diff options
| author |   Michael Orlitzky <mjo@gentoo.org> | 2017-07-18 19:07:19 -0400 |
|---|---|---|
| committer | Michael Orlitzky <mjo@gentoo.org> | 2017-07-18 19:09:38 -0400 |
| commit | dcb995f7f08b66528487fe4e0a16a16bda502572 (patch) | |
| tree | 4960c30f251b7c871ba98fb9cd1f45fbfab92bcd /net-irc/quassel/files | |
| parent | virtualbox packages: Removed old. (diff) | |
| download | gentoo-dcb995f7f08b66528487fe4e0a16a16bda502572.tar.gz gentoo-dcb995f7f08b66528487fe4e0a16a16bda502572.tar.bz2 gentoo-dcb995f7f08b66528487fe4e0a16a16bda502572.zip | |
net-irc/quassel: new init script revision to prevent privilege escalation.
This commits adds two new files,
* quasselcore.init-r1
* quasselcore.conf-r1
that are as yet unused. The init script has been entirely rewritten to
use modern features of OpenRC, and uses the default start/stop
implementations, so it is greatly simplified.
To avoid the "chown" problem in bug 603414, the new init script and
conf file do not allow changing the quassel user on the fly. Instead,
the "quassel" user created by the ebuild is used unconditionally. As a
result, there is no need to fix permissions when the daemon is
started, and thus no need to change ownership of anything. A further
permissions-related simplification logs to syslog instead of a file by
default. Since the daemon runs as a restricted user, that avoids
another set of permissions (on the log file) that would need to be
mangled.
Gentoo-Bug: 423145
Gentoo-Bug: 603414
Package-Manager: Portage-2.3.6, Repoman-2.3.1
Diffstat (limited to 'net-irc/quassel/files')
| -rw-r--r-- | net-irc/quassel/files/quasselcore.conf-r1 | 11 | ||||
| -rw-r--r-- | net-irc/quassel/files/quasselcore.init-r1 | 22 |
2 files changed, 33 insertions, 0 deletions
diff --git a/net-irc/quassel/files/quasselcore.conf-r1 b/net-irc/quassel/files/quasselcore.conf-r1 new file mode 100644 index 000000000000..29e14467a8f3 --- /dev/null +++ b/net-irc/quassel/files/quasselcore.conf-r1 @@ -0,0 +1,11 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Loglevel Debug|Info|Warning|Error. Default is: Info +#LOGLEVEL="Info" + +# The address(es) quasselcore will listen on. Default is 0.0.0.0 +#LISTEN="0.0.0.0" + +# The port quasselcore will listen at. Default is: 4242 +#PORT="4242" diff --git a/net-irc/quassel/files/quasselcore.init-r1 b/net-irc/quassel/files/quasselcore.init-r1 new file mode 100644 index 000000000000..5976235aafa4 --- /dev/null +++ b/net-irc/quassel/files/quasselcore.init-r1 @@ -0,0 +1,22 @@ +#!/sbin/openrc-run +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + after logger postgres +} + +LISTEN=${LISTEN:-"0.0.0.0"} +LOGLEVEL=${LOGLEVEL:-"Info"} +PORT=${PORT:="4242"} + +command="/usr/bin/quasselcore" +command_args="--configdir=/var/lib/quassel + --listen=${LISTEN} + --loglevel=${LOGLEVEL} + --port=${PORT} + --syslog" +command_background="yes" +command_user="quassel" +description="Quassel Core" +pidfile="/run/quassel.pid" |