commit: cee394d24645d97a6904df90fd0ab960de4367ef Author: Marc Schiffbauer <mschiff <AT> gentoo <DOT> org> AuthorDate: Mon Sep 6 11:58:41 2021 +0000 Commit: Marc Schiffbauer <mschiff <AT> gentoo <DOT> org> CommitDate: Mon Sep 6 11:59:24 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cee394d2
app-backup/bareos: add workaround for #631598 Bug: https://bugs.gentoo.org/631598 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Marc Schiffbauer <mschiff <AT> gentoo.org> ...{bareos-18.2.10-r1.ebuild => bareos-18.2.10-r2.ebuild} | 0 ...{bareos-19.2.10-r1.ebuild => bareos-19.2.10-r2.ebuild} | 0 .../{bareos-20.0.2-r1.ebuild => bareos-20.0.2-r2.ebuild} | 0 app-backup/bareos/files/bareos-dir.initd | 15 ++++++++++++--- app-backup/bareos/files/bareos-sd.initd | 15 ++++++++++++--- 5 files changed, 24 insertions(+), 6 deletions(-) diff --git a/app-backup/bareos/bareos-18.2.10-r1.ebuild b/app-backup/bareos/bareos-18.2.10-r2.ebuild similarity index 100% rename from app-backup/bareos/bareos-18.2.10-r1.ebuild rename to app-backup/bareos/bareos-18.2.10-r2.ebuild diff --git a/app-backup/bareos/bareos-19.2.10-r1.ebuild b/app-backup/bareos/bareos-19.2.10-r2.ebuild similarity index 100% rename from app-backup/bareos/bareos-19.2.10-r1.ebuild rename to app-backup/bareos/bareos-19.2.10-r2.ebuild diff --git a/app-backup/bareos/bareos-20.0.2-r1.ebuild b/app-backup/bareos/bareos-20.0.2-r2.ebuild similarity index 100% rename from app-backup/bareos/bareos-20.0.2-r1.ebuild rename to app-backup/bareos/bareos-20.0.2-r2.ebuild diff --git a/app-backup/bareos/files/bareos-dir.initd b/app-backup/bareos/files/bareos-dir.initd index 9f17f212e4a..462ff07843a 100644 --- a/app-backup/bareos/files/bareos-dir.initd +++ b/app-backup/bareos/files/bareos-dir.initd @@ -1,5 +1,5 @@ #!/sbin/openrc-run -# Copyright 1999-2014 Gentoo Foundation +# Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 depend() { @@ -8,14 +8,23 @@ depend() { start() { ebegin "Starting bareos director" - checkpath -d -m 0750 -o root:bareos /run/bareos + # g+w until #631598 is resolved + checkpath -d -m 0770 -o root:bareos /run/bareos start-stop-daemon --start --quiet --exec /usr/sbin/bareos-dir \ -- ${DIR_OPTIONS} + # harden pid file until #631598 is resolved + ewaitfile 10 /run/bareos/bareos-dir.9101.pid + chown root:bareos /run/bareos/bareos-dir.9101.pid eend $? } stop() { ebegin "Stopping bareos director" - start-stop-daemon --stop --quiet --pidfile /run/bareos/bareos-dir.*.pid + # check pid file until #631598 is resolved + if [[ $(stat -c %U /run/bareos/bareos-dir.9101.pid) != "root" ]]; then + eerror "SECURITY ALERT: pid file is not root owned anymore?! (see #631598)" + else + start-stop-daemon --stop --quiet --pidfile /run/bareos/bareos-dir.9101.pid + fi eend $? } diff --git a/app-backup/bareos/files/bareos-sd.initd b/app-backup/bareos/files/bareos-sd.initd index 4f7fbcb52bf..97b9ccdc92f 100644 --- a/app-backup/bareos/files/bareos-sd.initd +++ b/app-backup/bareos/files/bareos-sd.initd @@ -1,5 +1,5 @@ #!/sbin/openrc-run -# Copyright 1999-2014 Gentoo Foundation +# Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 depend() { @@ -8,14 +8,23 @@ depend() { start() { ebegin "Starting bareos storage daemon" - checkpath -d -m 0750 -o root:bareos /run/bareos + # g+w until #631598 is resolved + checkpath -d -m 0770 -o root:bareos /run/bareos start-stop-daemon --start --quiet --exec /usr/sbin/bareos-sd \ -- ${SD_OPTIONS} + # harden pid file until #631598 is resolved + ewaitfile 10 /run/bareos/bareos-sd.9103.pid + chown root:bareos /run/bareos/bareos-sd.9103.pid eend $? } stop() { ebegin "Stopping bareos storage daemon" - start-stop-daemon --stop --quiet --pidfile /run/bareos/bareos-sd.*.pid + # check pid file until #631598 is resolved + if [[ $(stat -c %U /run/bareos/bareos-sd.9103.pid) != "root" ]]; then + eerror "SECURITY ALERT: pid file is not root owned anymore?! (see #631598)" + else + start-stop-daemon --stop --quiet --pidfile /run/bareos/bareos-sd.9103.pid + fi eend $? }
