Add openrc service

- ./init -> ./extra (there's more than just init stuff here) - systemd unit -> extra/systemd - new ./extra/openrc/{init,conf}.d/fapolicy
linux-application-whitelisting · Dec 3, 2023 · c2a8d09 · c2a8d09
1 parent d81d838
commit c2a8d09
Show file tree

Hide file tree

Showing 14 changed files with 62 additions and 36 deletions.
diff --git a/Makefile.am b/Makefile.am
@@ -1,5 +1,5 @@
 
-SUBDIRS = src init doc rules.d
+SUBDIRS = src extra doc rules.d
 EXTRA_DIST = ChangeLog AUTHORS NEWS README.md INSTALL fapolicyd.spec dnf/fapolicyd-dnf-plugin.py autogen.sh
 
 clean-generic:

diff --git a/configure.ac b/configure.ac
@@ -82,7 +82,6 @@ use_deb=$withval,use_deb=no)
 if test x$use_deb = xyes ; then
     AC_CHECK_LIB(dpkg, pkg_array_init_from_hash, , [AC_MSG_ERROR([libdpkg not found])], -ldpkg)
     AC_DEFINE(USE_DEB,1,[Define if you want to use the deb database as trust source.])
-    AC_CHECK_LIB(md, MD5Final, , [AC_MSG_ERROR([libmd is missing])], -lmd)
 fi
 AM_CONDITIONAL(WITH_DEB, test x$use_deb = xyes)
 
@@ -93,7 +92,6 @@ use_ebuild=$withval,use_ebuild=no)
 
 if test x$use_ebuild = xyes ; then
     AC_DEFINE(USE_EBUILD,1,[Define if you want to use the ebuild database as trust source.])
-    AC_CHECK_LIB(md, MD5Final, , [AC_MSG_ERROR([libmd is missing])], -lmd)
 fi
 AM_CONDITIONAL(WITH_EBUILD, test x$use_ebuild = xyes)
 
@@ -119,10 +117,11 @@ AC_CHECK_LIB(magic, magic_descriptor, , [AC_MSG_ERROR([libmagic not found])], -l
 AC_CHECK_LIB(cap-ng, capng_change_id, , [AC_MSG_ERROR([libcap-ng not found])], -lcap-ng)
 AC_CHECK_LIB(seccomp, seccomp_rule_add, , [AC_MSG_ERROR([libseccomp not found])], -lseccomp)
 AC_CHECK_LIB(lmdb, mdb_env_create, , [AC_MSG_ERROR([liblmdb not found])], -llmdb)
+AC_CHECK_LIB(md, MD5Final, , [AC_MSG_ERROR([libmd is missing])], -lmd)
 
 LD_SO_PATH
 
-AC_CONFIG_FILES([Makefile src/Makefile src/tests/Makefile init/Makefile doc/Makefile rules.d/Makefile])
+AC_CONFIG_FILES([Makefile src/Makefile src/tests/Makefile extra/Makefile doc/Makefile rules.d/Makefile])
 AC_OUTPUT
 
 echo .

diff --git a/extra/Makefile.am b/extra/Makefile.am
@@ -0,0 +1,38 @@
+EXTRA_DIST = \
+	data/fapolicyd-filter.conf \
+	data/fapolicyd.conf \
+	data/fapolicyd.trust \
+	openrc/conf.d/fapolicyd \
+	openrc/init.d/fapolicyd \
+	systemd/fapolicyd.service \
+	fapolicyd-tmpfiles.conf \
+	fapolicyd-magic \
+	fapolicyd.bash_completion \
+	fagenrules
+
+fapolicyddir = $(sysconfdir)/fapolicyd
+
+dist_fapolicyd_DATA = \
+	data/fapolicyd.conf \
+	data/fapolicyd-filter.conf \
+	data/fapolicyd.trust
+
+systemdservicedir = $(systemdsystemunitdir)
+dist_systemdservice_DATA = systemd/fapolicyd.service
+
+openrcinitdir = $(sysconfdir)/init.d
+dist_openrcinit_DATA = openrc/init.d/fapolicyd
+openrcconfdir = $(sysconfdir)/conf.d
+dist_openrcconf_DATA = openrc/conf.d/fapolicyd
+
+sbin_SCRIPTS = fagenrules
+
+completiondir = $(sysconfdir)/bash_completion.d/
+dist_completion_DATA = fapolicyd.bash_completion
+
+MAGIC = fapolicyd-magic.mgc
+pkgdata_DATA = ${MAGIC}
+CLEANFILES = ${MAGIC}
+
+${MAGIC}: $(EXTRA_DIST)
+	file -C -m ${top_srcdir}/extra/fapolicyd-magic
diff --git a/init/fapolicyd-filter.conf → extra/data/fapolicyd-filter.conf b/init/fapolicyd-filter.conf → extra/data/fapolicyd-filter.conf
diff --git a/init/fapolicyd.conf → extra/data/fapolicyd.conf b/init/fapolicyd.conf → extra/data/fapolicyd.conf
diff --git a/init/fapolicyd.trust → extra/data/fapolicyd.trust b/init/fapolicyd.trust → extra/data/fapolicyd.trust
diff --git a/init/fagenrules → extra/fagenrules b/init/fagenrules → extra/fagenrules
diff --git a/init/fapolicyd-magic → extra/fapolicyd-magic b/init/fapolicyd-magic → extra/fapolicyd-magic
@@ -13,7 +13,7 @@
 0	string/wt	#!\ /bin/rc		Plan 9 shell script text executable
 !:mime	text/x-plan9-shellscript
 
-0	string/wb	#!\ /usr/bin/ocamlrun	Ocaml byte-compiled executable 
+0	string/wb	#!\ /usr/bin/ocamlrun	Ocaml byte-compiled executable
 !:mime	application/x-bytecode.ocaml
 
 0	string/wt	#!\ /usr/bin/lua	Lua script text executable

diff --git a/init/fapolicyd-tmpfiles.conf → extra/fapolicyd-tmpfiles.conf b/init/fapolicyd-tmpfiles.conf → extra/fapolicyd-tmpfiles.conf
diff --git a/init/fapolicyd.bash_completion → extra/fapolicyd.bash_completion b/init/fapolicyd.bash_completion → extra/fapolicyd.bash_completion
diff --git a/extra/openrc/conf.d/fapolicyd b/extra/openrc/conf.d/fapolicyd
@@ -0,0 +1 @@
+fapolicyd_opts="--permissive --debug"
diff --git a/extra/openrc/init.d/fapolicyd b/extra/openrc/init.d/fapolicyd
@@ -0,0 +1,19 @@
+#!/sbin/openrc-run
+
+name=$RC_SVCNAME
+cfgfile="/etc/$RC_SVCNAME/$RC_SVCNAME.conf"
+command="/usr/sbin/fapolicyd"
+command_args="${fapolicyd_opts}"
+command_user="fapolicyd"
+pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid"
+
+# Depend on local disks being mounted
+depend() {
+	need localmount
+}
+
+# Before starting the service update the rulesfile in /etc/fapolicyd
+# from the fragments in /etc/fapolicyd/rules.d
+start_pre() {
+	/usr/sbin/fagenrules
+}
diff --git a/init/fapolicyd.service → extra/systemd/fapolicyd.service b/init/fapolicyd.service → extra/systemd/fapolicyd.service
diff --git a/init/Makefile.am b/init/Makefile.am