[Pkg-sysvinit-commits] r559 - in sysvinit/trunk/debian: .
initscripts/etc/init.d
Thomas Hood
jdthood-guest at costa.debian.org
Tue Jan 10 08:43:53 UTC 2006
Author: jdthood-guest
Date: 2006-01-10 08:43:52 +0000 (Tue, 10 Jan 2006)
New Revision: 559
Modified:
sysvinit/trunk/debian/changelog
sysvinit/trunk/debian/initscripts/etc/init.d/bootclean.sh
Log:
Rework bootclean.sh so that it handles and provides return statuses
Modified: sysvinit/trunk/debian/changelog
===================================================================
--- sysvinit/trunk/debian/changelog 2006-01-09 22:15:15 UTC (rev 558)
+++ sysvinit/trunk/debian/changelog 2006-01-10 08:43:52 UTC (rev 559)
@@ -1,8 +1,10 @@
-sysvinit (2.86.ds1-10~3) unstable; urgency=low
+sysvinit (2.86.ds1-10~4) unstable; urgency=low
[ Thomas Hood ]
* rcS(5): Reword
- * bootclean.sh: Restructure and eliminate some uses of subshell
+ * bootclean.sh: Handle return status and messages more carefully;
+ print diagnostic messages on failures; eliminate some subshells;
+ add comments
-- Thomas Hood <jdthood at yahoo.co.uk> Mon, 9 Jan 2006 14:16:02 +0100
Modified: sysvinit/trunk/debian/initscripts/etc/init.d/bootclean.sh
===================================================================
--- sysvinit/trunk/debian/initscripts/etc/init.d/bootclean.sh 2006-01-09 22:15:15 UTC (rev 558)
+++ sysvinit/trunk/debian/initscripts/etc/init.d/bootclean.sh 2006-01-10 08:43:52 UTC (rev 559)
@@ -3,38 +3,42 @@
#
# Functions to clean /tmp, /var/run and /var/lock
#
-# Environment variables should be set by the caller.
-# /lib/lsb/init-functions must be sourced by the caller
+# Environment variables must be set by the caller.
+# /lib/lsb/init-functions must be sourced by the caller.
+# DO NOT RUN THESE FUNCTIONS AFTER S:55bootmisc.sh!
+# Should be called outside verbose message block
clean_mkflagfile()
{
+ # Prevent symlink attack (See #264234.)
[ -L "$1" ] && log_warning_msg "bootclean.sh: Deleting symbolic link '$1'."
- rm -f "$1"
- # If this is run after bootup then an attacker can create a symlink here
- # so for extra safety, use noclobber. (See #264234.)
+ rm -f "$1" || { log_failure_msg "bootclean.sh: Failure deleting '$1'." ; return 1 ; }
+ # No user processes should be running, so no one should be able to introduce
+ # a symlink here. Just to be sure, set noclobber.
set -o noclobber
- :> "$1"
+ :> "$1" || { log_failure_msg "bootclean.sh: Failure creating '$1'." ; return 1 ; }
+ return 0
}
-cleantmp() {
- if [ -z "$TMPTIME" ]
+clean_tmp() {
+ cd /tmp || { log_failure_msg "bootclean.sh: Could not cd to /tmp." ; return 1 ; }
+
+ if [ ! "$TMPTIME" ]
then
- log_warning_msg "Defaulting to TMPTIME=0."
+ log_warning_msg "Using default TMPTIME 0."
TMPTIME=0
fi
# Don't clean /tmp if TMPTIME < 0 or "infinite"
case "$TMPTIME" in
-*|infinite|infinity)
- return
+ return 0
;;
esac
# Wipe /tmp, but exclude system files.
# Note that files _in_ lost+found _are_ deleted.
#
- [ "$VERBOSE" != no ] && log_action_begin_msg "Cleaning /tmp"
- #
# If $TMPTIME is set to 0, we do not use any ctime expression
# at all, so we can also delete files with timestamps
# in the future!
@@ -48,12 +52,6 @@
DEXPR="-mtime +$TMPTIME -ctime +$TMPTIME"
fi
- clean_mkflagfile /tmp/.clean
-
- #
- # Only clean out /tmp if it is world-writable. This ensures
- # it really is a/the temp directory we're cleaning.
- #
EXCEPT='! -name .
! ( -path ./lost+found -uid 0 )
! ( -path ./quota.user -uid 0 )
@@ -64,45 +62,84 @@
! ( -path ./.clean -uid 0 )
! ( -path './...security*' -uid 0 )'
- if cd /tmp && [ "$(find . -maxdepth 0 -perm -002)" = "." ]
- then
- # First remove all old files...
- # (Use xargs here so that only one additional process gets created)
- find . -depth -xdev $TEXPR $EXCEPT ! -type d \
- -print0 | xargs -0r rm -f --
- # ...and then all empty directories
- find . -depth -xdev $DEXPR $EXCEPT -type d -empty \
- -print0 | xargs -0r rmdir --ignore-fail-on-non-empty --
- rm -f .X*-lock
- fi
+ #
+ # Only clean out /tmp if it is world-writable. This ensures
+ # it really is a/the temp directory we're cleaning.
+ #
+ [ "$(find . -maxdepth 0 -perm -002)" = "." ] || return 0
+
+ clean_mkflagfile /tmp/.clean || return 1
+
+ [ "$VERBOSE" != no ] && log_action_begin_msg "Cleaning /tmp"
+ report_err()
+ {
+ if [ "$VERBOSE" != no ]
+ then
+ log_action_end_msg 1 "bootclean.sh: Failure cleaning /tmp"
+ else
+ log_failure_msg "bootclean.sh: Failure cleaning /tmp."
+ fi
+ }
+ # First remove all old files...
+ # (Use xargs here so that only one additional process gets created)
+ find . -depth -xdev $TEXPR $EXCEPT ! -type d \
+ -print0 | xargs -0r rm -f -- \
+ || { report_err ; return 1 ; }
+ # ...and then all empty directories
+ find . -depth -xdev $DEXPR $EXCEPT -type d -empty \
+ -print0 | xargs -0r rmdir --ignore-fail-on-non-empty -- \
+ || { report_err ; return 1 ; }
+ rm -f .X*-lock \
+ || { report_err ; return 1 ; }
[ "$VERBOSE" != no ] && log_action_end_msg 0
+ return 0
}
-cleanlock() {
- #
- # Clean up any stale locks.
- #
+clean_lock() {
+ cd /var/lock || { log_failure_msg "bootclean.sh: Could not cd to /var/lock." ; return 1 ; }
+
[ "$VERBOSE" != no ] && log_action_begin_msg "Cleaning /var/lock"
- cd /var/lock && find . ! -type d \
- -print0 | xargs -0r rm -f --
- clean_mkflagfile /var/lock/.clean
+ report_err()
+ {
+ if [ "$VERBOSE" != no ]
+ then
+ log_action_end_msg 1 "bootclean.sh: Failure cleaning /var/lock"
+ else
+ log_failure_msg "bootclean.sh: Failure cleaning /var/lock."
+ fi
+ }
+ find . ! -type d \
+ -print0 | xargs -0r rm -f -- \
+ || { report_err ; return 1 ; }
[ "$VERBOSE" != no ] && log_action_end_msg 0
+ clean_mkflagfile /var/lock/.clean || return 1
+ return 0
}
-cleanrun() {
- #
- # Clean up /var/run.
- #
+clean_run() {
+ cd /var/run || { log_action_end_msg 1 "bootclean.sh: Could not cd to /var/run." ; return 1 ; }
+
[ "$VERBOSE" != no ] && log_action_begin_msg "Cleaning /var/run"
- cd /var/run && find . ! -xtype d ! -name utmp ! -name innd.pid \
- -print0 | xargs -0r rm -f --
- clean_mkflagfile /var/run/.clean
+ report_err()
+ {
+ if [ "$VERBOSE" != no ]
+ then
+ log_action_end_msg 1 "bootclean.sh: Failure cleaning /var/run"
+ else
+ log_failure_msg "bootclean.sh: Failure cleaning /var/run."
+ fi
+ }
+ find . ! -xtype d ! -name utmp ! -name innd.pid \
+ -print0 | xargs -0r rm -f -- \
+ || { report_err ; return 1 ; }
[ "$VERBOSE" != no ] && log_action_end_msg 0
+ clean_mkflagfile /var/run/.clean || return 1
+ return 0
}
bootclean() {
- which find >/dev/null 2>&1 || return 0
- which xargs >/dev/null 2>&1 || return 0
+ which find >/dev/null 2>&1 || return 1
+ which xargs >/dev/null 2>&1 || return 1
# If there are flag files that have not been created by root
# then remove them
@@ -113,18 +150,25 @@
which stat >/dev/null 2>&1 && cleanuid="$(stat -c %u $cleandir/.clean)"
# Poor's man stat %u, since stat (and /usr) might not be
# available in some bootup stages
- [ -z "$cleanuid" ] && cleanuid="$(find $cleandir/.clean -printf %U)"
- [ "$cleanuid" -ne 0 ] && rm -f $cleandir/.clean
+ [ "$cleanuid" ] || cleanuid="$(find $cleandir/.clean -printf %U)"
+ [ "$cleanuid" ] || { log_failure_msg "bootclean.sh: Could not stat '$cleandir/.clean'." ; return 1 ; }
+ if [ "$cleanuid" -ne 0 ]
+ then
+ rm -f $cleandir/.clean || { log_failure_msg "bootclean.sh: Could not delete '$cleandir/.clean'." ; return 1 ; }
+ fi
fi
done
[ -f /tmp/.clean ] && [ -f /var/run/.clean ] && [ -f /var/lock/.clean ] && return 0
- # Run in subshell in order to restore pwd and noclobber setting
+ # Run in subshell in order to restore environment before returning
(
- [ -d /tmp ] && ! [ -f /tmp/.clean ] && cleantmp
- [ -d /var/run ] && ! [ -f /var/run/.clean ] && cleanrun
- [ -d /var/lock ] && ! [ -f /var/lock/.clean ] && cleanlock
- )
+ ES=0
+ [ -d /tmp ] && ! [ -f /tmp/.clean ] && { clean_tmp || ES=1 ; }
+ [ -d /var/run ] && ! [ -f /var/run/.clean ] && { clean_run || ES=1 ; }
+ [ -d /var/lock ] && ! [ -f /var/lock/.clean ] && { clean_lock || ES=1 ; }
+ exit $ES # from subshell
+ ) || return 1
+ return 0
}
More information about the Pkg-sysvinit-commits
mailing list