summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Orlitzky <mjo@gentoo.org>2017-07-18 19:07:19 -0400
committerMichael Orlitzky <mjo@gentoo.org>2017-07-18 19:09:38 -0400
commitdcb995f7f08b66528487fe4e0a16a16bda502572 (patch)
tree4960c30f251b7c871ba98fb9cd1f45fbfab92bcd
parentvirtualbox packages: Removed old. (diff)
downloadgentoo-dcb995f7f08b66528487fe4e0a16a16bda502572.tar.gz
gentoo-dcb995f7f08b66528487fe4e0a16a16bda502572.tar.bz2
gentoo-dcb995f7f08b66528487fe4e0a16a16bda502572.zip
net-irc/quassel: new init script revision to prevent privilege escalation.
This commits adds two new files, * quasselcore.init-r1 * quasselcore.conf-r1 that are as yet unused. The init script has been entirely rewritten to use modern features of OpenRC, and uses the default start/stop implementations, so it is greatly simplified. To avoid the "chown" problem in bug 603414, the new init script and conf file do not allow changing the quassel user on the fly. Instead, the "quassel" user created by the ebuild is used unconditionally. As a result, there is no need to fix permissions when the daemon is started, and thus no need to change ownership of anything. A further permissions-related simplification logs to syslog instead of a file by default. Since the daemon runs as a restricted user, that avoids another set of permissions (on the log file) that would need to be mangled. Gentoo-Bug: 423145 Gentoo-Bug: 603414 Package-Manager: Portage-2.3.6, Repoman-2.3.1
-rw-r--r--net-irc/quassel/files/quasselcore.conf-r111
-rw-r--r--net-irc/quassel/files/quasselcore.init-r122
2 files changed, 33 insertions, 0 deletions
diff --git a/net-irc/quassel/files/quasselcore.conf-r1 b/net-irc/quassel/files/quasselcore.conf-r1
new file mode 100644
index 000000000000..29e14467a8f3
--- /dev/null
+++ b/net-irc/quassel/files/quasselcore.conf-r1
@@ -0,0 +1,11 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Loglevel Debug|Info|Warning|Error. Default is: Info
+#LOGLEVEL="Info"
+
+# The address(es) quasselcore will listen on. Default is 0.0.0.0
+#LISTEN="0.0.0.0"
+
+# The port quasselcore will listen at. Default is: 4242
+#PORT="4242"
diff --git a/net-irc/quassel/files/quasselcore.init-r1 b/net-irc/quassel/files/quasselcore.init-r1
new file mode 100644
index 000000000000..5976235aafa4
--- /dev/null
+++ b/net-irc/quassel/files/quasselcore.init-r1
@@ -0,0 +1,22 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+ after logger postgres
+}
+
+LISTEN=${LISTEN:-"0.0.0.0"}
+LOGLEVEL=${LOGLEVEL:-"Info"}
+PORT=${PORT:="4242"}
+
+command="/usr/bin/quasselcore"
+command_args="--configdir=/var/lib/quassel
+ --listen=${LISTEN}
+ --loglevel=${LOGLEVEL}
+ --port=${PORT}
+ --syslog"
+command_background="yes"
+command_user="quassel"
+description="Quassel Core"
+pidfile="/run/quassel.pid"