Re: Serveur with encrypted partition : 2 steps boot.
Le 20/04/2013 23:37, Erwan David a écrit :
I have problems withe the documentation of poilcy-rc.d, mainly te fact
it seems to be for the sole usage of package maintainers, not of
administrators of the machine, (see the fact taht alternatives MUST be
used), and that I do not understand at all what an out-of-runlevel
action is.
Ok, here is a policy-rc.d which does not work :
#!/bin/sh
# /usr/sbin/policy-rc.d [options] <initscript ID> <actions> [<runlevel>]
# /usr/sbin/policy-rc.d [options] --list <initscript ID> [<runlevel> ...]
# See /usr/share/doc/sysv-rc/README.policy-rc.d for documentation.
# Live example scraped from ps:
# /bin/sh /usr/sbin/policy-rc.d x11-common stop unknown
###
if [ ! -r /etc/secure_services ]; then
# No secure service -> Ok for everything
exit 0
fi
##
# Defines the secure mount point and the services which must be started
after
. /etc/secure_services
do_check(){
SERVICES="$SECURE_SERVICES"
for test in $SECURE_SERVICES;do
if [ $1 = $test ];then
case $2 in
*start*)
if mountpoint -q $SECURE_MOUNTPOINT; then
exit 0
else
exit 101
fi;;
*)
exit 0
esac
fi
done
exit 0
}
if [ "X$SECURE_MOUNTPOINT" = "X" -o "X$SECURE_SERVICES" = "X" ];then
# no secure mount point or no secure service defined -> Ok for
everything
exit 0
fi
while [ $# -gt 0 ]; do
case $1 in
--list) exit 101 ;;
--quiet) shift ;;
-*) shift ;;
*) service=$1
actions=$2
do_check $service $actions
esac
done
###
# default
exit 101
And my /etc/secure_services is
#####
# Mount point of encrypted file system
SECURE_MOUNTPOINT=/secure
####
# Services which need the encrypted file system
# space separated, they will be started in the order of the variable
SECURE_SERVICES="postgresql dspam slapd dovecot postfix"
But services in SECURE_SERVICES are started, so there is something I do
not understand in what the script should do.
I checked : if /secure is not mounted, /usr/sbin/policy-rc.d postgresql
start terminates on exit 101, which should prevent the start.
Reply to: