summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Service.hs
diff options
context:
space:
mode:
authorJoey Hess2017-11-17 21:58:39 -0400
committerJoey Hess2017-11-17 21:58:53 -0400
commit6dae019be9ebed76f282ec3cb258df7bf5891320 (patch)
tree78925c38ea5c687ef50714e699e0aac8499efc99 /src/Propellor/Property/Service.hs
parent8afed0bae31d5f04b96764cdd6a636ef9b57dd52 (diff)
Service: Avoid starting services when noServices is used.
Reconsidered making services never run inside chroots, that seemed too potentially limiting. Using Info rather than checking policy-rc.d because it will also work outside of debian, but more because policy-rc.d has an extremely complicated interface and I didn't want to deal with it. This commit was sponsored by Jochen Bartl on Patreon.
Diffstat (limited to 'src/Propellor/Property/Service.hs')
-rw-r--r--src/Propellor/Property/Service.hs33
1 files changed, 32 insertions, 1 deletions
diff --git a/src/Propellor/Property/Service.hs b/src/Propellor/Property/Service.hs
index e6a69eb5..0bcfdb93 100644
--- a/src/Propellor/Property/Service.hs
+++ b/src/Propellor/Property/Service.hs
@@ -1,6 +1,11 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+
module Propellor.Property.Service where
import Propellor.Base
+import Propellor.Types.Info
+import qualified Propellor.Property.File as File
+import Utility.FileMode
type ServiceName = String
@@ -23,5 +28,31 @@ reloaded = signaled "reload" "reloaded"
signaled :: String -> Desc -> ServiceName -> Property DebianLike
signaled cmd desc svc = tightenTargets $ p `describe` (desc ++ " " ++ svc)
where
- p = scriptProperty ["invoke-rc.d " ++ shellEscape svc ++ " " ++ cmd ++ " >/dev/null 2>&1 || true"]
+ p = scriptProperty ["service " ++ shellEscape svc ++ " " ++ cmd ++ " >/dev/null 2>&1 || true"]
`assume` NoChange
+
+-- | This property prevents daemons and other services from being started,
+-- which is often something you want to prevent when building a chroot.
+--
+-- When this is set, `running` and `restarted` will not start services.
+--
+-- On Debian this installs a </usr/sbin/policy-rc.d> script to further
+-- prevent any packages that get installed from starting daemons.
+-- Reverting the property removes the script.
+noServices :: RevertableProperty (HasInfo + UnixLike) UnixLike
+noServices = (setup `setInfoProperty` toInfo (InfoVal NoServices)) <!> teardown
+ where
+ f = "/usr/sbin/policy-rc.d"
+ script = [ "#!/bin/sh", "exit 101" ]
+ setup = combineProperties "no services started" $ toProps
+ [ File.hasContent f script
+ , File.mode f (combineModes (readModes ++ executeModes))
+ ]
+ teardown = File.notPresent f
+
+-- | Check if the noServices property is in effect.
+checkNoServices :: Propellor Bool
+checkNoServices = isJust . fromInfoVal
+ <$> (askInfo :: Propellor (InfoVal NoServices))
+
+data NoServices = NoServices deriving (Eq, Show, Typeable)