blob: 1c230ce0aa0a74683f2ce34a794e6d9a7df54516 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
{-# LANGUAGE DeriveDataTypeable #-}
module Propellor.Property.Service where
import Propellor.Base
import Propellor.Types.Info
import qualified Propellor.Property.File as File
import Utility.FileMode
type ServiceName = String
-- | Ensures that a service is running. Does not ensure that
-- any package providing that service is installed. See
-- Apt.serviceInstalledRunning
--
-- Note that due to the general poor state of init scripts, the best
-- we can do is try to start the service, and if it fails, assume
-- this means it's already running.
running :: ServiceName -> Property DebianLike
running = signaled "start" "running"
restarted :: ServiceName -> Property DebianLike
restarted = signaled "restart" "restarted"
reloaded :: ServiceName -> Property DebianLike
reloaded = signaled "reload" "reloaded"
signaled :: String -> Desc -> ServiceName -> Property DebianLike
signaled cmd desc svc = check (not <$> servicesDisabled) $
tightenTargets $ p `describe` (desc ++ " " ++ svc)
where
p = scriptProperty ["service " ++ shellEscape svc ++ " " ++ cmd ++ " >/dev/null 2>&1 || true"]
`assume` NoChange
-- | This property prevents daemons and other services from being started,
-- which is often something you want to prevent when building a chroot.
--
-- When this is set, `running` and `restarted` will not start services.
--
-- On Debian this installs a </usr/sbin/policy-rc.d> script to further
-- prevent any packages that get installed from starting daemons.
-- Reverting the property removes the script.
noServices :: RevertableProperty (HasInfo + UnixLike) UnixLike
noServices = (setup `setInfoProperty` toInfo (InfoVal NoServices)) <!> teardown
where
f = "/usr/sbin/policy-rc.d"
script = [ "#!/bin/sh", "exit 101" ]
setup = combineProperties "no services started" $ toProps
[ File.hasContent f script
, File.mode f (combineModes (readModes ++ executeModes))
]
teardown = File.notPresent f
-- | Check if the noServices property is in effect.
servicesDisabled :: Propellor Bool
servicesDisabled = isJust . fromInfoVal
<$> (askInfo :: Propellor (InfoVal NoServices))
data NoServices = NoServices deriving (Eq, Show, Typeable)
|
