Bug#731397: asterisk: Please add a restorecon for SE Linux after creating directories such as //var/run/asterisk
Russell Coker
russell at coker.com.au
Thu Dec 5 05:24:55 UTC 2013
Package: asterisk
Version: 1:1.8.13.1~dfsg-3+deb7u1
Severity: normal
Tags: patch
--- asterisk.orig 2013-12-05 16:23:02.000000000 +1100
+++ asterisk 2013-12-05 15:54:45.000000000 +1100
@@ -98,6 +98,7 @@
for dir in /var/run/asterisk /var/log/asterisk /var/log/asterisk/cdr-csv /var/log/asterisk/cdr-custom; do
[ -d $dir ] || install -d -o $USER -g $GROUP $dir
+ [ -x /sbin/restorecon ] && /sbin/restorecon $dir
done
set -e
Please apply a patch like the above to give correct SE Linux labels to newly
created directories. It won't change the result on a non-SE system.
This bug exists in both Wheezy and Unstable.
-- System Information:
Debian Release: 7.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages asterisk depends on:
ii adduser 3.113+nmu3
ii asterisk-config 1:1.8.13.1~dfsg-3+deb7u1
ii asterisk-core-sounds-en-gsm 1.4.22-1
ii asterisk-modules 1:1.8.13.1~dfsg-3+deb7u1
ii libc6 2.13-38
ii libcap2 1:2.22-1.2
ii libgcc1 1:4.7.2-5
ii libssl1.0.0 1.0.1e-2
ii libstdc++6 4.7.2-5
ii libtinfo5 5.9-10
ii libxml2 2.8.0+dfsg1-7+nmu2
Versions of packages asterisk recommends:
pn asterisk-moh-opsound-gsm <none>
pn asterisk-voicemail | asterisk-voicemail-storage <none>
pn sox <none>
Versions of packages asterisk suggests:
pn asterisk-dahdi <none>
pn asterisk-dev <none>
pn asterisk-doc <none>
pn asterisk-ooh323 <none>
-- Configuration Files:
/etc/init.d/asterisk changed:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=asterisk
USER=$NAME
GROUP=$USER
DAEMON=/usr/sbin/$NAME
CANARY=/usr/sbin/astcanary
DESC="Asterisk PBX"
PIDFILE="/var/run/asterisk/asterisk.pid"
ASTSAFE_PIDFILE="/var/run/asterisk/asterisk_safe.pid"
UMASK=007 # by default
.. /lib/lsb/init-functions
PARAMS=""
CHDIR_PARM=""
AST_REALTIME="yes"
RUNASTERISK="yes"
AST_DUMPCORE="no"
AST_DUMPCORE_DIR="/var/spool/asterisk" # only used if AST_DUMPCORE != no
if [ -r /etc/default/$NAME ]; then . /etc/default/$NAME; fi
if [ "$RUNASTERISK" != "yes" ];then
echo "Asterisk not yet configured. Edit /etc/default/asterisk first."
exit 0
fi
if [ "$AST_REALTIME" != "no" ]
then
PARAMS="$PARAMS -p"
fi
if [ "$AST_DUMPCORE" != "no" ]
then
PARAMS="$PARAMS -g"
if [ "$CORE_PATTERN" != '' ]
then
echo "$CORE_PATTERN" >/proc/sys/kernel/core_pattern
fi
if [ -d "$AST_DUMPCORE_DIR" ]
then
CHDIR_PARM="--chdir $AST_DUMPCORE_DIR"
fi
fi
if [ "x$USER" = "x" ]
then
echo "Error: empty USER name"
exit 1
fi
if [ `id -u "$USER"` = 0 ]
then
echo "Starting as root not supported."
exit 1
fi
PARAMS="$PARAMS -U $USER"
if [ "x$AST_DEBUG_PARAMS" = x ]
then
AST_DEBUG_PARAMS=-cvvvvvddddd
fi
if [ "$RUNASTSAFE" = "yes" ];then
# The value of WRAPPER_DAEMON in can be set in /etc/default/asterisk
WRAPPER_DAEMON=${WRAPPER_DAEMON:-/usr/sbin/safe_asterisk}
REALDAEMON="$WRAPPER_DAEMON"
else
REALDAEMON="$DAEMON"
fi
test -x $DAEMON || exit 0
for dir in /var/run/asterisk /var/log/asterisk /var/log/asterisk/cdr-csv /var/log/asterisk/cdr-custom; do
[ -d $dir ] || install -d -o $USER -g $GROUP $dir
[ -x /sbin/restorecon ] && /sbin/restorecon $dir
done
set -e
if [ "$UMASK" != '' ]
then
umask $UMASK
fi
if [ "$MAXFILES" != '' ]
then
ulimit -n $MAXFILES
fi
status() {
status_of_proc -p "$PIDFILE" "$NAME" "$DESC" && return 0 || return $?
}
asterisk_rx() {
if ! status >/dev/null; then return 0; fi
# if $HOME is set, asterisk -rx writes a .asterisk_history there
(
unset HOME
$DAEMON -rx "$1"
)
}
case "$1" in
debug)
# we add too many special parameters that I don't want to skip
# accidentally. I'm afraid that skipping -U once may cause
# confusing results. I also want to maintain the user's choice
# of -p
echo "Debugging $DESC: "
$DAEMON $PARAMS $AST_DEBUG_PARAMS
exit 0
;;
start)
if status > /dev/null; then
echo "$DESC is already running. Use restart."
exit 0
fi
echo -n "Starting $DESC: "
if [ "$RUNASTSAFE" != "yes" ];then
# TODO: what if we cought the wrapper just as its asterisk
# was killed? status should check for the wrapper if we're in
# "safe mode"
if status > /dev/null; then
echo "$DESC is already running. Use restart."
exit 0
fi
export SAFE_AST_BACKGROUND=1
start-stop-daemon --start --group $GROUP --pidfile "$PIDFILE" \
$CHDIR_PARM \
--exec $REALDAEMON -- $PARAMS > /dev/null
else
start-stop-daemon --start --group $GROUP \
--background --make-pidfile \
$CHDIR_PARM --pidfile "$ASTSAFE_PIDFILE" \
--exec $REALDAEMON -- $PARAMS
fi
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: $NAME"
# Try gracefully.
# this may hang in some cases. Specifically, when the asterisk
# processes is stopped. No bother to worry about cleanup:
# it will either fail or die when asterisk dies.
( asterisk_rx 'core stop now' > /dev/null 2>&1 & ) &
if [ "$RUNASTSAFE" = "yes" ];then
start-stop-daemon --stop --quiet --oknodo \
--pidfile $ASTSAFE_PIDFILE
rm -f $ASTSAFE_PIDFILE
fi
# just making sure it's really, really dead.
# KILL is necessary just in case there's an asterisk -r in the background
start-stop-daemon --stop --quiet --oknodo --retry=0/2/TERM/2/KILL/5 --exec $DAEMON
start-stop-daemon --stop --quiet --oknodo --retry=0/2/TERM/2/KILL/5 --exec $CANARY
echo "."
;;
reload)
echo "Reloading $DESC configuration files."
asterisk_rx 'module reload'
;;
logger-reload)
asterisk_rx 'logger reload'
;;
extensions-reload|dialplan-reload)
echo "Reloading $DESC configuration files."
asterisk_rx 'dialplan reload'
;;
restart-convenient)
asterisk_rx 'core restart when convenient'
;;
restart|force-reload)
$0 stop
$0 start
;;
status)
status
exit $?
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|reload|status|debug|logger-reload|extensions-reload|restart-convenient|force-reload}" >&2
exit 1
;;
esac
exit 0
-- no debconf information
More information about the Pkg-voip-maintainers
mailing list