sipwise
/
rtpengine
mirror of https://github.com/sipwise/rtpengine.git
1
0
Fork 0
Code Issues Releases Wiki Activity

TT#13000 add init.d setuid/setgid capability

Browse Source 
refuse startup when pid file cannot be written

Change-Id: I755dd6fef6cf468b1f96608ab8f804c4c5144ace
changes/27/12027/8
Richard Fuchs 9 years ago
parent 9a5cba48f2
commit 76ba5872fd
5 changed files with 82 additions and 7 deletions
Show Stats Download Patch File Download Diff File

2
debian/ngcp-rtpengine-daemon.default vendored
Unescape View File

@ -3,3 +3,5 @@ CONFIG_FILE=/etc/rtpengine/rtpengine.conf
# CONFIG_SECTION=rtpengine # CONFIG_SECTION=rtpengine
PIDFILE=/var/run/ngcp-rtpengine-daemon.pid PIDFILE=/var/run/ngcp-rtpengine-daemon.pid
TABLE=0 TABLE=0
#SET_USER=root
#SET_GROUP=root # GROUP only needs to be set if USER is not set or if the user isn't in the group

38
debian/ngcp-rtpengine-daemon.init vendored
Unescape View File

@ -37,6 +37,8 @@ set -e
. /lib/lsb/init-functions . /lib/lsb/init-functions
OPTIONS="" OPTIONS=""
START_OPTIONS=""
MODPROBE_OPTIONS=""
if [ ! -z "$INTERFACES" ]; then if [ ! -z "$INTERFACES" ]; then
for interface in $INTERFACES; do for interface in $INTERFACES; do
@ -111,6 +113,37 @@ if test "$LOG_STDERR" = "yes" ; then
OPTIONS="$OPTIONS --log-stderr" OPTIONS="$OPTIONS --log-stderr"
fi fi
# check if directory for pid file needs to be created
PIDDIR=$(dirname "$PIDFILE")
DO_DIR_CHOWN=0
if ! test -z "$PIDDIR" && ! test -d "$PIDDIR"; then
mkdir -p "$PIDDIR"
DO_DIR_CHOWN=1
fi
# handle requested setuid/setgid
if ! test -z "$SET_USER"; then
START_OPTIONS="$START_OPTIONS --chuid $SET_USER"
UID=$(id -u "$SET_USER" 2> /dev/null)
test -z "$UID" || MODPROBE_OPTIONS="$MODPROBE_OPTIONS proc_uid=$UID"
if test -z "$SET_GROUP"; then
GID=$(id -g "$SET_USER" 2> /dev/null)
test -z "$GID" || MODPROBE_OPTIONS="$MODPROBE_OPTIONS proc_gid=$GID"
fi
test "$DO_DIR_CHOWN" = 1 && chown "$SET_USER": "$PIDDIR"
fi
if ! test -z "$SET_GROUP"; then
START_OPTIONS="$START_OPTIONS --group $SET_GROUP"
GID=$(grep "^$SET_GROUP:" /etc/group | cut -d: -f3 2> /dev/null)
test -z "$GID" || MODPROBE_OPTIONS="$MODPROBE_OPTIONS proc_gid=$GID"
test "$DO_DIR_CHOWN" = 1 && chgrp "$SET_GROUP" "$PIDDIR"
fi
###
if [ -x /usr/sbin/ngcp-virt-identify ]; then if [ -x /usr/sbin/ngcp-virt-identify ]; then
if /usr/sbin/ngcp-virt-identify --type container; then if /usr/sbin/ngcp-virt-identify --type container; then
VIRT="yes" VIRT="yes"
@ -137,7 +170,7 @@ case "$1" in
log_daemon_msg "Starting $DESC: $NAME" log_daemon_msg "Starting $DESC: $NAME"
if [ "$TABLE" -ge 0 ] && [ "$VIRT" != "yes" ]; then if [ "$TABLE" -ge 0 ] && [ "$VIRT" != "yes" ]; then
set +e set +e
modprobe xt_RTPENGINE modprobe xt_RTPENGINE $MODPROBE_OPTIONS
if [ -e /proc/mediaproxy/control ]; then if [ -e /proc/mediaproxy/control ]; then
echo "del $TABLE" > /proc/mediaproxy/control 2>/dev/null echo "del $TABLE" > /proc/mediaproxy/control 2>/dev/null
fi fi
@ -173,7 +206,7 @@ case "$1" in
set -e set -e
fi fi
start-stop-daemon --start --quiet --pidfile "$PIDFILE" \ start-stop-daemon --start --quiet --pidfile "$PIDFILE" \
--exec "$DAEMON" -- $OPTIONS || log_progress_msg " already running" --exec "$DAEMON" $START_OPTIONS -- $OPTIONS || log_progress_msg " already running"
log_end_msg $? log_end_msg $?
;; ;;
stop) stop)
@ -184,6 +217,7 @@ case "$1" in
return $? return $?
fi fi
if [ "$TABLE" -ge 0 ] && [ "$VIRT" != "yes" ]; then if [ "$TABLE" -ge 0 ] && [ "$VIRT" != "yes" ]; then
sleep 1
set +e set +e
if [ -e /proc/mediaproxy/control ]; then if [ -e /proc/mediaproxy/control ]; then
echo "del $TABLE" > /proc/mediaproxy/control 2>/dev/null echo "del $TABLE" > /proc/mediaproxy/control 2>/dev/null

4
debian/ngcp-rtpengine-recording-daemon.default vendored
Unescape View File

@ -2,7 +2,9 @@ RUN_RTPENGINE_RECORDING=no
CONFIG_FILE=/etc/rtpengine/rtpengine-recording.conf CONFIG_FILE=/etc/rtpengine/rtpengine-recording.conf
# CONFIG_SECTION=rtpengine-recording # CONFIG_SECTION=rtpengine-recording
PIDFILE=/var/run/ngcp-rtpengine-recording-daemon.pid PIDFILE=/var/run/ngcp-rtpengine-recording-daemon.pid
#SET_USER=root
#SET_GROUP=root # GROUP only needs to be set if USER is not set or if the user isn't in the group
#
MUST_NFS=no MUST_NFS=no
NFS_HOST=192.168.1.1 NFS_HOST=192.168.1.1
NFS_REMOTE_PATH=/var/recordings NFS_REMOTE_PATH=/var/recordings

35
debian/ngcp-rtpengine-recording-daemon.init vendored
Unescape View File

@ -37,11 +37,44 @@ set -e
. /lib/lsb/init-functions . /lib/lsb/init-functions
OPTIONS="" OPTIONS=""
START_OPTIONS=""
[ -z "$CONFIG_FILE" ] || OPTIONS="$OPTIONS --config-file=$CONFIG_FILE" [ -z "$CONFIG_FILE" ] || OPTIONS="$OPTIONS --config-file=$CONFIG_FILE"
[ -z "$PIDFILE" ] || OPTIONS="$OPTIONS --pidfile=$PIDFILE" [ -z "$PIDFILE" ] || OPTIONS="$OPTIONS --pidfile=$PIDFILE"
# check if directory for pid file needs to be created
PIDDIR=$(dirname "$PIDFILE")
DO_DIR_CHOWN=0
if ! test -z "$PIDDIR" && ! test -d "$PIDDIR"; then
mkdir -p "$PIDDIR"
DO_DIR_CHOWN=1
fi
# handle requested setuid/setgid
if ! test -z "$SET_USER"; then
START_OPTIONS="$START_OPTIONS --chuid $SET_USER"
UID=$(id -u "$SET_USER" 2> /dev/null)
test -z "$UID" || MODPROBE_OPTIONS="$MODPROBE_OPTIONS proc_uid=$UID"
if test -z "$SET_GROUP"; then
GID=$(id -g "$SET_USER" 2> /dev/null)
test -z "$GID" || MODPROBE_OPTIONS="$MODPROBE_OPTIONS proc_gid=$GID"
fi
test "$DO_DIR_CHOWN" = 1 && chown "$SET_USER": "$PIDDIR"
fi
if ! test -z "$SET_GROUP"; then
START_OPTIONS="$START_OPTIONS --group $SET_GROUP"
GID=$(grep "^$SET_GROUP:" /etc/group | cut -d: -f3 2> /dev/null)
test -z "$GID" || MODPROBE_OPTIONS="$MODPROBE_OPTIONS proc_gid=$GID"
test "$DO_DIR_CHOWN" = 1 && chgrp "$SET_GROUP" "$PIDDIR"
fi
###
if [ -x /usr/sbin/ngcp-virt-identify ]; then if [ -x /usr/sbin/ngcp-virt-identify ]; then
if /usr/sbin/ngcp-virt-identify --type container; then if /usr/sbin/ngcp-virt-identify --type container; then
VIRT="yes" VIRT="yes"
@ -77,7 +110,7 @@ case "$1" in
fi fi
start-stop-daemon --start --quiet --pidfile "$PIDFILE" \ start-stop-daemon --start --quiet --pidfile "$PIDFILE" \
--exec "$DAEMON" -- $OPTIONS || log_progress_msg " already running" --exec "$DAEMON" $START_OPTIONS -- $OPTIONS || log_progress_msg " already running"
log_end_msg $? log_end_msg $?
;; ;;
stop) stop)

10
lib/auxlib.c
Unescape View File

@ -5,6 +5,7 @@
#include <glib.h> #include <glib.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <errno.h>
#include "log.h" #include "log.h"
@ -34,10 +35,13 @@ void wpidfile() {
return; return;
fp = fopen(pid_file, "w"); fp = fopen(pid_file, "w");
if (fp) { if (!fp) {
fprintf(fp, "%u\n", getpid()); ilog(LOG_CRIT, "Failed to create PID file (%s), aborting startup", strerror(errno));
fclose(fp); exit(-1);
} }
fprintf(fp, "%u\n", getpid());
fclose(fp);
} }

Write Preview
Loading…
Cancel
Save