initscripts: restorecon after populate-volatile

populate-volatile.sh creates new directories in /var/volatile/ while booting, so we should restore the security contexts in it. Also touch /var/log/lastlog to set correct security contexts. populate-volatile.sh is imported for oe-core, and add these two lines at the end. touch /var/log/lastlog test ! -x /sbin/restorecon || /sbin/restorecon -R /var/volatile/ Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
author: Xin Ouyang <Xin.Ouyang@windriver.com> 2012-09-11 15:34:24 +0800
committer: Xin Ouyang <Xin.Ouyang@windriver.com> 2012-10-18 11:07:44 +0800
commit: 0674df16fbee26d269af0552eb11a5110f43b40f (patch)
tree: 65696b90bbd006ea5dd6607a270900e967d393fb
parent: 154da76033edc352fb7848d827c51b8f592250f8 (diff)
download: meta-selinux-0674df16fbee26d269af0552eb11a5110f43b40f.tar.gz
2 files changed, 205 insertions, 0 deletions
diff --git a/recipes-core/initscripts/files/populate-volatile.sh b/recipes-core/initscripts/files/populate-volatile.sh
new file mode 100755
index 0000000..6931b37
--- /dev/null
+++ b/recipes-core/initscripts/files/populate-volatile.sh
@@ -0,0 +1,202 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:             volatile
+# Required-Start:       $local_fs
+# Required-Stop:      $local_fs
+# Default-Start:        S
+# Default-Stop:
+# Short-Description:  Populate the volatile filesystem
+### END INIT INFO
+. /etc/default/rcS
+CFGDIR="/etc/default/volatiles"
+TMPROOT="/var/tmp"
+COREDEF="00_core"
+[ "${VERBOSE}" != "no" ] && echo "Populating volatile Filesystems."
+create_file() {
+        EXEC=" 
+        touch \"$1\"; 
+        chown ${TUSER}.${TGROUP} $1 || echo \"Failed to set owner -${TUSER}- for -$1-.\" >/dev/tty0 2>&1; 
+        chmod ${TMODE} $1 || echo \"Failed to set mode -${TMODE}- for -$1-.\" >/dev/tty0 2>&1 " 
+        test "$VOLATILE_ENABLE_CACHE" = yes && echo "$EXEC" >> /etc/volatile.cache.build
+        [ -e "$1" ] && {
+          [ "${VERBOSE}" != "no" ] && echo "Target already exists. Skipping."
+        } || {
+          eval $EXEC &
+        }
+}
+mk_dir() {
+        EXEC=" 
+        mkdir -p \"$1\"; 
+        chown ${TUSER}.${TGROUP} $1 || echo \"Failed to set owner -${TUSER}- for -$1-.\" >/dev/tty0 2>&1; 
+        chmod ${TMODE} $1 || echo \"Failed to set mode -${TMODE}- for -$1-.\" >/dev/tty0 2>&1 "
+        test "$VOLATILE_ENABLE_CACHE" = yes && echo "$EXEC" >> /etc/volatile.cache.build
+        
+        [ -e "$1" ] && {
+          [ "${VERBOSE}" != "no" ] && echo "Target already exists. Skipping."
+        } || {
+          eval $EXEC
+        }
+}
+link_file() {
+        EXEC="test -e \"$2\" -o -L $2 || ln -s \"$1\" \"$2\" >/dev/tty0 2>&1" 
+        test "$VOLATILE_ENABLE_CACHE" = yes && echo "   $EXEC" >> /etc/volatile.cache.build
+        
+        [ -e "$2" ] && {
+          echo "Cannot create link over existing -${TNAME}-." >&2
+        } || {
+          eval $EXEC &
+        }
+}
+check_requirements() {
+  cleanup() {
+    rm "${TMP_INTERMED}"
+    rm "${TMP_DEFINED}"
+    rm "${TMP_COMBINED}"
+    }
+    
+  CFGFILE="$1"
+  [ `basename "${CFGFILE}"` = "${COREDEF}" ] && return 0
+  TMP_INTERMED="${TMPROOT}/tmp.$$"
+  TMP_DEFINED="${TMPROOT}/tmpdefined.$$"
+  TMP_COMBINED="${TMPROOT}/tmpcombined.$$"
+  cat /etc/passwd | sed 's@\(^:\)*:.*@\1@' | sort | uniq > "${TMP_DEFINED}"
+  cat ${CFGFILE} | grep -v "^#" | cut -d " " -f 2 > "${TMP_INTERMED}"
+  cat "${TMP_DEFINED}" "${TMP_INTERMED}" | sort | uniq > "${TMP_COMBINED}"
+  NR_DEFINED_USERS="`cat "${TMP_DEFINED}" | wc -l`"
+  NR_COMBINED_USERS="`cat "${TMP_COMBINED}" | wc -l`"
+  [ "${NR_DEFINED_USERS}" -ne "${NR_COMBINED_USERS}" ] && {
+    echo "Undefined users:"
+    diff "${TMP_DEFINED}" "${TMP_COMBINED}" | grep "^>"
+    cleanup
+    return 1
+    }
+  cat /etc/group | sed 's@\(^:\)*:.*@\1@' | sort | uniq > "${TMP_DEFINED}"
+  cat ${CFGFILE} | grep -v "^#" | cut -d " " -f 3 > "${TMP_INTERMED}"
+  cat "${TMP_DEFINED}" "${TMP_INTERMED}" | sort | uniq > "${TMP_COMBINED}"
+  NR_DEFINED_GROUPS="`cat "${TMP_DEFINED}" | wc -l`"
+  NR_COMBINED_GROUPS="`cat "${TMP_COMBINED}" | wc -l`"
+  [ "${NR_DEFINED_GROUPS}" -ne "${NR_COMBINED_GROUPS}" ] && {
+    echo "Undefined groups:"
+    diff "${TMP_DEFINED}" "${TMP_COMBINED}" | grep "^>"
+    cleanup
+    return 1
+    }
+  # Add checks for required directories here
+  cleanup
+  return 0
+  }
+apply_cfgfile() {
+  CFGFILE="$1"
+  check_requirements "${CFGFILE}" || {
+    echo "Skipping ${CFGFILE}"
+    return 1
+    }
+  cat ${CFGFILE} | grep -v "^#" | \
+  while read LINE; do
+    eval `echo "$LINE" | sed -n "s/\(.*\)\ \(.*\) \(.*\)\ \(.*\)\ \(.*\)\ \(.*\)/TTYPE=\1 ; TUSER=\2; TGROUP=\3; TMODE=\4; TNAME=\5 TLTARGET=\6/p"`
+    [ "${VERBOSE}" != "no" ] && echo "Checking for -${TNAME}-."
+    [ "${TTYPE}" = "l" ] && {
+      TSOURCE="$TLTARGET"
+      [ -L "${TNAME}" ] || {
+        [ "${VERBOSE}" != "no" ] && echo "Creating link -${TNAME}- pointing to -${TSOURCE}-."
+        link_file "${TSOURCE}" "${TNAME}" &
+        }
+      continue
+      }
+    [ -L "${TNAME}" ] && {
+      [ "${VERBOSE}" != "no" ] && echo "Found link."
+      NEWNAME=`ls -l "${TNAME}" | sed -e 's/^.*-> \(.*\)$/\1/'`
+      echo ${NEWNAME} | grep -v "^/" >/dev/null && {
+        TNAME="`echo ${TNAME} | sed -e 's@\(.*\)/.*@\1@'`/${NEWNAME}"
+        [ "${VERBOSE}" != "no" ] && echo "Converted relative linktarget to absolute path -${TNAME}-."
+        } || {
+        TNAME="${NEWNAME}"
+        [ "${VERBOSE}" != "no" ] && echo "Using absolute link target -${TNAME}-."
+        }
+      }
+    case "${TTYPE}" in
+      "f")  [ "${VERBOSE}" != "no" ] && echo "Creating file -${TNAME}-."
+            create_file "${TNAME}" &
+            ;;
+      "d")  [ "${VERBOSE}" != "no" ] && echo "Creating directory -${TNAME}-."
+            mk_dir "${TNAME}"
+            # Add check to see if there's an entry in fstab to mount.
+            ;;
+      *)    [ "${VERBOSE}" != "no" ] && echo "Invalid type -${TTYPE}-."
+            continue
+            ;;
+    esac
+    done
+  return 0
+  }
+clearcache=0
+exec 9</proc/cmdline
+while read line <&9
+do
+        case "$line" in
+                *clearcache*)  clearcache=1
+                               ;;
+                *)             continue
+                               ;;
+        esac
+done
+exec 9>&-
+if test -e /etc/volatile.cache -a "$VOLATILE_ENABLE_CACHE" = "yes" -a "x$1" != "xupdate" -a "x$clearcache" = "x0"
+then
+        sh /etc/volatile.cache
+else    
+        rm -f /etc/volatile.cache /etc/volatile.cache.build
+        for file in `ls -1 "${CFGDIR}" | sort`; do
+                apply_cfgfile "${CFGDIR}/${file}"
+        done
+        [ -e /etc/volatile.cache.build ] && sync && mv /etc/volatile.cache.build /etc/volatile.cache
+fi
+if test -f /etc/ld.so.cache -a ! -f /var/run/ld.so.cache
+then
+        ln -s /etc/ld.so.cache /var/run/ld.so.cache
+fi
+touch /var/log/lastlog
+test ! -x /sbin/restorecon || /sbin/restorecon -R /var/volatile/
diff --git a/recipes-core/initscripts/initscripts_1.0.bbappend b/recipes-core/initscripts/initscripts_1.0.bbappend
new file mode 100644
index 0000000..fd0bc32
--- /dev/null
+++ b/recipes-core/initscripts/initscripts_1.0.bbappend
@@ -0,0 +1,3 @@
+PR .= ".1"
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
author	Xin Ouyang <Xin.Ouyang@windriver.com>	2012-09-11 15:34:24 +0800
committer	Xin Ouyang <Xin.Ouyang@windriver.com>	2012-10-18 11:07:44 +0800
commit	0674df16fbee26d269af0552eb11a5110f43b40f (patch)
tree	65696b90bbd006ea5dd6607a270900e967d393fb
parent	154da76033edc352fb7848d827c51b8f592250f8 (diff)
download	meta-selinux-0674df16fbee26d269af0552eb11a5110f43b40f.tar.gz

diff --git a/recipes-core/initscripts/files/populate-volatile.sh b/recipes-core/initscripts/files/populate-volatile.sh new file mode 100755 index 0000000..6931b37 --- /dev/null +++ b/recipes-core/initscripts/files/populate-volatile.sh
@@ -0,0 +1,202 @@
	1	#!/bin/sh
	2	### BEGIN INIT INFO
	3	# Provides: volatile
	4	# Required-Start: $local_fs
	5	# Required-Stop: $local_fs
	6	# Default-Start: S
	7	# Default-Stop:
	8	# Short-Description: Populate the volatile filesystem
	9	### END INIT INFO
	10
	11	. /etc/default/rcS
	12
	13	CFGDIR="/etc/default/volatiles"
	14	TMPROOT="/var/tmp"
	15	COREDEF="00_core"
	16
	17	[ "${VERBOSE}" != "no" ] && echo "Populating volatile Filesystems."
	18
	19	create_file() {
	20	EXEC="
	21	touch \"$1\";
	22	chown ${TUSER}.${TGROUP} $1 \|\| echo \"Failed to set owner -${TUSER}- for -$1-.\" >/dev/tty0 2>&1;
	23	chmod ${TMODE} $1 \|\| echo \"Failed to set mode -${TMODE}- for -$1-.\" >/dev/tty0 2>&1 "
	24
	25	test "$VOLATILE_ENABLE_CACHE" = yes && echo "$EXEC" >> /etc/volatile.cache.build
	26
	27	[ -e "$1" ] && {
	28	[ "${VERBOSE}" != "no" ] && echo "Target already exists. Skipping."
	29	} \|\| {
	30	eval $EXEC &
	31	}
	32	}
	33
	34	mk_dir() {
	35	EXEC="
	36	mkdir -p \"$1\";
	37	chown ${TUSER}.${TGROUP} $1 \|\| echo \"Failed to set owner -${TUSER}- for -$1-.\" >/dev/tty0 2>&1;
	38	chmod ${TMODE} $1 \|\| echo \"Failed to set mode -${TMODE}- for -$1-.\" >/dev/tty0 2>&1 "
	39
	40	test "$VOLATILE_ENABLE_CACHE" = yes && echo "$EXEC" >> /etc/volatile.cache.build
	41
	42	[ -e "$1" ] && {
	43	[ "${VERBOSE}" != "no" ] && echo "Target already exists. Skipping."
	44	} \|\| {
	45	eval $EXEC
	46	}
	47	}
	48
	49	link_file() {
	50	EXEC="test -e \"$2\" -o -L $2 \|\| ln -s \"$1\" \"$2\" >/dev/tty0 2>&1"
	51
	52	test "$VOLATILE_ENABLE_CACHE" = yes && echo " $EXEC" >> /etc/volatile.cache.build
	53
	54	[ -e "$2" ] && {
	55	echo "Cannot create link over existing -${TNAME}-." >&2
	56	} \|\| {
	57	eval $EXEC &
	58	}
	59	}
	60
	61	check_requirements() {
	62
	63	cleanup() {
	64	rm "${TMP_INTERMED}"
	65	rm "${TMP_DEFINED}"
	66	rm "${TMP_COMBINED}"
	67	}
	68
	69	CFGFILE="$1"
	70
	71	[ `basename "${CFGFILE}"` = "${COREDEF}" ] && return 0
	72
	73	TMP_INTERMED="${TMPROOT}/tmp.$$"
	74	TMP_DEFINED="${TMPROOT}/tmpdefined.$$"
	75	TMP_COMBINED="${TMPROOT}/tmpcombined.$$"
	76
	77
	78	cat /etc/passwd \| sed 's@\(^:\):.@\1@' \| sort \| uniq > "${TMP_DEFINED}"
	79	cat ${CFGFILE} \| grep -v "^#" \| cut -d " " -f 2 > "${TMP_INTERMED}"
	80	cat "${TMP_DEFINED}" "${TMP_INTERMED}" \| sort \| uniq > "${TMP_COMBINED}"
	81
	82	NR_DEFINED_USERS="`cat "${TMP_DEFINED}" \| wc -l`"
	83	NR_COMBINED_USERS="`cat "${TMP_COMBINED}" \| wc -l`"
	84
	85	[ "${NR_DEFINED_USERS}" -ne "${NR_COMBINED_USERS}" ] && {
	86	echo "Undefined users:"
	87	diff "${TMP_DEFINED}" "${TMP_COMBINED}" \| grep "^>"
	88	cleanup
	89	return 1
	90	}
	91
	92
	93	cat /etc/group \| sed 's@\(^:\):.@\1@' \| sort \| uniq > "${TMP_DEFINED}"
	94	cat ${CFGFILE} \| grep -v "^#" \| cut -d " " -f 3 > "${TMP_INTERMED}"
	95	cat "${TMP_DEFINED}" "${TMP_INTERMED}" \| sort \| uniq > "${TMP_COMBINED}"
	96
	97	NR_DEFINED_GROUPS="`cat "${TMP_DEFINED}" \| wc -l`"
	98	NR_COMBINED_GROUPS="`cat "${TMP_COMBINED}" \| wc -l`"
	99
	100	[ "${NR_DEFINED_GROUPS}" -ne "${NR_COMBINED_GROUPS}" ] && {
	101	echo "Undefined groups:"
	102	diff "${TMP_DEFINED}" "${TMP_COMBINED}" \| grep "^>"
	103	cleanup
	104	return 1
	105	}
	106
	107	# Add checks for required directories here
	108
	109	cleanup
	110	return 0
	111	}
	112
	113	apply_cfgfile() {
	114
	115	CFGFILE="$1"
	116
	117	check_requirements "${CFGFILE}" \|\| {
	118	echo "Skipping ${CFGFILE}"
	119	return 1
	120	}
	121
	122	cat ${CFGFILE} \| grep -v "^#" \| \
	123	while read LINE; do
	124
	125	eval `echo "$LINE" \| sed -n "s/\(.\)\ \(.\) \(.\)\ \(.\)\ \(.\)\ \(.\)/TTYPE=\1 ; TUSER=\2; TGROUP=\3; TMODE=\4; TNAME=\5 TLTARGET=\6/p"`
	126
	127	[ "${VERBOSE}" != "no" ] && echo "Checking for -${TNAME}-."
	128
	129
	130	[ "${TTYPE}" = "l" ] && {
	131	TSOURCE="$TLTARGET"
	132	[ -L "${TNAME}" ] \|\| {
	133	[ "${VERBOSE}" != "no" ] && echo "Creating link -${TNAME}- pointing to -${TSOURCE}-."
	134	link_file "${TSOURCE}" "${TNAME}" &
	135	}
	136	continue
	137	}
	138
	139	[ -L "${TNAME}" ] && {
	140	[ "${VERBOSE}" != "no" ] && echo "Found link."
	141	NEWNAME=`ls -l "${TNAME}" \| sed -e 's/^.-> \(.\)$/\1/'`
	142	echo ${NEWNAME} \| grep -v "^/" >/dev/null && {
	143	TNAME="`echo ${TNAME} \| sed -e 's@\(.\)/.@\1@'`/${NEWNAME}"
	144	[ "${VERBOSE}" != "no" ] && echo "Converted relative linktarget to absolute path -${TNAME}-."
	145	} \|\| {
	146	TNAME="${NEWNAME}"
	147	[ "${VERBOSE}" != "no" ] && echo "Using absolute link target -${TNAME}-."
	148	}
	149	}
	150
	151	case "${TTYPE}" in
	152	"f") [ "${VERBOSE}" != "no" ] && echo "Creating file -${TNAME}-."
	153	create_file "${TNAME}" &
	154	;;
	155	"d") [ "${VERBOSE}" != "no" ] && echo "Creating directory -${TNAME}-."
	156	mk_dir "${TNAME}"
	157	# Add check to see if there's an entry in fstab to mount.
	158	;;
	159	*) [ "${VERBOSE}" != "no" ] && echo "Invalid type -${TTYPE}-."
	160	continue
	161	;;
	162	esac
	163
	164
	165	done
	166
	167	return 0
	168
	169	}
	170
	171	clearcache=0
	172	exec 9</proc/cmdline
	173	while read line <&9
	174	do
	175	case "$line" in
	176	clearcache) clearcache=1
	177	;;
	178	*) continue
	179	;;
	180	esac
	181	done
	182	exec 9>&-
	183
	184	if test -e /etc/volatile.cache -a "$VOLATILE_ENABLE_CACHE" = "yes" -a "x$1" != "xupdate" -a "x$clearcache" = "x0"
	185	then
	186	sh /etc/volatile.cache
	187	else
	188	rm -f /etc/volatile.cache /etc/volatile.cache.build
	189	for file in `ls -1 "${CFGDIR}" \| sort`; do
	190	apply_cfgfile "${CFGDIR}/${file}"
	191	done
	192
	193	[ -e /etc/volatile.cache.build ] && sync && mv /etc/volatile.cache.build /etc/volatile.cache
	194	fi
	195
	196	if test -f /etc/ld.so.cache -a ! -f /var/run/ld.so.cache
	197	then
	198	ln -s /etc/ld.so.cache /var/run/ld.so.cache
	199	fi
	200
	201	touch /var/log/lastlog
	202	test ! -x /sbin/restorecon \|\| /sbin/restorecon -R /var/volatile/


diff --git a/recipes-core/initscripts/initscripts_1.0.bbappend b/recipes-core/initscripts/initscripts_1.0.bbappend new file mode 100644 index 0000000..fd0bc32 --- /dev/null +++ b/recipes-core/initscripts/initscripts_1.0.bbappend
@@ -0,0 +1,3 @@
	1	PR .= ".1"
	2
	3	FILESEXTRAPATHS_prepend := "${THISDIR}/files:"