Here is the RFC on local administrative control on the starting of initscripts. It is based on the already proposed initscriptquery script. Should this RFC receive no highly negative comments of the "don't do this" sort, I'll send a third (and final) version of the initscriptquery RFC adding the changes described here. The issue: Some users have voiced the wish for a way to control (read: avoid) the start of daemons during package install/upgrades. This can be done easily, and in a transparent way (to the package system and package developers) as a small addition to the initscriptquery script. The technical details are very simple: initscriptquery will be made to call another script, /usr/sbin/initscriptpolicy *if such a script exists in the local system*. The interface for this script is defined in this RFC. This script will tell initscriptquery whether the initscript can be started or not, based on local policies. The /usr/sbin/initscriptpolicy script will be managed through Debian's alternatives system, and provided by one (or more) packages implementing the query and maintenance of the local initscript policy database. If such a package isn't installed, the system behaves as if there were no further restrains in starting an initscript other than the current runlevel. Attached you'll find an universal diff that enables local administrative policy control in the version of initscriptquery I posted before (1.3.1.4). The added complexity is small. There are no examples for the initscriptpolicy script, but one can easily imagine a small shell script which greps a /etc/dontstart file for the initscript ID, and exits with status "1" if the given ID is there, otherwise exiting with status "0". More elaborate solutions which make use of the runlevel, and query a more elaborate (possibly remote) database are, of course, possible. PS: anyone has a better idea for the script names? "initscriptquery" and "initscriptpolicy" are not that good :-) The proposed /usr/sbin/initscriptpolicy script: ----------------------------------------------- Documented command line interface: initscriptpolicy [-q] [-l] <initscript ID> <runlevel> -q : Run in silent mode, errors are NOT reported to stderr -l : List administrative details for the given initscript ID (the <runlevel> parameter is optional in this case). initscript ID: the update-rc.d identifier for the initscript runlevel : runlevel for which the query is being made. This is *one* of the init-supported runlevels. ('0' to '9', or 'S'). This parameter is optional if -l was specified. Future versions to this script MUST be fully backwards compatible. Documented behaviour of the initscriptpolicy script: stdin shall not be used (it is NOT an interactive script) stdout shall be used to output non-error messages. stderr shall be used to output all error messages. The script should default to a very terse output mode. Ideally, nothing should be sent to stdout except if explicitly requested (by the -l option, for example). If the script is run in -q mode, no output at all should be sent to stdout (this does means initscriptpolicy -q -l produces no output whatsoever). The -l option lists to stdout the policy for the given initscript ID in human-readable format. Exit status codes: 0 - initscript start allowed 1 - initscript start NOT allowed 2 - unknown initscript ID 3 - syntax error +4 - other error Debian packaging details: /usr/sbin/initscriptpolicy must be managed through the alternatives system, so as to allow implementation by more than one package. Packages implementing initscriptpolicy should declare a versioned dependency on the base init system packages implementing initscriptquery. This avoids the situation where a user installs an initscript policy package, but due to an old sysvinit package initscriptpolicy never gets called. Details dealing with initscriptquery: /usr/sbin/initscriptquery shall verify if /usr/sbin/initscriptpolicy is executable. If initscriptpolicy cannot be run, it is to be assumed that there is no local administrative policy on initscripts, and that they should be started if the current runlevel allows it. initscriptquery shall ignore any errors from initscriptpolicy, (exit status codes 2 or higher) and fallback to the default no-policy behaviour to avoid worse problems. initscriptquery should issue warnings if such an error happens. Issues: * Should the -l option be removed? initscriptquery does not need it. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
--- initscriptquery.1.3.1.4 Sat Sep 16 20:46:03 2000 +++ initscriptquery.1.4 Sat Sep 16 20:44:39 2000 @@ -4,7 +4,7 @@ # current runlevel and verifies if a given script should be started # in that runlevel. # -# $Id: initscriptquery,v 1.3.1.4 2000/09/13 01:18:04 hmh Exp $ +# $Id: initscriptquery,v 1.4 2000/09/16 23:41:17 hmh Exp $ # # Usage: # initscriptquery [--help] [-q] <initscript ID> @@ -16,6 +16,10 @@ # displayed and the calling script must do so for status codes 2 and # above). # +# if /usr/sbin/initscriptpolicy is an executable file, it will be +# used to query for local administrative policy info on initscript +# starts. +# # Exit status codes: # 0 - the initscript is allowed to be started [in this runlevel] # 1 - the initscript is NOT allowed be started [in this runlevel] @@ -44,6 +48,7 @@ # Temple Place, Suite 330, Boston, MA 02111-1307 USA RUNLEVEL=/sbin/runlevel +POLICYHELPER=/usr/sbin/initscriptpolicy INITDPREFIX=/etc/init.d/ RCDPREFIX=/etc/rc BEQUIET= @@ -72,6 +77,24 @@ fi } +querypolicy () { + # + # queries policy database + # +if test -x ${POLICYHELPER} ; then + case `${POLICYHELPER} ${BEQUIET} ${INITSCRIPTID} ${RL} ; echo $?` in + 0) return 0 + ;; + 1) return 1 + ;; + *) printerror "Could not get local policy information." + printerror "Assuming start is allowed for runlevel ${RL}." + return 0 + esac +fi +return 0 +} + ## ## main ## @@ -90,7 +113,7 @@ --help) dohelp exit 4 ;; - -q) BEQUIET=yes + -q) BEQUIET=-q ;; *) case ${state} in I) INITSCRIPTID=$i @@ -187,11 +210,19 @@ } if testexec ${SLINK} ; then - exit 0 + if querypolicy ; then + exit 0 + else + exit 1 + fi elif testexec ${KLINK} ; then exit 1 elif testexec ${SSLINK} ; then - exit 0 + if querypolicy ; then + exit 0 + else + exit 1 + fi fi # is /etc/init.d/initscript actually executable?
Attachment:
pgpPcpJQUg0ha.pgp
Description: PGP signature