The whitelist of environment variables we pass to service scripts
included several unnecessary variables.
The default whitelist now includes EERROR_QUIET, EINFO_QUIET,
IN_BACKGROUND and IN_HOTPLUG.
X-Gentoo-Bug: 569542
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=569542
In the past, OpenRC was a hybrid of a centralized and file-scope
license/copyright structure.
I followed the instructions from the Software Freedom Law Center [1] to
convert to a Centralized structure where possible, for easier future
maintenance.
[1] https://softwarefreedom.org/resources/2012/ManagingCopyrightInformation.html
These functions replace rc_sys so that we can detect containers and vms
separately.
Also, we copy file_regex() to rc-misc.c and open it to all operating
systems.
In src/rc/_usage.c, we were using bootlevel as the variable to hold the
return value of rc_sys.
This changes the variable name to systype because this function returns
a system type, not a runlevel.
These functions were never meant to be used outside of OpenRC, and they
were added when we thought we were going to do away with the automatic
detection of subsystems. Since the autodetection is not going away, we
can combine these functions into rc_sys.
The want dependency is similar to the use dependency. If a service
script, for example called service1, adds "want service2" to its depend
function, OpenRC will attempt to start service2, if it exists on the
system, when service1 is started.
However, service1 will start regardless of the status of
service2.
X-Gentoo-Bug: 406021
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=406021
Rename the rc_conf_override function to describe its purpose better,
drop one conditional compile by making it available everywhere, and move
the call to it after the optional rc.conf.d directory is processed.
This makes it possible to override settings in rc.conf by adding a
directory @SYSCONFDIR@/rc.conf.d and putting files in this directory.
The files will be processed in lexical order, and the last setting in
these files will be used.
On Linux, the --netdev and --nonetdev switches were not working. They
were both returning false. After this change, they operate based on the
presence or abscence of the _netdev option in mount options.
All of the dependency type lists had the types_ prefix in their names;
this has been changed to deptypes_ to make them more self documenting.
Along the same lines, the setup_types function was renamed
setup_deptypes.
If a service has the same name as the runlevel it is in, openrc will
crash on changing to such runlevel. It goes in a recursive madness and
eventually gets a SEGV while in snprintf (don't know why).
This fixes two errors:
1. ls_dir stats files not with full path -> stat always returns != 0
2. ls_dir adds files to list if stat failed
This fixes#53.
X-Gentoo-Bug: 537304
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=537304
If selinux is disabled, then stub methods will be provided instead of
calling the real methods. This removes some warnings about unused
parameters which used to be covered up with #ifdef HAVE_SELINUX.
Signed-off-by: Jason Zaman <jason@perfinion.com>
The previous fix to --test (PR #34) prevented reading one too many
arguments when --exec -or --name was not specified, but created a
regression where the last argument would not print if either of those
arguments was specified. This corrects the issue.
Fixes#41.
This is another security fix. If you use chown() or chmod() on a
symbolic link, it affects the referenced file, not the symbolic link
itself.
X-Gentoo-Bug: 540006
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=540006
Do not change permissions on the target if it is a file and has multiple
hard links. This is necessary because a hard link can be an attack
vector to gain privilege escalation.
X-Gentoo-Bug: 540006
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=540006
runscript used to dlopen() runscript_selinux.so. This adds equivalent
functionality directly in to runscript instead. It authenticates with
either PAM or shadow and optionally has a dep on audit.
X-Gentoo-Bug: 517450
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=517450
Check for __FreeBSD_kernel instead of __GLIBC__ in source files.
note from William Hubbs:
I was told this is a better check for GNU/kFreeBSD than checking the
C library the source is being compiled against.
GNU/kFreeBSD than checking which library we are using.
The stat structure was not being initialized correctly in do_check. This
was causing the owner adjustment to be skipped if the first path had the
correct owner.
Also, the "correcting owner" message should always be printed when the
owner is being changed.
X-Gentoo-Bug: 518042
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=518042
Remove the recursive call in print_stacked_services which was causing an
infinite loop when using stacked runlevels.
I would like to thank Doug Freed and Jason Zaman for assisting with
tracking this down.
X-Gentoo-Bug: 514972
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=514972
The -W option does not need an argument of its own; it can take the
first path after all other options are processed on the command line.
Also, move the processing for the -W option out of the switch so it will
be in the same loop as the other processing.
Before this commit, not specifying -d, -f, -p or -W in a checkpath
command meant the command exited successfully but actually did nothing.
This is an error condition, so report it as such.
Thanks to info and testing done by Daniel Robbins <drobbins@funtoo.org>,
there is now a fix for this. Below is his description of the steps
OpenRC needed to use.
1) See if /proc/<pid>/status exists
2) If it does, see if it has a "envID:" field
3) If it does, see if "envID:" is set to "0"
4) If so, then it's one of the host's processes and should be a
candidate for the list. Otherwise, it is one of the container's
processes and should be ignored.
This should fix the bug and allow start-stop-daemon to work properly on
OpenVZ hosts.
X-Gentoo-Bug: 376817
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=376817
The mount and remount options should always be processed. They were only
being processed if -q was not on the command line.
X-Gentoo-Bug: 498206
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=498206
The -a option,which only applies to the del command, is used to remove a
service from all runlevels.
X-Gentoo-Bug: 497740
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=497740
This was requested by Debian, because the minicom software, which is
available on Debian and other distros, has a binary named runscript. We
are keeping a backward compatibility symlink for now, but this allows
Debian or any other distro to safely remove the symlink.
X-Gentoo-Bug: 494220
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=494220
The message about a service being scheduled to start was confusing to
some of our users; I was told this wording is more clear.
X-Gentoo-Bug: 493070
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=493070
Debian requested this rename due to the "rc" binary conflicting with the
"rc" binary from the plan 9 shell.
We also add a deprecation warning to the binary when it is run as rc to
encourage users to switch to openrc instead.
X-Gentoo-Bug: 493958
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=493958
The rc_runlevel_exists function was attempting to treat "." and ".." as
valid runlevels; however, this should not be allowed.
X-Gentoo-Bug: 488710
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=488710
Convert these messages to warnings that are only displayed if
EINFO_VERBOSE is set to yes in the environment.
This is based on a suggestion from Patrick Lauer <patrick@gentoo.org>.
X-Gentoo-Bug: 487588
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=487588
Several calls to do_stop were forcing the test parameter to be true,
which was causing extra output to the terminal, such as:
* Would send signal 0 to pid xxxxx
This should only happen if the --test command line option was used.
We should first check if we are within bounds and then read rather than
the opposite.
This makes valgrind happy.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
The eerror calls in this function make it too verbose, so change them to
ewarnv() calls instead. This means that they will only print if the
--verbose option is used or EINFO_VERBOSE=yes is set in the environment.
The libeinfo library has no consumers other than OpenRC, so there is no
reason for it to be maintained as a library. The einfo routines are now
an object that links with the rc binary.
Along the same lines as the quiet variable, this is controlled by an
environment variable for the einfo code, so we do not need a separate
boolean flag.
The suppression of output is controlled in the e* functions themselves,
so there is no need for a variable to test in start-stop-daemon.
X-Gentoo-Bug: 482396
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=482396
Patch was provided by Max Hacking <max.gentoo.bugzilla@hacking.co.uk>
and slightly fixed by Alexander Vershilov <qnikst@gentoo.org> and
William Hubbs <williamh@gentoo.org>.
Fixes:
1). Rebase to newest OpenRC version.
2). Remove code style fixes. Port to currect code style.
3). Fix rc_runlevel_stack instead of introducing new function.
4). Make get_runlevel_chain a private function.
X-Gentoo-Bug: 467368
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=467368
Add an EERROR_QUIET environment variable which works like EINFO_QUIET
but for the eerror functions. This will allow library consumers to
choose whether to suppress eerror messages separately from einfo and
ewarn messages.
X-Gentoo-Bug: 482396
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=482396
This makes the eerror* functions honor the EINFO_QUIET environment
variable like the einfo* and ewarn* functions.
X-Gentoo-Bug: 482396
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=482396
This reverts commit 4ee62c7903.
The previously referenced commit broke consistency because ewarnx() was
respecting the EINFO_QUIET environment setting, but after this commit,
ewarn() was not.
Also, due to discussion on the below referenced bugs, I think we do
want to suppress warnings when EINFO_QUIET=yes.
X-Gentoo-Bug: 482396
X-Gentoo-Bug: 439174
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=482396
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=439174
The einfo() function tests for the EINFO_QUIET environment variable
directly, and this is the variable that is set by the --quiet flag, so
there was no reason for this test to exist.
OpenRC, by default, stops all services that are not listed in a runlevel
when rc is used to switch runlevels. This adds a -n/--no-stop command
line option to rc which tells it to skip stopping the services which are
not in the runlevel.
Reported-by: gentoo@thoth.purplefrog.com
X-Gentoo-Bug: 372585
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=372585
The /proc/1/environ contains various \0 terminated strings. The current
code will only work when the search string is in the first of those.
To fix this we look for strings in entire buffer.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
The old message did not indicate that the runlevel argument was optional
for add and del or that it could be used with show.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
BINDIR and SBINDIR can be set independently of PREFIX and may not be set
to PREFIX/bin as scripts currently assume.
Note from William Hubbs:
This adds @BINDIR@ and @SBINDIR@ macros to the sed commands run to
convert *.in files to the executable form.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
This directory will contain tools which are not necessary for OpenRC to
run, but which some users have found useful.
The first of these is deptree2dot, which converts /run/openrc/deptree to
a .dot file for use with graphviz. This can assist in finding circular
dependencies.
This doesn't affect us on gentoo, but on archlinux, which has done the
/usr merge, OpenRC was looking for /run under PREFIX. /run is always at
the root level, so it shouldn't have prefix appended to it.
Reported-by: udeved@openrc4arch.site40.net
Checkpath was printing the path it was working with unless it was
correcting the owner. In this case, it was printing "checkpath", which
is not very useful.
Reported-by: <devurandom@gmx.net>
X-Gentoo-Bug: 439014
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=439014
Previously, we were setting the quiet flag before the command line was
parsed. Since the flag is only used once, we can just read the
environment variable which is set by the parsing process.
Reported-by: <devurandom@gmx.net>
X-Gentoo-Bug: 439010
X-Gentoo-Bug-URL: http://bugs.gentoo.org/show_bug.cgi?id=439010
Fix checkpath so that it only changes the owner/group if -o is on the
command line.
Reported-by: <flameeyes@gentoo.org>
X-Gentoo-Bug: 437560
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=437560
This is needed because the network script uses this variable in the
depend() function but it wasn't exported when this was run.
Reported-by: <aaly90@gmail.com>
On prefix systems, RC_SVCDIR was being defined based on the host
operating system. This is not correct because there will not be a /run
directory in a prefix.
This commit moves RC_SVCDIR on prefix systems to the same location as on
non-Linux systems.
We want to lookup the service based on the applet name.
Reported-by: Christian Ruppert <idl0r@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
If you are not using linux, this should not affect you.
If you are using linux, from this point forward, openrc requires the
/run directory to be a mounted tmpfs. If it is, you can run
@LIBEXECDIR@/sh/migrate-to-run.sh as root to migrate your dependency
tree and state information to the new location. If it is not, you must
create the /run directory as root with permissions 755 then reboot your
system.
reported-by: Maxim Kammerer <mk@dee.su>
X-Gentoo-Bug: 401059
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=401059
Many of these helpers are not special to librc, so split them out so they
can be used in all source trees (including libeinfo).
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Caused by bug 412589 I was looking at the do_mark_service() function and quickly
found that the segfault is caused by a strlen() call against a NULL pointer.
I also noticed it's using "/exclusive/%s.%s" so svcname.pid, all other functions
are just using the svcname.. So it seems that svcname.pid was/is never used and
thus not necessary at all.
In relation to the above, the if statement in the do_mark_service() function
("if (ok && svcname && strcmp(svcname, service) == 0) {") needs to be
fixed/improved as svcname and service are almost always equal, see my comment in
the function for further details.
Signed-off-by: Christian Ruppert <idl0r@gentoo.org>
Reported-by: Patrick McLean <chutzpah@gentoo.org>
X-Gentoo-Bug: 412589
X-Gentoo-Bug-URL: https://bugs.gentoo.org/412589
This fixes a compile issue. Also, it is cleaner to have the client
output error messages as opposed to having the library do this.
Reported-by: Ewoud Kohl van Wijngaarden <gentoo@kohlvanwijngaarden.nl>
X-Gentoo-Bug: 409743
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=409743
This looks up an option on the kernel command line. For now, itworks on
linux and returns NULL on the bsds, but we are definitely open to
patches for that side.
This adds a --remount/-R option to fstabinfo. This new option works like
--mount, but it adds the necessary options to remount a file system
that is already mounted.
Reported-by: Piotr Karbowski <piotr.karbowski@gmail.com>
X-Gentoo-Bug: 401573
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=401573
Openrc was quietly loading this file if it existed and this was causing
some issues, so now openrc loads the file and complains about it.
Hopefully the warning message will convince everyone to remove this file
and migrate the settings to @SYSCONFDIR@/rc.conf where they belong.
Also ignore errors in case of EROFS (Read-Only file systems)
Reported-by: Maxim Kammerer
X-Gentoo-Bug: 401115
X-Gentoo-Bug-URL: https://bugs.gentoo.org/401115
There's no need to loop until flock was successfully as flock() would simply
block till a previous lock has been released.
There's more to do to fix it properly, see my comments in the patch.
Reported-by: James Le Cuirot <chewi@aura-online.co.uk>
X-Gentoo-Bug: 360013
X-Gentoo-Bug-URL: https://bugs.gentoo.org/360013
Checkpath -W will use access(3p) to determine whether or not a path is
writable. This is more accurate than test(1p) because it also takes into
account whether or not the filesystem is mounted read-only.
Modified by William Hubbs to add the man page update.
The following information is taken from the feature_test_macros man
page:
<features.h> is a Linux/glibc-specific header file. Other systems have
an analogous file, but typically with a different name. This header
file is automatically included by other header files as required: it is
not necessary to explicitly include it in order to employ feature test
macros.
Reported-by: Tibor Vago <tibor.vago@gmail.com>
X-Gentoo-Bug: 399635
X-Gentoo-Bug-URL: http://bugs.gentoo.org/show_bug.cgi?id=399635
This adds a new function that allows us to override some specific rc.conf
options via the kernel cmdline aka /proc/cmdline.
This makes esp. sense in cases where a rc_parallel enabled system has boot
issues. Simply disable rc_parallel by appending rc_parallel=no to your kernel
cmdline.
This commit provides the checkpath applet with feature parity to
systemd's tmpfiles.c create_item function.
Very similarly to the systemd function, it does NOT do any of the
cleanup work in this function.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
The old behaviour was to exit(EXIT_SUCCESS) in case the service has been stopped
already, even if further commands has been passed to the init script
(like zap, start).
So using for example /etc/init.d/foo stop zap start would abort immediately
after "stop" if the service has been stopped already. Though there may be cases
were we need it to proceed with the remaining commands, zap and start in this
case.
This patch fixes the behaviour to continue and proceed with the remaining
commands whenever necessary.
X-Gentoo-Bug: 371845
X-Gentoo-Bug-URL: https://bugs.gentoo.org/371845
During the sysinit and shutdown runlevels the logfile destination may be
read-only. Skip the error messages in this case.
X-Gentoo-Bug: 390645
X-Gentoo-Bug-URL: https://bugs.gentoo.org/390645
The logfile or its basedir may be read-only during shutdown because the
directory may be umounted or read-only remounted already. In this case we simply
skip this error.
This is related to a comment in bug 390645 but the initial bug is not fixed
through this commit.
X-Gentoo-Bug: 390645
X-Gentoo-Bug-URL: https://bugs.gentoo.org/390645
A variable used in the previous commit was actually removed in another
commit; that is why I didn't catch it.
Reported-by: Duncan < 1i5t5.duncan@cox.net>
X-Gentoo-Bug: 394369
X-Gentoo-Bug-URL: http://bugs.gentoo.org/show_bug.cgi?id=394369
The ewarn() function was affected by the EINFO_QUIET environment
variable which lead to warning messages being suppressed. Warnings
should not be suppressed.
Reported-by: Hanno Boeck <hanno@gentoo.org>
X-Gentoo-Bug: 380073
X-Gentoo-Bug-URL: http://bugs.gentoo.org/show_bug.cgi?id=380073
symbolic links should not be followed in an attempt to work out the name
of the service we are running. Also, @sysconfdir@/conf.d should be tried
as a backup directory for configuration files.
I would like to thank Robin Johnson for his input on this change.
X-Gentoo-Bug: 350910
X-Gentoo-Bug-URL: http://bugs.gentoo.org/show_bug.cgi?id=350910
As introduced in bug 372547 using service_get_value() in the init scripts
or using rc_service_value_get() directly will only return one line.
This patch fixes it by using the new rc_getfile() function, it returns even
multiple lines. We're still using a char *, so the lines will be appended
instead of added into new element.
X-Gentoo-Bug: 372547
X-Gentoo-Bug-URL: http://bugs.gentoo.org/372547
<snip>
Read the entire @file into the buffer and set @len to the
size of the buffer when finished. For C strings, this will
be strlen(buffer) + 1.
Don't forget to free the buffer afterwards!
</snip>
We also fix bug 374899 by adding this new function.
X-Gentoo-Bug: 374899
X-Gentoo-Bug-URL: http://bugs.gentoo.org/374899
OpenRC goes through the config and checks each option for duplicates.
Lets say we're on "rc_logger" currently and its the last option in the config
file and we previously defined rc_logger_path.
It now goes through all previous config options and compares those against the
current one "rc_logger" *but* it compares only the first N bytes, in this
case strlen("rc_logger"). So it strips the _path from "rc_logger_path" which
ends up into "rc_logger" and it compares that against the current one (also
"rc_logger"), it would then simply override the previous definition.
This patch fixes this behaviour to always compare the full option / variable
names.
Add "e" (O_CLOEXEC) to all fopen() calls.
Remove system() call and replace it by fopen() and friends.
This also fixes bug 368933
X-Gentoo-Bug: 368933
X-Gentoo-Bug-URL: https://bugs.gentoo.org/368933
Rather than listing explicit object files, ignore all of them in
the whole tree.
Also ignore patch/gdb related files throughout.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Since we always want debug.mk whenever we include cc.mk, move the include
out of the Makefiles and into cc.mk itself. This also fixes an include
order bug in rc/Makefile where debug.mk is included before cc.mk and
breaks the default CFLAGS setup in cc.mk.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
runscript will try to get the dir and basename of a file/link in case it
contains at least one slash. This patch gives a temporary copy of the path to
the dirname() function since dirname() can modify its argument.
If there were no extra commands, rc_service_extra_commands returned a
list containing a single empty string. This changes that to return an
empty list, which is more consistent with what you would expect.
X-Gentoo-Bug: 360013
X-Gentoo-Bug-URL: http://bugs.gentoo.org/show_bug.cgi?id=360013
This function was returning the setting of the variable $opts, which is
not correct. $opts was used in baselayout-1, but it is replaced by
$extra_commands and $extra_started_commands in openrc.
This does not appear to break backward compatibility since this function
does not appear to be used anywhere in the openrc code.
Thanks to James Le Cuirot for the original patch.
X-Gentoo-Bug: 360013
X-Gentoo-Bug-URL: http://bugs.gentoo.org/show_bug.cgi?id=360013
This reworks the implementation of the --applet option so that it is
processed in run_applets() and does not require two calls to the
getopts_long() function. It is based on code by Robin Johnson and Chris
Richards.
X-Gentoo-Bug: 351712
X-Gentoo-Bug-URL: http://bugs.gentoo.org/show_bug.cgi?id=351712
Parisc generates a few relocs against internal symbols which are OK.
X-Gentoo-Bug: 258913
X-Gentoo-Bug-URL: http://bugs.gentoo.org/258913
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
The target for the symlinks in ${SBINDIR} (the same directory as the rc
binary) was "rc". This is not correct; the target should be
${SBINDIR}/rc instead.
This allows error checking inside the included files instead of either
including the appropriate file or a blank file.
Also the blank file named .mk gets removed by this change.
The main makefile, init.d/Makefile and src/librc/Makefile all contain
several shell calls which can be handled as make conditionals. This
switches them to conditionals.
This reworks the shell calls in the makefiles to use immediate
evaluation and should improve parallel building.
X-Gentoo-Bug: 289264
X-Gentoo-Bug-URL: http://bugs.gentoo.org/show_bug.cgi?id=289264
Refactor rc_conf_value into librc for use in library context.
Also requires moving:
- rc_conf internal static
- Defines: PROFILE_ENV, SYS_WHITELIST, USR_WHITELIST, RC_PATH_PREFIX
moved to rc.h with new RC_ prefix added.
- Defines: RC_CONF, RC_CONF_OLD moved to rc.h.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>