[pkg-fetchmail-maint] Bug#752598: fetchmail: please run restorecon after creating directory from init script

Russell Coker russell at coker.com.au
Wed Jun 25 03:55:41 UTC 2014 

Package: fetchmail
Version: 6.3.26-1
Severity: normal
Tags: patch

When an init script creates a directory it needs to run restorecon to ensure
that the correct SE Linux context is used.  I have attached a patch to do this.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages fetchmail depends on:
ii  adduser           3.113+nmu3
ii  debianutils       4.4
ii  libc6             2.19-4
ii  libcomerr2        1.42.10-1
ii  libgssapi-krb5-2  1.12.1+dfsg-3
ii  libkrb5-3         1.12.1+dfsg-3
ii  libssl1.0.0       1.0.1h-3
ii  lsb-base          4.1+Debian13

Versions of packages fetchmail recommends:
ii  ca-certificates  20140325

Versions of packages fetchmail suggests:
pn  fetchmailconf                   <none>
ii  postfix [mail-transport-agent]  2.11.1-1
pn  resolvconf                      <none>

-- Configuration Files:
/etc/default/fetchmail changed:
START_DAEMON=yes

/etc/init.d/fetchmail changed:
set -e
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/bin/fetchmail
USER=fetchmail
OPTIONS=""
CONFFILE="/etc/fetchmailrc"
PIDFILE="/var/run/fetchmail/fetchmail.pid"
UIDL="/var/lib/fetchmail/.fetchmail-UIDL-cache"
START_DAEMON="no"
.. /lib/lsb/init-functions
if [ -r /etc/default/fetchmail ]; then
    . /etc/default/fetchmail
fi
OPTIONS="$OPTIONS -f $CONFFILE --pidfile $PIDFILE"
if [ ! "x$START_DAEMON" = "xyes" -a ! "$1" = "status" ]; then
	log_action_msg "Not starting fetchmail daemon, disabled via /etc/default/fetchmail"
	exit 0
fi
if [ ! -e $CONFFILE ]; then
    log_failure_msg "$CONFFILE not found."
    log_failure_msg "can not start fetchmail daemon... consider disabling the script"
    exit 6
fi
test -f $DAEMON || exit 0
if [ "$1" = "start" ]; then
    if [ ! -r $CONFFILE ] ; then
        log_failure_msg "$CONFFILE found but not readable."
        exit 0
    fi
fi
if ! id $USER >/dev/null 2>&1; then
	if [ "$USER" = "fetchmail" ]; then
		# The fetchmail user might have been removed when the fetchmail-common
		# package is purged. We have to re-add it here so the system-wide
		# daemon will run.
		adduser --system --ingroup nogroup --home /var/lib/fetchmail \
			--shell /bin/sh --disabled-password fetchmail >/dev/null 2>&1 || true
		# work around possible adduser bug, see #119366
		[ -d /var/lib/fetchmail ] || mkdir -p /var/lib/fetchmail
		chmod 700 /var/lib/fetchmail
		chown -h -R fetchmail:nogroup /var/lib/fetchmail
		[ -x /sbin/restorecon ] && /sbin/restorecon /var/lib/fetchmail
	else
		log_failure_msg "$0: $USER user does not exist!"
		exit 1
	fi
fi
if ! grep -qs '^[[:space:]]*set[[:space:]]\+daemon[[:space:]]' "$CONFFILE"; then
	# Make sure user did not use -d on /etc/default/fetchmail
	if ! grep -qs -e '^[[:space:]]*OPTIONS=.*-d[[:space:]]*[[:digit:]]\+' "/etc/default/fetchmail"; then
		OPTIONS="$OPTIONS -d 300"
	fi
fi
if ! grep -qs '^[[:space:]]*set[[:space:]]\+no[[:space:]]\+syslog' "$CONFFILE"; then
	OPTIONS="$OPTIONS --syslog"
fi
if [ "${PIDFILE%/*}" = "/var/run/fetchmail" ] && [ ! -d ${PIDFILE%/*} ] && [ "$1" != "status" ]; then
	mkdir /var/run/fetchmail
	chown -h $USER:nogroup /var/run/fetchmail
	chmod 700 /var/run/fetchmail
	[ -x /sbin/restorecon ] && /sbin/restorecon /var/run/fetchmail
fi
if [ -f $CONFFILE -a "`stat -c '%U %a' $CONFFILE 2>/dev/null`" != "$USER 600" ]; then
	chown -h $USER $CONFFILE
	chmod -f 0600 $CONFFILE
fi
case "$1" in
	start)
		if test -e $PIDFILE ; then
			pid=`cat $PIDFILE | sed -e 's/\s.*//'|head -n1`
			PIDDIR=/proc/$pid
		    if [ -d ${PIDDIR} -a  "$(readlink -f ${PIDDIR}/exe)" = "${DAEMON}" ]; then
				log_failure_msg "fetchmail already started; not starting."
				exit 0
			else
				log_warning_msg "Removing stale PID file $PIDFILE."
				rm -f $PIDFILE
			fi
		fi
	        log_begin_msg "Starting mail retriever agent:" "fetchmail"
		if start-stop-daemon -S -o -q -p $PIDFILE -x $DAEMON -u $USER -c $USER -- $OPTIONS; then
			log_end_msg 0
		else
			log_end_msg 1
			exit 1
		fi
		;;
	status)
		status_of_proc $DAEMON fetchmail -p $PIDFILE
		;;
	stop)
		if ! test -e $PIDFILE ; then
			log_failure_msg "Pidfile not found! Is fetchmail running?"
			exit 0
		fi
	        log_begin_msg "Stopping mail retriever agent:" "fetchmail"
		if start-stop-daemon -K -o -q -p $PIDFILE -x $DAEMON -u $USER; then
			log_end_msg 0
		else
			log_end_msg 1
			exit 1
		fi
		;;
	force-reload|restart)
	        log_begin_msg "Restarting mail retriever agent:" "fetchmail"
		if ! start-stop-daemon -K -o -q -p $PIDFILE -x $DAEMON -u $USER; then
			log_end_msg 1
			exit 1
		fi
		sleep 1
		if start-stop-daemon -S -q -p $PIDFILE -x $DAEMON -u $USER -c $USER -- $OPTIONS; then
			log_end_msg 0
		else
			log_end_msg 1
			exit 1
		fi
		;;
	try-restart)
		if test -e $PIDFILE ; then
			pid=`cat $PIDFILE | sed -e 's/\s.*//'|head -n1`
			PIDDIR=/proc/$pid
			if [ -d ${PIDDIR} -a  "$(readlink -f ${PIDDIR}/exe)" = "${DAEMON}" ]; then
				$0 restart
				exit 0
			fi
		fi
		test -f /etc/rc`/sbin/runlevel | cut -d' ' -f2`.d/S*fetchmail* && $0 start
		;;
	awaken)
	        log_begin_msg "Awakening mail retriever agent:" "fetchmail"
		if [ -s $PIDFILE ]; then
			start-stop-daemon -K -s 10 -q -p $PIDFILE -x $DAEMON
			log_end_msg 0
			exit 0
		else
			log_end_msg 1
			exit 1
		fi
		;;
	debug-run)
		echo "$0: Initiating debug run of system-wide fetchmail service..." 1>&2
		echo "$0: script will be run in debug mode, all output to forced to" 1>&2
		echo "$0: stdout. This is not enough to debug failures that only" 1>&2
		echo "$0: happen in daemon mode." 1>&2
		echo "$0: You might want to direct output to a file, and tail -f it." 1>&2
		if [ "$2" = "strace" ]; then
			echo "$0: (running debug mode under strace. See strace(1) for options)" 1>&2
			echo "$0: WARNING: strace output may contain security-sensitive info, such as" 1>&2
			echo "$0: passwords; please clobber them before sending the strace file to a" 1>&2
			echo "$0: public bug tracking system, such as Debian's." 1>&2
		fi
		echo "$0: Stopping the service..." 1>&2
		"$0" stop
		echo "$0: exit status of service stop was: $?"
		echo "$0: RUNUSER is $USER"
		echo "$0: OPTIONS would be $OPTIONS"
		echo "$0: Starting service in nodetach mode, hit ^C (SIGINT/intr) to finish run..." 1>&2
		if [ "$2" = "strace" ] ; then
			shift
			shift
			[ $# -ne 0 ] && echo "$0: (strace options are: -tt $@)" 1>&2
			su -s /bin/sh -c "/usr/bin/strace -tt $* $DAEMON $OPTIONS --nosyslog --nodetach -v -v" $USER <&- 2>&1
		else
			su -s /bin/sh -c "$DAEMON $OPTIONS --nosyslog --nodetach -v -v" $USER <&- 2>&1
		fi
		echo "$0: End of service run. Exit status was: $?"
		exit 0
		;;
	*)
		log_warning_msg "Usage: /etc/init.d/fetchmail {start|stop|restart|force-reload|awaken|debug-run}"
		log_warning_msg "  start - starts system-wide fetchmail service"
		log_warning_msg "  stop  - stops system-wide fetchmail service"
		log_warning_msg "  restart, force-reload - starts a new system-wide fetchmail service"
		log_warning_msg "  awaken - tell system-wide fetchmail to start a poll cycle immediately"
		log_warning_msg "  debug-run [strace [strace options...]] - start a debug run of the"
		log_warning_msg "    system-wide fetchmail service, optionally running it under strace"
		exit 1
		;;
esac
exit 0


-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diff
Type: text/x-diff
Size: 611 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-fetchmail-maint/attachments/20140625/286c95a5/attachment.diff>

More information about the pkg-fetchmail-maint mailing list