Erwan David wrote:
> 2) add at the beginning of each /etc/init.d/myserv a test to stop if
> the encrypted partition is not mounted
>
> Neither of those solutions seems acceptable for me.
>
> So if someone has an idea, I'm listening.
I would do one of two things. Either I would remove the /etc/rc?.d/S*
links associated with the services you don't want to start, or make
the script not executable. Then start them manually later as you
wish. Or I would install a /usr/sbin/policy-rc.d script that did your
automated check and only allowed the services to start if the disk was
mounted as you wish.
See the man page for invoke-rc.d for the first pass documentation.
Then read the README.policy-rc.d.gz file.
man invoke-rc.d
less /usr/share/doc/sysv-rc/README.policy-rc.d.gz
There is a huge amount of flexibility built into policy-rc.d that most
people will never need nor use. This makes the documentation a little
bit overdone. I will include a simple one that I am using at the
bottom so that you can get the feel for it. In my case this is for a
chroot and I only want to allow cron and nullmailer to start there.
All other daemons are denied. For your case you would want the
reverse and generally allow everything but exclude only the ones you
want to exclude.
Bob
#!/bin/sh
# /usr/sbin/policy-rc.d [options] <initscript ID> <actions> [<runlevel>]
# /usr/sbin/policy-rc.d [options] --list <initscript ID> [<runlevel> ...]
# See /usr/share/doc/sysv-rc/README.policy-rc.d for documentation.
# Live example scraped from ps:
# /bin/sh /usr/sbin/policy-rc.d x11-common stop unknown
while [ $# -gt 0 ]; do
case $1 in
--list) exit 101 ;;
--quiet) shift ;;
-*) shift ;;
cron) exit 0 ;;
nullmailer) exit 0 ;;
*) exit 101 ;;
esac
done
exit 101
Attachment:
signature.asc
Description: Digital signature