[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Serveur with encrypted partition : 2 steps boot.

Le 11/04/2013 08:25, Bob Proulx a écrit :
Erwan David wrote:
2) add at the beginning of each /etc/init.d/myserv a test to stop if
the encrypted partition is not mounted

Neither of those solutions seems acceptable for me.

So if someone has an idea, I'm listening.
I would do one of two things.  Either I would remove the /etc/rc?.d/S*
links associated with the services you don't want to start, or make
the script not executable.  Then start them manually later as you
wish.  Or I would install a /usr/sbin/policy-rc.d script that did your
automated check and only allowed the services to start if the disk was
mounted as you wish.

See the man page for invoke-rc.d for the first pass documentation.
Then read the README.policy-rc.d.gz file.

   man invoke-rc.d

   less /usr/share/doc/sysv-rc/README.policy-rc.d.gz

There is a huge amount of flexibility built into policy-rc.d that most
people will never need nor use.  This makes the documentation a little
bit overdone.  I will include a simple one that I am using at the
bottom so that you can get the feel for it.  In my case this is for a
chroot and I only want to allow cron and nullmailer to start there.
All other daemons are denied.  For your case you would want the
reverse and generally allow everything but exclude only the ones you
want to exclude.

I have problems withe the documentation of poilcy-rc.d, mainly te fact it seems to be for the sole usage of package maintainers, not of administrators of the machine, (see the fact taht alternatives MUST be used), and that I do not understand at all what an out-of-runlevel action is.

Reply to: