Control: tags -1 + patch
On Sat, Dec 30, 2023 at 08:34:47AM +0100, molly-guard wrote:
> when trying to reboot the system molly-guard is unable to perform it's task:
>
> root@server:~# reboot
> W: molly-guard: SSH session detected!
> Please type in hostname of the machine to reboot: server
> E: unsupported command: reboot.no-molly-guard
> root@server:~#
Seems like I didn't test this particular case. Thanks to Chris
Hofstaedler for pointing me at this. The crux is that reboot is a
symlink to halt. Thus when molly-guard forwards to the
reboot.no-molly-guard, the symlink points at halt which also is a
symlink and points at molly-guard. I didn't anticipate this recursion
and it probably is why molly-guard originally moved the tools to a
different directory.
What I can offer now is checking whether the resolved EXEC points back
at molly-guard (using test -ef) and when that happens resolve the
symlink once (not twice) to append the .no-molly-guard again. And then
it actually works. It just feels like we're piling ever more duct tape
onto it.
On the flip side, there really isn't much of an option. We can either
leave the diverted files in the same directory (as I changed it to) and
then we need to do this manual resolution of symlinks as the argv[0]
information is lost by the shell or we could revert back to the original
implementation where we'd leave the basename as is (except for
.usr-is-merged) and then still have to resolve the symlink manually,
because the relocated links may have become dangling.
Really there is one way to get out of this and that's renaming
/usr/lib/molly-guard to /usr/molly-guard. Then, all the symlinks resolve
correctly:
* sysv: /usr/molly-guard/reboot -> halt = /usr/molly-guard/halt works
* sysv: /usr/molly-guard/halt works
* systemd: /usr/molly-guard/poweroff -> ../bin/systemctl =
/usr/bin/systemctl works
This is a FHS violation though, so I think the best we can do is the
attached patch.
Helmut
diff --minimal -Nru molly-guard-0.8.3/debian/changelog
molly-guard-0.8.3+nmu1/debian/changelog
--- molly-guard-0.8.3/debian/changelog 2023-12-22 23:23:25.000000000 +0100
+++ molly-guard-0.8.3+nmu1/debian/changelog 2023-12-30 16:58:24.000000000
+0100
@@ -1,3 +1,10 @@
+molly-guard (0.8.3+nmu1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix with sysvinit. (Closes: #1059691)
+
+ -- Helmut Grohne <hel...@subdivi.de> Sat, 30 Dec 2023 16:58:24 +0100
+
molly-guard (0.8.3) unstable; urgency=medium
* Upload to unstable
diff --minimal -Nru molly-guard-0.8.3/shutdown.in
molly-guard-0.8.3+nmu1/shutdown.in
--- molly-guard-0.8.3/shutdown.in 2023-12-22 23:23:25.000000000 +0100
+++ molly-guard-0.8.3+nmu1/shutdown.in 2023-12-30 16:55:06.000000000 +0100
@@ -22,6 +22,16 @@
exit 4
fi
fi
+ if [ "$EXEC" -ef /usr/lib/molly-guard/molly-guard ]; then
+ # Symlink forwards to ourselves. Resolve!
+ LINKTARGET=$(readlink "$EXEC")
+ if ! EXEC=$(command -v "$LINKTARGET.no-molly-guard"); then
+ if ! EXEC=$(command -v "$LINKTARGET.no-molly-guard.usr-is-merged");
then
+ echo "E: not a regular file $EXEC" >&2
+ exit 4
+ fi
+ fi
+ fi
if [ ! -x $EXEC ]; then
echo "E: not an executable: $EXEC" >&2
exit 3
