[yocto] [meta-security][PATCH] trousers: make initscript more reliable
André Draszik
git at andred.net
Wed Nov 1 04:16:32 PDT 2017
From: André Draszik <adraszik at tycoint.com>
The combination of using start-stop-daemon and pidof is
not working reliably in all cases. Sometimes, the
tcsd daemon isn't running yet at the time pidof is being
invoked.
This results in an empty /var/run/tcsd.pid, making it
impossible to stop tcsd using the init script.
To solve this, one could either add a delay before calling
pidof, or alternatively use start-stop-daemon's built-in
functionality to achieve the same.
Let's do the latter.
Signed-off-by: André Draszik <adraszik at tycoint.com>
---
meta-tpm/recipes-tpm/trousers/files/trousers.init.sh | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/meta-tpm/recipes-tpm/trousers/files/trousers.init.sh b/meta-tpm/recipes-tpm/trousers/files/trousers.init.sh
index 0ecf7cc..d0d6cb3 100644
--- a/meta-tpm/recipes-tpm/trousers/files/trousers.init.sh
+++ b/meta-tpm/recipes-tpm/trousers/files/trousers.init.sh
@@ -33,10 +33,12 @@ case "${1}" in
exit 0
fi
- start-stop-daemon --start --quiet --oknodo --pidfile /var/run/${NAME}.pid --user ${USER} --chuid ${USER} --exec ${DAEMON} -- ${DAEMON_OPTS}
+ start-stop-daemon --start --quiet --oknodo \
+ --pidfile /var/run/${NAME}.pid --make-pidfile --background \
+ --user ${USER} --chuid ${USER} \
+ --exec ${DAEMON} -- ${DAEMON_OPTS} --foreground
RETVAL="$?"
echo "$NAME."
- [ "$RETVAL" = 0 ] && pidof $DAEMON > /var/run/${NAME}.pid
exit $RETVAL
;;
--
2.15.0.rc1
More information about the yocto
mailing list