diff options
| author | Sean Whitton <spwhitton@spwhitton.name> | 2017-11-19 12:04:26 -0700 |
|---|---|---|
| committer | Sean Whitton <spwhitton@spwhitton.name> | 2017-11-19 12:04:26 -0700 |
| commit | 05e5308ee7cef99b24b4f9d9755e5488f8d92a39 (patch) | |
| tree | 256b8f20bddf0f0701a3247228f9c2dd77be6e64 /src/Propellor/Property/Service.hs | |
| parent | 38d039310e4db6ffaf5c8ca51c339421e6865eff (diff) | |
| parent | 12beba0367d14f9c52adf72dd36e9cf5a8e35761 (diff) | |
Merge branch 'master' of https://git.joeyh.name/git/propellor into sbuild-overhaul
Diffstat (limited to 'src/Propellor/Property/Service.hs')
| -rw-r--r-- | src/Propellor/Property/Service.hs | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/src/Propellor/Property/Service.hs b/src/Propellor/Property/Service.hs index 46f9e8ef..1c230ce0 100644 --- a/src/Propellor/Property/Service.hs +++ b/src/Propellor/Property/Service.hs @@ -1,6 +1,11 @@ +{-# LANGUAGE DeriveDataTypeable #-} + module Propellor.Property.Service where import Propellor.Base +import Propellor.Types.Info +import qualified Propellor.Property.File as File +import Utility.FileMode type ServiceName = String @@ -21,7 +26,34 @@ reloaded :: ServiceName -> Property DebianLike reloaded = signaled "reload" "reloaded" signaled :: String -> Desc -> ServiceName -> Property DebianLike -signaled cmd desc svc = tightenTargets $ p `describe` (desc ++ " " ++ svc) +signaled cmd desc svc = check (not <$> servicesDisabled) $ + tightenTargets $ p `describe` (desc ++ " " ++ svc) where p = scriptProperty ["service " ++ shellEscape svc ++ " " ++ cmd ++ " >/dev/null 2>&1 || true"] `assume` NoChange + +-- | This property prevents daemons and other services from being started, +-- which is often something you want to prevent when building a chroot. +-- +-- When this is set, `running` and `restarted` will not start services. +-- +-- On Debian this installs a </usr/sbin/policy-rc.d> script to further +-- prevent any packages that get installed from starting daemons. +-- Reverting the property removes the script. +noServices :: RevertableProperty (HasInfo + UnixLike) UnixLike +noServices = (setup `setInfoProperty` toInfo (InfoVal NoServices)) <!> teardown + where + f = "/usr/sbin/policy-rc.d" + script = [ "#!/bin/sh", "exit 101" ] + setup = combineProperties "no services started" $ toProps + [ File.hasContent f script + , File.mode f (combineModes (readModes ++ executeModes)) + ] + teardown = File.notPresent f + +-- | Check if the noServices property is in effect. +servicesDisabled :: Propellor Bool +servicesDisabled = isJust . fromInfoVal + <$> (askInfo :: Propellor (InfoVal NoServices)) + +data NoServices = NoServices deriving (Eq, Show, Typeable) |