LogoopenSUSE Build Service > Projects
Sign Up | Log In

View File policycoreutils-initscript.patch of Package policycoreutils (Project security:SELinux)

Index: restorecond/restorecond.init
===================================================================
--- restorecond/restorecond.init.orig
+++ restorecond/restorecond.init
@@ -1,14 +1,23 @@
 #!/bin/sh
 #
-# restorecond:		Daemon used to maintain path file context
+# /etc/init.d/restorecond
 #
-# chkconfig:	- 12 87
-# description:	restorecond uses inotify to look for creation of new files \
-# listed in the /etc/selinux/restorecond.conf file, and restores the \
-# correct security context.
+### BEGIN INIT INFO
+# Provides:          restorecond
+# Required-Start:    $remote_fs
+# Should-Start:
+# Required-Stop:     $remote_fs
+# Should-Stop:
+# Default-Start:     3 4 5
+# Default-Stop:      0 1 2 3 4 6
+# Short-Description: Daemon used to maintain path file context
+# Description:       Restorecond uses inotify to look for creation of new files
+#   listed in the /etc/selinux/restorecond.conf file, and restores the correct
+#   security context.
+### END INIT INFO
 #
 # processname: /usr/sbin/restorecond
-# config: /etc/selinux/restorecond.conf 
+# config: /etc/selinux/restorecond.conf
 # pidfile: /var/run/restorecond.pid
 #
 # Return values according to LSB for all commands but status:
@@ -22,42 +31,61 @@
 # 7 - program is not running
 
 PATH=/sbin:/bin:/usr/bin:/usr/sbin
+PROG_BIN=/usr/sbin/restorecond
+LOCK_FILE=/var/lock/restorecond
+PROG_CONF=/etc/selinux/restorecond.conf
 
 # Source function library.
-. /etc/rc.d/init.d/functions
+. /etc/rc.status
 
-[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7
+# Check whether SELinux is enabled
+if  [ ! -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled ; then
+    echo $"SELinux should be enabled to run this daemon"
+    rc_failed 1
+    rc_status -v
+    rc_exit
+fi
 
 # Check that we are root ... so non-root users stop here
-test $EUID = 0  || exit 4
+if [ $EUID -ne 0 ] ; then
+    echo $"Access denied. Only root can run this daemon"
+    rc_failed 4
+    rc_status -v
+    rc_exit
+fi
+
+# Check whether program binary exists
+if [ ! -x $PROG_BIN ] ; then
+    echo $"$PROG_BIN does not exist or has no executable permission"
+    rc_failed 5
+    rc_status -v
+    rc_exit
+fi
+
+# Check whether the required conf file exists
+if [ ! -f $PROG_CONF ] ; then
+    echo $"$PROG_CONF not found"
+    rc_failed 6
+    rc_status -v
+    rc_exit
+fi
 
-test -x /usr/sbin/restorecond  || exit 5
-test -f /etc/selinux/restorecond.conf  || exit 6
-
-RETVAL=0
-
-start() 
+start()
 {
-        echo -n $"Starting restorecond: "
-	unset HOME MAIL USER USERNAME
-        daemon /usr/sbin/restorecond 
-	RETVAL=$?
-	touch /var/lock/subsys/restorecond
-        echo
-	return $RETVAL
+    echo -n $"Starting restorecond: "
+    unset HOME MAIL USER USERNAME
+    startproc -p $LOCK_FILE $PROG_BIN
+    rc_status -v
 }
 
-stop() 
+stop()
 {
-        echo -n $"Shutting down restorecond: "
-	killproc restorecond
-	RETVAL=$?
-	rm -f  /var/lock/subsys/restorecond
-        echo
-	return $RETVAL
+    echo -n $"Shutting down restorecond: "
+    killproc -p $LOCK_FILE -TERM $PROG_BIN
+    rc_status -v
 }
 
-restart() 
+restart()
 {
     stop
     start
@@ -72,18 +100,20 @@ case "$1" in
 	stop
         ;;
   status)
-	status restorecond
-	RETVAL=$?
+        echo -n $"Checking for restorecond: "
+        checkproc -p $LOCK_FILE $PROG_BIN
+        rc_status -v
 	;;
   force-reload|restart|reload)
 	restart
 	;;
   condrestart)
-	[ -e /var/lock/subsys/restorecond ] && restart || :
+	[ -e $LOCK_FILE ] && restart || :
 	;;
   *)
-        echo $"Usage: $0 {start|stop|restart|force-reload|status|condrestart}"
-        RETVAL=3
+        echo $"Usage: $0 {start|stop|restart|reload|force-reload|status|condrestart}"
+        rc_failed 3
+        rc_status -v
 esac
 
-exit $RETVAL
+rc_exit
Index: sandbox/sandbox.init
===================================================================
--- sandbox/sandbox.init.orig
+++ sandbox/sandbox.init
@@ -1,11 +1,22 @@
 #!/bin/bash
-## BEGIN INIT INFO
+### BEGIN INIT INFO
 # Provides: sandbox
-# Default-Start: 3 4 5
-# Default-Stop: 0 1 2 3 4 6
-# Required-Start:
+# Required-Start:    $remote_fs
+# Should-Start:
+# Required-Stop:     $remote_fs
+# Should-Stop:
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 3 6
+# Required-Start: Set up / mountpoint to be shared, /var/tmp, /tmp, /home/sandbox unshared
+# Short-Description: 
+# Description: sandbox, xguest and other apps that want to use pam_namespace \
+#              require this script be run at boot.  This service script does \
+#              not actually run any service but sets up: \
+#              / to be shared by any app that starts a separate namespace
+#              If you do not use sandbox, xguest or pam_namespace you can turn \
+#              this service off.\
 #              
-## END INIT INFO
+### END INIT INFO
 # sandbox:        Set up / mountpoint to be shared, /var/tmp, /tmp, /home/sandbox unshared
 #
 # chkconfig: 345 1 99
@@ -19,9 +30,9 @@
 #
 
 # Source function library.
-. /etc/init.d/functions
+. /etc/rc.status
 
-LOCKFILE=/var/lock/subsys/sandbox
+LOCKFILE=/var/lock/sandbox
 
 base=${0##*/}
 
@@ -31,7 +42,7 @@ start() {
 	[ -f "$LOCKFILE" ] && return 0
 
 	touch $LOCKFILE
-	mount --make-rshared / || return $? 
+	mount --make-rshared / || return $?
 	return 0
 }
 
@@ -68,9 +79,13 @@ case "$1" in
     status)
 	status
 	;;
+    reload)
+        # unused
+        exit 3
+        ;;
 
     *)
-	echo $"Usage: $0 {start|stop|status|restart}"
+	echo $"Usage: $0 {start|stop|status|restart|reload}"
 	exit 3
 	;;
 esac
Index: mcstrans/src/mcstrans.init
===================================================================
--- mcstrans/src/mcstrans.init.orig
+++ mcstrans/src/mcstrans.init
@@ -20,7 +20,7 @@
 
 PATH=/sbin:/bin:/usr/bin:/usr/sbin
 prog="mcstransd"
-lockfile=/var/lock/subsys/$prog
+lockfile=/var/lock/$prog
 
 # Source function library.
 . /etc/init.d/functions