[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RFC: local policy for daemon start

Here is the RFC on local administrative control on the starting of
initscripts.  It is based on the already proposed initscriptquery script.
Should this RFC receive no highly negative comments of the "don't do this"
sort, I'll send a third (and final) version of the initscriptquery RFC
adding the changes described here.

The issue:  Some users have voiced the wish for a way to control (read:
avoid) the start of daemons during package install/upgrades.  This can be
done easily, and in a transparent way (to the package system and package
developers) as a small addition to the initscriptquery script.

The technical details are very simple: initscriptquery will be made to call
another script, /usr/sbin/initscriptpolicy *if such a script exists in the
local system*.  The interface for this script is defined in this RFC. This
script will tell initscriptquery whether the initscript can be started or
not, based on local policies.

The /usr/sbin/initscriptpolicy script will be managed through Debian's
alternatives system, and provided by one (or more) packages implementing the
query and maintenance of the local initscript policy database.  If such a
package isn't installed, the system behaves as if there were no further
restrains in starting an initscript other than the current runlevel.

Attached you'll find an universal diff that enables local administrative
policy control in the version of initscriptquery I posted before (
The added complexity is small.

There are no examples for the initscriptpolicy script, but one can easily
imagine a small shell script which greps a /etc/dontstart file for the
initscript ID, and exits with status "1" if the given ID is there, otherwise
exiting with status "0".  More elaborate solutions which make use of the
runlevel, and query a more elaborate (possibly remote) database are, of
course, possible.

PS: anyone has a better idea for the script names? "initscriptquery" and
"initscriptpolicy" are not that good :-)

The proposed /usr/sbin/initscriptpolicy script:

Documented command line interface:
  initscriptpolicy [-q] [-l] <initscript ID> <runlevel>

  -q : Run in silent mode, errors are NOT reported to stderr 

  -l : List administrative details for the given initscript ID (the 
       <runlevel> parameter is optional in this case).

  initscript ID:  the update-rc.d identifier for the initscript

  runlevel : runlevel for which the query is being made. This is *one* of
	     the init-supported runlevels. ('0' to '9', or 'S').	     
	     This parameter is optional if -l was specified.

  Future versions to this script MUST be fully backwards compatible.

Documented behaviour of the initscriptpolicy script:

  stdin shall not be used (it is NOT an interactive script)
  stdout shall be used to output non-error messages.
  stderr shall be used to output all error messages.

  The script should default to a very terse output mode. Ideally, nothing
  should be sent to stdout except if explicitly requested (by the -l option,
  for example). If the script is run in -q mode, no output at all should be
  sent to stdout (this does means initscriptpolicy -q -l produces no output

  The -l option lists to stdout the policy for the given initscript ID in
  human-readable format.

Exit status codes:
   0 - initscript start allowed
   1 - initscript start NOT allowed
   2 - unknown initscript ID
   3 - syntax error
  +4 - other error

Debian packaging details:

  /usr/sbin/initscriptpolicy must be managed through the alternatives
  system, so as to allow implementation by more than one package.

  Packages implementing initscriptpolicy should declare a versioned
  dependency on the base init system packages implementing initscriptquery.
  This avoids the situation where a user installs an initscript policy
  package, but due to an old sysvinit package initscriptpolicy never gets

Details dealing with initscriptquery:

  /usr/sbin/initscriptquery shall verify if /usr/sbin/initscriptpolicy is
  executable. If initscriptpolicy cannot be run, it is to be assumed that
  there is no local administrative policy on initscripts, and that they
  should be started if the current runlevel allows it.

  initscriptquery shall ignore any errors from initscriptpolicy, (exit
  status codes 2 or higher) and fallback to the default no-policy behaviour
  to avoid worse problems. initscriptquery should issue warnings if such an
  error happens.


  * Should the -l option be removed? initscriptquery does not need it.

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh
--- initscriptquery.	Sat Sep 16 20:46:03 2000
+++ initscriptquery.1.4	Sat Sep 16 20:44:39 2000
@@ -4,7 +4,7 @@
 #   current runlevel and verifies if a given script should be started 
 #   in that runlevel.  
-# $Id: initscriptquery,v 2000/09/13 01:18:04 hmh Exp $
+# $Id: initscriptquery,v 1.4 2000/09/16 23:41:17 hmh Exp $
 # Usage: 
 #   initscriptquery [--help] [-q] <initscript ID>
@@ -16,6 +16,10 @@
 #   displayed and the calling script must do so for status codes 2 and
 #   above).
+# if /usr/sbin/initscriptpolicy is an executable file, it will be
+# used to query for local administrative policy info on initscript
+# starts.
 # Exit status codes:
 #    0 - the initscript is allowed to be started [in this runlevel]
 #    1 - the initscript is NOT allowed be started [in this runlevel]
@@ -44,6 +48,7 @@
 # Temple Place, Suite 330, Boston, MA 02111-1307 USA
@@ -72,6 +77,24 @@
+querypolicy () {
+ #
+ # queries policy database
+ #
+if test -x ${POLICYHELPER} ; then
+    case `${POLICYHELPER} ${BEQUIET} ${INITSCRIPTID} ${RL} ; echo $?` in
+	0)  return 0 
+	    ;;
+	1)  return 1 
+	    ;;
+	*)  printerror "Could not get local policy information."
+	    printerror "Assuming start is allowed for runlevel ${RL}."
+	    return 0
+    esac
+return 0
 ##  main
@@ -90,7 +113,7 @@
 	--help) dohelp 
 		exit 4
-	-q)     BEQUIET=yes
+	-q)     BEQUIET=-q
 	*)      case ${state} in
@@ -187,11 +210,19 @@
 if testexec ${SLINK} ; then
-    exit 0
+    if querypolicy ; then
+	exit 0
+    else
+        exit 1
+    fi
 elif testexec ${KLINK} ; then
     exit 1
 elif testexec ${SSLINK} ; then
-    exit 0
+    if querypolicy ; then
+        exit 0
+    else
+        exit 1
+    fi
 # is /etc/init.d/initscript actually executable?

Attachment: pgpE8PNuNkJ7N.pgp
Description: PGP signature

Reply to: