|stop|status) verify_boot;; + esac if [ "$(command -v "$1_pre")" = "$1_pre" ] then "$1"_pre || exit $? -- cgit v1.2.3 From b27a9003bb0e3123b91b2b734629f980b8ccad6f Mon Sep 17 00:00:00 2001 From: "Robin H. Johnson" Date: Sun, 11 Mar 2012 12:54:48 -0700 Subject: net/ifconfig: The location of the ifconfig binary has changed The location of the ifconfig binary has changed in net-tools-1.60_p20120127084908, and if we do not check both locations for it, the user will get errors like: _is_wireless: command not found _exists: command not found X-Gentoo-Bug: 407757 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=407757 --- net/ifconfig.sh.Linux.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ifconfig.sh.Linux.in b/net/ifconfig.sh.Linux.in index 9eaa7c5..411401d 100644 --- a/net/ifconfig.sh.Linux.in +++ b/net/ifconfig.sh.Linux.in @@ -3,7 +3,7 @@ ifconfig_depend() { - program /sbin/ifconfig + program /sbin/ifconfig /bin/ifconfig provide interface } -- cgit v1.2.3