summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Chroot.hs
diff options
context:
space:
mode:
authorJoey Hess2017-11-17 21:58:39 -0400
committerJoey Hess2017-11-17 21:58:53 -0400
commit6dae019be9ebed76f282ec3cb258df7bf5891320 (patch)
tree78925c38ea5c687ef50714e699e0aac8499efc99 /src/Propellor/Property/Chroot.hs
parent8afed0bae31d5f04b96764cdd6a636ef9b57dd52 (diff)
Service: Avoid starting services when noServices is used.
Reconsidered making services never run inside chroots, that seemed too potentially limiting. Using Info rather than checking policy-rc.d because it will also work outside of debian, but more because policy-rc.d has an extremely complicated interface and I didn't want to deal with it. This commit was sponsored by Jochen Bartl on Patreon.
Diffstat (limited to 'src/Propellor/Property/Chroot.hs')
-rw-r--r--src/Propellor/Property/Chroot.hs22
1 files changed, 0 insertions, 22 deletions
diff --git a/src/Propellor/Property/Chroot.hs b/src/Propellor/Property/Chroot.hs
index ea8b1407..0dd1f05a 100644
--- a/src/Propellor/Property/Chroot.hs
+++ b/src/Propellor/Property/Chroot.hs
@@ -9,7 +9,6 @@ module Propellor.Property.Chroot (
ChrootBootstrapper(..),
Debootstrapped(..),
ChrootTarball(..),
- noServices,
inChroot,
exposeTrueLocaldir,
-- * Internal use
@@ -32,7 +31,6 @@ import qualified Propellor.Property.Systemd.Core as Systemd
import qualified Propellor.Property.File as File
import qualified Propellor.Shim as Shim
import Propellor.Property.Mount
-import Utility.FileMode
import Utility.Split
import qualified Data.Map as M
@@ -257,26 +255,6 @@ mungeloc = replace "/" "_"
chrootDesc :: Chroot -> String -> String
chrootDesc (Chroot loc _ _ _) desc = "chroot " ++ loc ++ " " ++ desc
--- | Adding this property to a chroot prevents daemons and other services
--- from being started, which is often something you want to prevent when
--- building a chroot.
---
--- On Debian, this is accomplished by installing a </usr/sbin/policy-rc.d>
--- script that does not let any daemons be started by packages that use
--- invoke-rc.d. Reverting the property removes the script.
---
--- This property has no effect on non-Debian systems.
-noServices :: RevertableProperty UnixLike UnixLike
-noServices = setup <!> teardown
- where
- f = "/usr/sbin/policy-rc.d"
- script = [ "#!/bin/sh", "exit 101" ]
- setup = combineProperties "no services started" $ toProps
- [ File.hasContent f script
- , File.mode f (combineModes (readModes ++ executeModes))
- ]
- teardown = File.notPresent f
-
-- | Check if propellor is currently running within a chroot.
--
-- This allows properties to check and avoid performing actions that