diff options
Diffstat (limited to 'app-backup/bareos/files/bareos-dir.initd')
-rw-r--r-- | app-backup/bareos/files/bareos-dir.initd | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/app-backup/bareos/files/bareos-dir.initd b/app-backup/bareos/files/bareos-dir.initd index 9f17f212e4a4..462ff07843a2 100644 --- a/app-backup/bareos/files/bareos-dir.initd +++ b/app-backup/bareos/files/bareos-dir.initd @@ -1,5 +1,5 @@ #!/sbin/openrc-run -# Copyright 1999-2014 Gentoo Foundation +# Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 depend() { @@ -8,14 +8,23 @@ depend() { start() { ebegin "Starting bareos director" - checkpath -d -m 0750 -o root:bareos /run/bareos + # g+w until #631598 is resolved + checkpath -d -m 0770 -o root:bareos /run/bareos start-stop-daemon --start --quiet --exec /usr/sbin/bareos-dir \ -- ${DIR_OPTIONS} + # harden pid file until #631598 is resolved + ewaitfile 10 /run/bareos/bareos-dir.9101.pid + chown root:bareos /run/bareos/bareos-dir.9101.pid eend $? } stop() { ebegin "Stopping bareos director" - start-stop-daemon --stop --quiet --pidfile /run/bareos/bareos-dir.*.pid + # check pid file until #631598 is resolved + if [[ $(stat -c %U /run/bareos/bareos-dir.9101.pid) != "root" ]]; then + eerror "SECURITY ALERT: pid file is not root owned anymore?! (see #631598)" + else + start-stop-daemon --stop --quiet --pidfile /run/bareos/bareos-dir.9101.pid + fi eend $? } |