The whitelist of environment variables we pass to service scripts
included several unnecessary variables.
The default whitelist now includes EERROR_QUIET, EINFO_QUIET,
IN_BACKGROUND and IN_HOTPLUG.
X-Gentoo-Bug: 569542
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=569542
In the past, OpenRC was a hybrid of a centralized and file-scope
license/copyright structure.
I followed the instructions from the Software Freedom Law Center [1] to
convert to a Centralized structure where possible, for easier future
maintenance.
[1] https://softwarefreedom.org/resources/2012/ManagingCopyrightInformation.html
These functions replace rc_sys so that we can detect containers and vms
separately.
Also, we copy file_regex() to rc-misc.c and open it to all operating
systems.
In src/rc/_usage.c, we were using bootlevel as the variable to hold the
return value of rc_sys.
This changes the variable name to systype because this function returns
a system type, not a runlevel.
The want dependency is similar to the use dependency. If a service
script, for example called service1, adds "want service2" to its depend
function, OpenRC will attempt to start service2, if it exists on the
system, when service1 is started.
However, service1 will start regardless of the status of
service2.
X-Gentoo-Bug: 406021
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=406021
On Linux, the --netdev and --nonetdev switches were not working. They
were both returning false. After this change, they operate based on the
presence or abscence of the _netdev option in mount options.
All of the dependency type lists had the types_ prefix in their names;
this has been changed to deptypes_ to make them more self documenting.
Along the same lines, the setup_types function was renamed
setup_deptypes.
If selinux is disabled, then stub methods will be provided instead of
calling the real methods. This removes some warnings about unused
parameters which used to be covered up with #ifdef HAVE_SELINUX.
Signed-off-by: Jason Zaman <jason@perfinion.com>
The previous fix to --test (PR #34) prevented reading one too many
arguments when --exec -or --name was not specified, but created a
regression where the last argument would not print if either of those
arguments was specified. This corrects the issue.
Fixes#41.
This is another security fix. If you use chown() or chmod() on a
symbolic link, it affects the referenced file, not the symbolic link
itself.
X-Gentoo-Bug: 540006
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=540006
Do not change permissions on the target if it is a file and has multiple
hard links. This is necessary because a hard link can be an attack
vector to gain privilege escalation.
X-Gentoo-Bug: 540006
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=540006
runscript used to dlopen() runscript_selinux.so. This adds equivalent
functionality directly in to runscript instead. It authenticates with
either PAM or shadow and optionally has a dep on audit.
X-Gentoo-Bug: 517450
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=517450
Check for __FreeBSD_kernel instead of __GLIBC__ in source files.
note from William Hubbs:
I was told this is a better check for GNU/kFreeBSD than checking the
C library the source is being compiled against.
GNU/kFreeBSD than checking which library we are using.
The stat structure was not being initialized correctly in do_check. This
was causing the owner adjustment to be skipped if the first path had the
correct owner.
Also, the "correcting owner" message should always be printed when the
owner is being changed.
X-Gentoo-Bug: 518042
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=518042
Remove the recursive call in print_stacked_services which was causing an
infinite loop when using stacked runlevels.
I would like to thank Doug Freed and Jason Zaman for assisting with
tracking this down.
X-Gentoo-Bug: 514972
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=514972
The -W option does not need an argument of its own; it can take the
first path after all other options are processed on the command line.
Also, move the processing for the -W option out of the switch so it will
be in the same loop as the other processing.
