rkhunter thinks OpenRC is a rootkit because of the hidefirstrout
variable. This has been renamed to hideFirstroute in order to get past
rkhunter.
I realize this is not an openrc bug. In this case though I do not have a
problem renaming the variable.
Reported-by: ago@gentoo.org
X-Gentoo-Bug: 339714
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=339714
The /run directory is a mount point for a tmpfs and should not contain
any files or directories. This cleans out the /run/openrc
symlink and any other files which were incorrectly placed in /run.
Thanks to Ian Stakenvicius for pointing out this solution.
For devices that are always connected (e.g. ethernet cards), the current
carrier always wastes time by sleeping for 1 second. This is because the
code sleeps first, then checks for carrier. Invert the order so that we
return quickly for devices already active. For devices which are not yet
up, there shouldn't be any real difference.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Add a test when localmount is started to determine if /usr is mounted
from inside an initramfs for Linux systems. If it is not, we can unmount it when
localmount stops.
On *bsd systems, we always unmount /usr if it is separate.
Reported-by: ryao@gentoo.org
In a pathname expansion, specifically single-character match, the pure
POSIX specification uses '!' as the Negation character where a regular
expression would normally be '^'.
Regular expression: "a[^a]a"
Pathname expansion pattern: "a[!a]a"
Reference:
IEEE Std 1003.1, 2004 Edition
2. Shell Command Language
2.13 Pattern Matching Notation
2.13.1 Patterns Matching a Single Character
> The description of basic regular expression bracket expressions in the
> Base Definitions volume of IEEE Std 1003.1-2001, Section 9.3.5, RE
> Bracket Expression shall also apply to the pattern bracket expression,
> except that the exclamation mark character ( '!' ) shall replace the
> circumflex character ( '^' ) in its role in a "non-matching list" in
> the regular expression notation. A bracket expression starting with an
> unquoted circumflex character produces unspecified results.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Initially, we were creating tmpfiles entries in the sysinit runlevel and
again in the boot runlevel. Systemd runs the --create and --remove
options in one service called systemd-tmpfiles-setup after the local
file systems are mounted. Now we have a service called tmpfiles.setup
which emulates this.
This also closes the bug mentioned below, since we were originally
writing to files that were on read-only file systems and that were not
available.
Reported-by: <devurandom@gmx.net>
X-Gentoo-Bug: 439012
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=439012
Some types of interfaces do not have a carrier, so it doesn't make sense
to automatically wait for one.
Reported-by: <rose@rz.uni-potsdam.de>
X-Gentoo-Bug: 438970
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=438970
There were references in the devfs script to mdev, udev and
udev-mount. These all provide the virtuals dev and dev-mount; that is
how we should refer to them.
I believe in the discussion I had with Tony and Robin about this, we
were going to change the "use" line to "need". However, after thinking
that over, I'm not comfortable doing so because someone could be running
a static /dev with no device manager.
Reported-by: <tokiclover@gmail.com>
X-Gentoo-Bug: 438932
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=438932
Now that the tmpfiles.d code is more tested, actually call it from
init.d. It assumes that /run is already available when it runs.
Please note it runs TWICE.
- During sysinit, ideally just after /dev/shm is created, but before
udev has started. After udev is also acceptable, but not ideal.
- During boot, ideally just after localmount has completed.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Using the new dev-mount virtual, with udev-mount included until new udev
version is rolled out, we run devfs earlier now, before udev/mdev.
It only needs (u)dev-mount before it, so that /dev is mounted.
This opens the way for tmpfiles.d, which needs to be sandwiched in the
middle.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Urandom should not run in lxc containers since it is provided by the
host.
Reported-by: <walter@pratyeka.org>
X-Gentoo-Bug: 436270
X-Gentoo-Bug-URL: http://bugs.gentoo.org/436270
Since nfs and nfs4 file systems require extra daemons to be running on
the client to function properly, netmount should not try to handle these
file systems.
Reported-by: <devurandom@gmx.net>
X-Gentoo-Bug: 427996
X-Gentoo-Bug-URL: http://bugs.gentoo.org/show_bug.cgi?id=427996
This is needed in case of a read-only root filesystem such as a diskless
client.
Reported-by: <walter@pratyeka.org>
X-Gentoo-Bug: 430382
X-Gentoo-Bug-URL: http://bugs.gentoo.org/show_bug.cgi?id=430382
If CONFIG_SWAP is turned off in the kernel, this file may not exist. In
that case, we should not try to read from it.
reported-by: <walter@pratyeka.org>
X-Gentoo-Bug: 430378
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=430378
The OpenRC upstream default network stack was changed, but there was no
reason to change it. Now since we have the MKNET build switch, it is
easy for the gentoo ebuild to install oldnet by default.
The upstream default is newnet.
The MKNET variable can be used to select the network stack you want to
build and install with OpenRC.
The current default is the gentoo "oldnet" stack. If you want to install
the OpenRC newnet stack, use MKNET=newnet on the make command line.
This reverts commit 5994e55937.
There are situations where these scripts can be useful, so I am bringing
them back. Also, I want to start discussions about simplifying the
OpenRC network stack.