Ignore:
Timestamp:
Feb 18, 2015 10:25:24 PM (5 years ago)
Author:
kytv <kytv@…>
Branches:
master
Children:
6d58f9a
Parents:
bb9cef1
Message:

Debian: confine daemon with apparmor (ticket #1061)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • debian/i2p.postinst

    rbb9cef1 r29953ea  
    77
    88conffile="/etc/default/i2p"
    9 systemdservice="/lib/systemd/system/i2p.service"
     9#systemdservice="/lib/systemd/system/i2p.service"
    1010
    1111# Source debconf library -- we have a Depends line
     
    2626            echo "RUN_DAEMON=" >> $conffile
    2727            echo "I2PUSER=" >> $conffile
     28            echo "CONFINE_WITH_APPARMOR=" >> $conffile
    2829            echo "# The next value is also wrapper.java.maxmemory in /etc/i2p/wrapper.config" >> $conffile
    2930            echo "MEMORYLIMIT=" >> $conffile
     
    3637        db_get i2p/memory
    3738        MEMORYLIMIT="$RET"
     39        db_get i2p/aa
     40        CONFINE_WITH_APPARMOR="$RET"
    3841
    3942        cp -a -f $conffile $conffile.tmp
     
    4750        test -z "$MEMORYLIMIT" || grep -Eq '^ *MEMORYLIMIT=' $conffile || \
    4851            echo "MEMORYLIMIT=" >> $conffile
     52        test -z "$CONFINE_WITH_APPARMOR" || grep -Eq '^ *CONFINE_WITH_APPARMOR=' $conffile || \
     53            echo "CONFINE_WITH_APPARMOR=" >> $conffile
    4954
    5055        if [ -z $RUN_DAEMON ]; then
     
    5863            -e "s/^ *I2PUSER=.*/I2PUSER=\"$I2PUSER\"/" \
    5964            -e "s/^ *MEMORYLIMIT=.*/MEMORYLIMIT=\"$MEMORYLIMIT\"/" \
     65            -e "s/^ *CONFINE_WITH_APPARMOR=.*/CONFINE_WITH_APPARMOR=\"$CONFINE_WITH_APPARMOR\"/" \
    6066            < $conffile > $conffile.tmp
    6167        mv -f $conffile.tmp $conffile
    6268
    63         if [ -e "$systemdservice" ]; then
    64             sed -e "s/User=.*/User=$I2PUSER/" < "$systemdservice" > "$systemdservice.tmp"
    65             mv -f "$systemdservice.tmp" "$systemdservice"
    66             chmod 0644 -f "$systemdservice"
    67             if [ -x /bin/systemctl ]; then
    68                     systemctl --system daemon-reload
    69                     if [ $RUN_DAEMON = 'true' ]; then
    70                             systemctl enable i2p.service
    71                     else
    72                             systemctl disable i2p.service
    73                     fi
    74             fi
    75         fi
     69#        if [ -e "$systemdservice" ]; then
     70#            sed -e "s/User=.*/User=$I2PUSER/" < "$systemdservice" > "$systemdservice.tmp"
     71#            mv -f "$systemdservice.tmp" "$systemdservice"
     72#            chmod 0644 -f "$systemdservice"
     73#            if grep -q 'systemd' /proc/1/comm > /dev/null 2>&1; then
     74#                systemctl --system daemon-reload
     75#                if [ $RUN_DAEMON = 'true' ]; then
     76#                    systemctl enable i2p.service
     77#                else
     78#                    systemctl disable i2p.service
     79#                fi
     80#            fi
     81#        fi
    7682
    7783        sed -e "s/^ *wrapper\.java\.maxmemory=.*/wrapper\.java\.maxmemory=$MEMORYLIMIT/" \
     
    118124
    119125exit 0
     126# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4
Note: See TracChangeset for help on using the changeset viewer.