Package: fetchmail
Version: 6.3.26-1
Severity: normal
Tags: patch
When an init script creates a directory it needs to run restorecon to ensure
that the correct SE Linux context is used. I have attached a patch to do this.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages fetchmail depends on:
ii adduser 3.113+nmu3
ii debianutils 4.4
ii libc6 2.19-4
ii libcomerr2 1.42.10-1
ii libgssapi-krb5-2 1.12.1+dfsg-3
ii libkrb5-3 1.12.1+dfsg-3
ii libssl1.0.0 1.0.1h-3
ii lsb-base 4.1+Debian13
Versions of packages fetchmail recommends:
ii ca-certificates 20140325
Versions of packages fetchmail suggests:
pn fetchmailconf <none>
ii postfix [mail-transport-agent] 2.11.1-1
pn resolvconf <none>
-- Configuration Files:
/etc/default/fetchmail changed:
START_DAEMON=yes
/etc/init.d/fetchmail changed:
set -e
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/bin/fetchmail
USER=fetchmail
OPTIONS=""
CONFFILE="/etc/fetchmailrc"
PIDFILE="/var/run/fetchmail/fetchmail.pid"
UIDL="/var/lib/fetchmail/.fetchmail-UIDL-cache"
START_DAEMON="no"
.. /lib/lsb/init-functions
if [ -r /etc/default/fetchmail ]; then
. /etc/default/fetchmail
fi
OPTIONS="$OPTIONS -f $CONFFILE --pidfile $PIDFILE"
if [ ! "x$START_DAEMON" = "xyes" -a ! "$1" = "status" ]; then
log_action_msg "Not starting fetchmail daemon, disabled via
/etc/default/fetchmail"
exit 0
fi
if [ ! -e $CONFFILE ]; then
log_failure_msg "$CONFFILE not found."
log_failure_msg "can not start fetchmail daemon... consider disabling the
script"
exit 6
fi
test -f $DAEMON || exit 0
if [ "$1" = "start" ]; then
if [ ! -r $CONFFILE ] ; then
log_failure_msg "$CONFFILE found but not readable."
exit 0
fi
fi
if ! id $USER >/dev/null 2>&1; then
if [ "$USER" = "fetchmail" ]; then
# The fetchmail user might have been removed when the
fetchmail-common
# package is purged. We have to re-add it here so the
system-wide
# daemon will run.
adduser --system --ingroup nogroup --home /var/lib/fetchmail \
--shell /bin/sh --disabled-password fetchmail
>/dev/null 2>&1 || true
# work around possible adduser bug, see #119366
[ -d /var/lib/fetchmail ] || mkdir -p /var/lib/fetchmail
chmod 700 /var/lib/fetchmail
chown -h -R fetchmail:nogroup /var/lib/fetchmail
[ -x /sbin/restorecon ] && /sbin/restorecon /var/lib/fetchmail
else
log_failure_msg "$0: $USER user does not exist!"
exit 1
fi
fi
if ! grep -qs '^[[:space:]]*set[[:space:]]\+daemon[[:space:]]' "$CONFFILE"; then
# Make sure user did not use -d on /etc/default/fetchmail
if ! grep -qs -e '^[[:space:]]*OPTIONS=.*-d[[:space:]]*[[:digit:]]\+'
"/etc/default/fetchmail"; then
OPTIONS="$OPTIONS -d 300"
fi
fi
if ! grep -qs '^[[:space:]]*set[[:space:]]\+no[[:space:]]\+syslog' "$CONFFILE";
then
OPTIONS="$OPTIONS --syslog"
fi
if [ "${PIDFILE%/*}" = "/var/run/fetchmail" ] && [ ! -d ${PIDFILE%/*} ] && [
"$1" != "status" ]; then
mkdir /var/run/fetchmail
chown -h $USER:nogroup /var/run/fetchmail
chmod 700 /var/run/fetchmail
[ -x /sbin/restorecon ] && /sbin/restorecon /var/run/fetchmail
fi
if [ -f $CONFFILE -a "`stat -c '%U %a' $CONFFILE 2>/dev/null`" != "$USER 600"
]; then
chown -h $USER $CONFFILE
chmod -f 0600 $CONFFILE
fi
case "$1" in
start)
if test -e $PIDFILE ; then
pid=`cat $PIDFILE | sed -e 's/\s.*//'|head -n1`
PIDDIR=/proc/$pid
if [ -d ${PIDDIR} -a "$(readlink -f ${PIDDIR}/exe)" =
"${DAEMON}" ]; then
log_failure_msg "fetchmail already started; not
starting."
exit 0
else
log_warning_msg "Removing stale PID file
$PIDFILE."
rm -f $PIDFILE
fi
fi
log_begin_msg "Starting mail retriever agent:" "fetchmail"
if start-stop-daemon -S -o -q -p $PIDFILE -x $DAEMON -u $USER
-c $USER -- $OPTIONS; then
log_end_msg 0
else
log_end_msg 1
exit 1
fi
;;
status)
status_of_proc $DAEMON fetchmail -p $PIDFILE
;;
stop)
if ! test -e $PIDFILE ; then
log_failure_msg "Pidfile not found! Is fetchmail
running?"
exit 0
fi
log_begin_msg "Stopping mail retriever agent:" "fetchmail"
if start-stop-daemon -K -o -q -p $PIDFILE -x $DAEMON -u $USER;
then
log_end_msg 0
else
log_end_msg 1
exit 1
fi
;;
force-reload|restart)
log_begin_msg "Restarting mail retriever agent:" "fetchmail"
if ! start-stop-daemon -K -o -q -p $PIDFILE -x $DAEMON -u
$USER; then
log_end_msg 1
exit 1
fi
sleep 1
if start-stop-daemon -S -q -p $PIDFILE -x $DAEMON -u $USER -c
$USER -- $OPTIONS; then
log_end_msg 0
else
log_end_msg 1
exit 1
fi
;;
try-restart)
if test -e $PIDFILE ; then
pid=`cat $PIDFILE | sed -e 's/\s.*//'|head -n1`
PIDDIR=/proc/$pid
if [ -d ${PIDDIR} -a "$(readlink -f ${PIDDIR}/exe)" =
"${DAEMON}" ]; then
$0 restart
exit 0
fi
fi
test -f /etc/rc`/sbin/runlevel | cut -d' ' -f2`.d/S*fetchmail*
&& $0 start
;;
awaken)
log_begin_msg "Awakening mail retriever agent:" "fetchmail"
if [ -s $PIDFILE ]; then
start-stop-daemon -K -s 10 -q -p $PIDFILE -x $DAEMON
log_end_msg 0
exit 0
else
log_end_msg 1
exit 1
fi
;;
debug-run)
echo "$0: Initiating debug run of system-wide fetchmail
service..." 1>&2
echo "$0: script will be run in debug mode, all output to
forced to" 1>&2
echo "$0: stdout. This is not enough to debug failures that
only" 1>&2
echo "$0: happen in daemon mode." 1>&2
echo "$0: You might want to direct output to a file, and tail
-f it." 1>&2
if [ "$2" = "strace" ]; then
echo "$0: (running debug mode under strace. See
strace(1) for options)" 1>&2
echo "$0: WARNING: strace output may contain
security-sensitive info, such as" 1>&2
echo "$0: passwords; please clobber them before sending
the strace file to a" 1>&2
echo "$0: public bug tracking system, such as
Debian's." 1>&2
fi
echo "$0: Stopping the service..." 1>&2
"$0" stop
echo "$0: exit status of service stop was: $?"
echo "$0: RUNUSER is $USER"
echo "$0: OPTIONS would be $OPTIONS"
echo "$0: Starting service in nodetach mode, hit ^C
(SIGINT/intr) to finish run..." 1>&2
if [ "$2" = "strace" ] ; then
shift
shift
[ $# -ne 0 ] && echo "$0: (strace options are: -tt $@)"
1>&2
su -s /bin/sh -c "/usr/bin/strace -tt $* $DAEMON
$OPTIONS --nosyslog --nodetach -v -v" $USER <&- 2>&1
else
su -s /bin/sh -c "$DAEMON $OPTIONS --nosyslog
--nodetach -v -v" $USER <&- 2>&1
fi
echo "$0: End of service run. Exit status was: $?"
exit 0
;;
*)
log_warning_msg "Usage: /etc/init.d/fetchmail
{start|stop|restart|force-reload|awaken|debug-run}"
log_warning_msg " start - starts system-wide fetchmail service"
log_warning_msg " stop - stops system-wide fetchmail service"
log_warning_msg " restart, force-reload - starts a new
system-wide fetchmail service"
log_warning_msg " awaken - tell system-wide fetchmail to start
a poll cycle immediately"
log_warning_msg " debug-run [strace [strace options...]] -
start a debug run of the"
log_warning_msg " system-wide fetchmail service, optionally
running it under strace"
exit 1
;;
esac
exit 0
-- no debconf information
--- fetchmail.orig 2014-06-25 13:51:21.306812795 +1000
+++ fetchmail 2014-06-25 13:52:28.779261043 +1000
@@ -78,6 +78,7 @@
[ -d /var/lib/fetchmail ] || mkdir -p /var/lib/fetchmail
chmod 700 /var/lib/fetchmail
chown -h -R fetchmail:nogroup /var/lib/fetchmail
+ [ -x /sbin/restorecon ] && /sbin/restorecon /var/lib/fetchmail
else
log_failure_msg "$0: $USER user does not exist!"
exit 1
@@ -102,6 +103,7 @@
mkdir /var/run/fetchmail
chown -h $USER:nogroup /var/run/fetchmail
chmod 700 /var/run/fetchmail
+ [ -x /sbin/restorecon ] && /sbin/restorecon /var/run/fetchmail
fi
# sanity check
