From 0993e1996b8301735f06cc2bd745e3e89e3a0827 Mon Sep 17 00:00:00 2001
From: Denis Pynkin <denis.pynkin@collabora.com>
Date: Mon, 16 Oct 2017 12:24:40 +0300
Subject: [PATCH] commands: disable services for commands running in chroot

Disabled services start/stop for commands running in chroot.
This also prevents services from start during packages install.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
---
 commands.go |  7 +++++
 os.go       | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 81 insertions(+)
 create mode 100644 os.go

diff --git a/commands.go b/commands.go
index 7d29ab29..6e418b00 100644
--- a/commands.go
+++ b/commands.go
@@ -125,6 +125,13 @@ func (cmd Command) Run(label string, cmdline ...string) error {
 		exe.Env = append(os.Environ(), cmd.extraEnv...)
 	}
 
+	// Disable services start/stop for commands running in chroot
+	if cmd.ChrootMethod != CHROOT_METHOD_NONE {
+		services := ServiceHelper{cmd.Chroot}
+		services.Deny()
+		defer services.Allow()
+	}
+
 	err := exe.Run()
 	w.flush()
 	q.Cleanup()
diff --git a/os.go b/os.go
new file mode 100644
index 00000000..67abba1e
--- /dev/null
+++ b/os.go
@@ -0,0 +1,74 @@
+package debos
+
+import (
+	"fmt"
+	"os"
+	"path"
+)
+
+const debianPolicyHelper = "/usr/sbin/policy-rc.d"
+
+/*
+ServiceHelper is used to manage services.
+Currently supports only debian-based family.
+*/
+
+type ServiceHelper struct {
+	Rootdir string
+}
+
+type ServicesManager interface {
+	Allow() error
+	Deny() error
+}
+
+/*
+Allow() allows to start/stop services on OS level.
+*/
+func (s *ServiceHelper) Allow() error {
+
+	helperFile := path.Join(s.Rootdir, debianPolicyHelper)
+
+	if _, err := os.Stat(helperFile); os.IsNotExist(err) {
+		return nil
+	}
+	if err := os.Remove(helperFile); err != nil {
+		return err
+	}
+	return nil
+}
+
+/*
+Deny() prohibits to start/stop services on OS level.
+*/
+func (s *ServiceHelper) Deny() error {
+
+	helperFile := path.Join(s.Rootdir, debianPolicyHelper)
+	var helper = []byte(`#!/bin/sh
+
+exit 101
+`)
+
+	if _, err := os.Stat(helperFile); os.IsExist(err) {
+		return fmt.Errorf("Policy helper file '%s' exists already", debianPolicyHelper)
+	}
+	if _, err := os.Stat(path.Dir(helperFile)); os.IsNotExist(err) {
+		// do not try to do something if ".../usr/sbin" is not exists
+		return nil
+	}
+	pf, err := os.Create(helperFile)
+	if err != nil {
+		return err
+	}
+	defer pf.Close()
+
+	if _, err := pf.Write(helper); err != nil {
+		return err
+	}
+
+	if err := pf.Chmod(0755); err != nil {
+		return err
+	}
+
+	return nil
+}