kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

mail/rspamd: Fix unprivileged execution in rc.d and SMF.

Browse source
This commit is contained in:
fhajny 2018-02-01 09:07:23 +00:00
parent e89ad5fcd8
commit b0bb884ff4
3 changed files with 32 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
mail/rspamd/Makefile
View file

@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.32 2017/11/30 16:45:30 adam Exp $
# $NetBSD: Makefile,v 1.33 2018/02/01 09:07:23 fhajny Exp $
DISTNAME= rspamd-1.6.1
PKGREVISION= 2
PKGREVISION= 3
CATEGORIES= mail
MASTER_SITES= ${MASTER_SITE_GITHUB:=vstakhov/}
@ -42,6 +42,9 @@ LOGDIR= ${VARBASE}/log/rspamd
DBDIR= ${VARBASE}/db/rspamd
RUNDIR= ${VARBASE}/run/rspamd
FILES_SUBST+= RSPAMD_USER=${RSPAMD_USER}
FILES_SUBST+= RSPAMD_GROUP=${RSPAMD_GROUP}
RCD_SCRIPTS= rspamd
CMAKE_ARGS+= -DMANDIR:PATH=${PREFIX}/${PKGMANDIR}

4
mail/rspamd/files/rspamd.sh
View file

@ -1,6 +1,6 @@
#!@RCD_SCRIPTS_SHELL@
#
# $NetBSD: rspamd.sh,v 1.1 2017/03/20 14:15:16 wiz Exp $
# $NetBSD: rspamd.sh,v 1.2 2018/02/01 09:07:23 fhajny Exp $
#
# PROVIDE: rspamd
# REQUIRE: DAEMON
@ -14,7 +14,7 @@ name="rspamd"
rcvar=$name
command="@PREFIX@/bin/rspamd"
pidfile="@VARBASE@/run/rspamd/${name}.pid"
command_args="-c @PKG_SYSCONFDIR@/rspamd.conf"
command_args="-u @RSPAMD_USER@ -g @RSPAMD_GROUP@ -c @PKG_SYSCONFDIR@/rspamd.conf"
required_files="@PKG_SYSCONFDIR@/rspamd.conf"
start_precmd="rspamd_precmd"

66
mail/rspamd/files/smf/manifest.xml
View file

@ -1,45 +1,29 @@
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="manifest" name="export">
<service name="@SMF_PREFIX@/@SMF_NAME@" type="service" version="1">
<create_default_instance enabled="false"/>
<single_instance/>
<dependency name="network" grouping="require_all" restart_on="error" type="service">
<service_fmri value="svc:/milestone/network:default"/>
</dependency>
<dependency name="filesystem" grouping="require_all" restart_on="error" type="service">
<service_fmri value="svc:/system/filesystem/local"/>
</dependency>
<method_context>
</method_context>
<exec_method type="method" name="start" exec="@PREFIX@/bin/rspamd -i -f -c %{config_file}" timeout_seconds="60"/>
<exec_method type="method" name="stop" exec=":kill" timeout_seconds="60"/>
<property_group name="startd" type="framework">
<propval name="duration" type="astring" value="child"/>
<propval name="ignore_error" type="astring" value="core,signal"/>
</property_group>
<property_group name="application" type="application">
<propval name="config_file" type="astring" value="@PKG_SYSCONFDIR@/rspamd.conf"/>
</property_group>
<template>
<common_name>
<loctext xml:lang="C">
Rspamd spam filtering system.
</loctext>
</common_name>
</template>
</service>
<service name="@SMF_PREFIX@/@SMF_NAME@" type="service" version="1">
<create_default_instance enabled="false" />
<single_instance />
<dependency name="network" grouping="require_all" restart_on="error" type="service">
<service_fmri value="svc:/milestone/network:default" />
</dependency>
<dependency name="filesystem" grouping="require_all" restart_on="error" type="service">
<service_fmri value="svc:/system/filesystem/local" />
</dependency>
<method_context></method_context>
<exec_method type="method" name="start" exec="@PREFIX@/bin/rspamd -u @RSPAMD_USER@ -g @RSPAMD_USER@ -c %{config_file}" timeout_seconds="60" />
<exec_method type="method" name="stop" exec=":kill" timeout_seconds="60" />
<property_group name="startd" type="framework">
<propval name="duration" type="astring" value="contract" />
<propval name="ignore_error" type="astring" value="core,signal" />
</property_group>
<property_group name="application" type="application">
<propval name="config_file" type="astring" value="@PKG_SYSCONFDIR@/rspamd.conf" />
</property_group>
<template>
<common_name>
<loctext xml:lang="C">Rspamd spam filtering system.</loctext>
</common_name>
</template>
</service>
</service_bundle>