init-d-script support for setpriv
Friends,
I am working on a patch for init-d-script(5) to add an optional setpriv(1)
wrapper. Obviously that is not available on non-linux and the patch accommodates
that. However, I am concerned that non-linux users might find the warning too
noisy. I would be grateful for your opinion and comments on the attached patch.
For background, I have use for this as part of the unit-translator[1] I am
working on. I hope it might provide a general solution for the disappearing LSB
initscripts and cron fragments that we are all subject to in a systemd-dominant
Debian. The initial version of src:unit-translator with openrc and cron support
has passed through NEW. I am working on the LSB script backend which uses
init-d-script.
With thanks
Mark
[1] https://git.devuan.org/leepen/unit-translator
diff --git a/debian/init-d-script b/debian/init-d-script
index a5208c6e..2ccd184e 100755
--- a/debian/init-d-script
+++ b/debian/init-d-script
@@ -44,7 +44,13 @@ call() {
#
do_start_cmd() {
- start-stop-daemon --start --quiet \
+ if [ "$SETPRIV_ARGS" ] ; then
+ if ! PATH=/bin:/usr/bin command -v setpriv > /dev/null 2>&1 ; then
+ echo "WARNING: setpriv not available, ignoring SETPRIV_ARGS" >&2
+ unset SETPRIV_ARGS
+ fi
+ fi
+ ${SETPRIV_ARGS:+setpriv $SETPRIV_ARGS} start-stop-daemon --start --quiet \
${PIDFILE:+--pidfile "$PIDFILE"} \
${COMMAND_NAME:+--name "$COMMAND_NAME"} \
${DAEMON:+--exec "$DAEMON"} $START_ARGS -- $DAEMON_ARGS
@@ -177,7 +183,7 @@ fi
# Unset configuration variables to make sure that if variable is not assigned a
# value in init script, it does not use one from environment. See #822918.
unset DAEMON DAEMON_ARGS DESC NAME COMMAND_NAME PIDFILE \
- RELOAD_ARGS RELOAD_SIGNAL START_ARGS STOP_ARGS
+ RELOAD_ARGS RELOAD_SIGNAL START_ARGS STOP_ARGS SETPRIV_ARGS
SCRIPTNAME="$__init_d_script_name"
scriptbasename=${__init_d_script_name##*/}
diff --git a/debian/init-d-script.5 b/debian/init-d-script.5
index cf1c769c..d649147d 100644
--- a/debian/init-d-script.5
+++ b/debian/init-d-script.5
@@ -1,4 +1,4 @@
-.Dd August 5, 2019
+.Dd September 3, 2024
.Dt INIT\-D\-SCRIPT 5 "Debian sysvinit"
.Os Debian
.Sh NAME
@@ -77,6 +77,18 @@ If the value is verbatim
the process identifier will not be stored in any file.
If this variable is not set, it gets a sensible default value,
so it is rarely necessary to set this variable explicitly.
+.It Ev SETPRIV_ARGS
+If this directive is set and
+.Xr setpriv 1
+is available, the invocation of
+.Xr start\-stop\-daemon 8
+is wrapped in a call to
+.Xr setpriv 1
+with the specified arguments. Note that the
+.Fl \-chuid
+argument to
+.Xr start\-stop\-daemon 8
+requires CAP_SETUID and CAP_SETGID in the bounding capabilities set.
.It Ev RELOAD_SIGNAL
Signal number or name (without the SIG prefix) that will be sent to
the process on
@@ -184,6 +196,7 @@ and before
.Sh SEE ALSO
.Xr inittab 8 ,
.Xr service 8 ,
+.Xr setpriv 1 ,
.Xr update\-rc.d 8 .
.Sh AUTHORS
.An -nosplit
Reply to: