consistent ownership/permissions for /run/service-state/**

This commit is contained in:
Daniel Barlow 2023-02-25 22:53:06 +00:00
parent 4bd99df0f1
commit 59ce03630a
7 changed files with 57 additions and 38 deletions

View file

@ -121,6 +121,9 @@ in {
root = { root = {
gid = 0; usernames = ["root"]; gid = 0; usernames = ["root"];
}; };
system = {
gid = 1; usernames = ["root"];
};
}; };
filesystem = dir { filesystem = dir {

View file

@ -18,6 +18,9 @@ shift
mount -t proc none /proc mount -t proc none /proc
mount -t sysfs none /sys mount -t sysfs none /sys
mkdir -m 0750 /run/service-state
chgrp system /run/service-state
### If your services are managed by s6-rc: ### If your services are managed by s6-rc:
### (replace /run/service with your scandir) ### (replace /run/service with your scandir)
s6-rc-init /run/service -d -c /etc/s6-rc/compiled s6-rc-init /run/service -d -c /etc/s6-rc/compiled

View file

@ -89,6 +89,16 @@ final: prev: {
netlink-lua = final.callPackage ./pkgs/netlink-lua {}; netlink-lua = final.callPackage ./pkgs/netlink-lua {};
waitup = final.callPackage ./pkgs/waitup {}; waitup = final.callPackage ./pkgs/waitup {};
serviceFns = final.writeText "service-fns.sh" ''
output() { cat $1/.outputs/$2; }
output_path() { echo $(realpath $1/.outputs)/$2; }
mkoutputs() {
d=/run/service-state/$1
mkdir -m 2750 -p $d && chown root:system $d
echo $d
}
'';
# these are packages for the build system not the host/target # these are packages for the build system not the host/target
tufted = final.callPackage ./pkgs/tufted {}; tufted = final.callPackage ./pkgs/tufted {};

View file

@ -1,11 +1,12 @@
{ {
liminix liminix
, dnsmasq , dnsmasq
, serviceFns
, lib , lib
}: }:
{ {
user ? "dnsmasq" user ? "dnsmasq"
, group ? "dnsmasq" , group ? "system"
, interface , interface
, upstreams ? [] , upstreams ? []
, ranges , ranges
@ -19,6 +20,7 @@ in longrun {
inherit name; inherit name;
dependencies = [ interface ]; dependencies = [ interface ];
run = '' run = ''
. ${serviceFns}
${dnsmasq}/bin/dnsmasq \ ${dnsmasq}/bin/dnsmasq \
--user=${user} \ --user=${user} \
--domain=${domain} \ --domain=${domain} \

View file

@ -5,6 +5,7 @@
, ppp , ppp
, pppoe , pppoe
, writeAshScript , writeAshScript
, serviceFns
} : } :
let let
inherit (liminix.services) longrun; inherit (liminix.services) longrun;
@ -17,16 +18,15 @@ interface: {
let let
name = "${interface.device}.pppoe"; name = "${interface.device}.pppoe";
ip-up = writeAshScript "ip-up" {} '' ip-up = writeAshScript "ip-up" {} ''
outputs=/run/service-state/${name}/ . ${serviceFns}
mkdir -p $outputs (cd $(mkoutputs ${name}); umask 0027
(cd $outputs
echo $1 > ifname echo $1 > ifname
echo $2 > tty echo $2 > tty
echo $3 > speed echo $3 > speed
echo $4 > address echo $4 > address
echo $5 > peer-address echo $5 > peer-address
echo $DNS1 > ns1 echo $DNS1 > ns1
echo $DNS1 > ns2 echo $DNS2 > ns2
) )
echo >/proc/self/fd/10 echo >/proc/self/fd/10
''; '';

View file

@ -10,15 +10,15 @@ interface: { ... } @ args:
let let
name = "${interface.device}.udhcp"; name = "${interface.device}.udhcp";
script = writeShellScript "udhcp-notify" '' script = writeShellScript "udhcp-notify" ''
. ${serviceFns}
action=$1 action=$1
set_address() { set_address() {
ip address replace $ip/$mask dev $interface ip address replace $ip/$mask dev $interface
dir=/run/service-state/${name}/ (cd $(mkoutputs ${name}); umask 0027
mkdir -p $dir
for i in lease mask ip router siaddr dns serverid subnet opt53 interface ; do for i in lease mask ip router siaddr dns serverid subnet opt53 interface ; do
echo ''${!i} > $dir/$i echo ''${!i} > $i
done done)
} }
case $action in case $action in
deconfig) deconfig)

View file

@ -5,13 +5,14 @@
, busybox , busybox
, callPackage , callPackage
, writeScript , writeScript
, serviceFns
}: }:
let let
inherit (builtins) concatStringsSep; inherit (builtins) concatStringsSep;
output = service: name: "/run/service-state/${service.name}/${name}"; output = service: name: "/run/service-state/${service.name}/${name}";
serviceScript = commands : '' serviceScript = commands : ''
#!${busybox}/bin/sh #!${busybox}/bin/sh
output() { cat $1/.outputs/$2; } . ${serviceFns}
${commands} ${commands}
''; '';
service = { service = {