From 82880c28ed85f8b08d6eb9bca21e00a484c6ae3a Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Mon, 12 Jun 2017 10:00:04 +0200 Subject: [PATCH] committing changes in /etc after apt run Package changes: +at 3.1.16-1 +cgmanager 0.33-2+deb8u2 +dbus 1.8.22-0+deb8u1 +libcap-ng0 0.7.4-2 +libcgmanager0 0.33-2+deb8u2 +libdbus-1-3 1.8.22-0+deb8u1 +libnih-dbus1 1.0.3-4.3 +libnih1 1.0.3-4.3 +libpam-systemd 215-17+deb8u7 -systemd 215-17+deb8u3 +systemd 215-17+deb8u7 +systemd-shim 9-1 --- .etckeeper | 27 ++++ at.deny | 24 +++ dbus-1/session.conf | 75 ++++++++++ dbus-1/system.conf | 91 ++++++++++++ default/dbus | 7 + group | 1 + group- | 2 +- gshadow | 1 + gshadow- | 2 +- init.d/atd | 48 ++++++ init.d/cgmanager | 138 ++++++++++++++++++ init.d/cgproxy | 135 +++++++++++++++++ init.d/dbus | 122 ++++++++++++++++ init/cgmanager.conf | 41 ++++++ init/cgproxy.conf | 36 +++++ modules-load.d/modules.conf | 1 + pam.d/atd | 10 ++ pam.d/common-session | 1 + passwd | 1 + passwd- | 3 +- rc0.d/K01atd | 1 + rc0.d/K01cgmanager | 1 + rc0.d/K01cgproxy | 1 + rc1.d/K01atd | 1 + rc1.d/K01cgmanager | 1 + rc1.d/K01cgproxy | 1 + rc2.d/S01cgmanager | 1 + rc2.d/S02atd | 1 + rc2.d/S02cgproxy | 1 + rc2.d/S02dbus | 1 + rc3.d/S01cgmanager | 1 + rc3.d/S02atd | 1 + rc3.d/S02cgproxy | 1 + rc3.d/S02dbus | 1 + rc4.d/S01cgmanager | 1 + rc4.d/S02atd | 1 + rc4.d/S02cgproxy | 1 + rc4.d/S02dbus | 1 + rc5.d/S01cgmanager | 1 + rc5.d/S02atd | 1 + rc5.d/S02cgproxy | 1 + rc5.d/S02dbus | 1 + rc6.d/K01atd | 1 + rc6.d/K01cgmanager | 1 + rc6.d/K01cgproxy | 1 + shadow | 1 + shadow- | 1 + subgid | 1 + subgid- | 1 + subuid | 1 + subuid- | 1 + sysctl.d/99-sysctl.conf | 1 + .../multi-user.target.wants/atd.service | 1 + xdg/systemd/user | 1 + 54 files changed, 797 insertions(+), 3 deletions(-) create mode 100644 at.deny create mode 100644 dbus-1/session.conf create mode 100644 dbus-1/system.conf create mode 100644 default/dbus create mode 100755 init.d/atd create mode 100755 init.d/cgmanager create mode 100755 init.d/cgproxy create mode 100755 init.d/dbus create mode 100644 init/cgmanager.conf create mode 100644 init/cgproxy.conf create mode 120000 modules-load.d/modules.conf create mode 100644 pam.d/atd create mode 120000 rc0.d/K01atd create mode 120000 rc0.d/K01cgmanager create mode 120000 rc0.d/K01cgproxy create mode 120000 rc1.d/K01atd create mode 120000 rc1.d/K01cgmanager create mode 120000 rc1.d/K01cgproxy create mode 120000 rc2.d/S01cgmanager create mode 120000 rc2.d/S02atd create mode 120000 rc2.d/S02cgproxy create mode 120000 rc2.d/S02dbus create mode 120000 rc3.d/S01cgmanager create mode 120000 rc3.d/S02atd create mode 120000 rc3.d/S02cgproxy create mode 120000 rc3.d/S02dbus create mode 120000 rc4.d/S01cgmanager create mode 120000 rc4.d/S02atd create mode 120000 rc4.d/S02cgproxy create mode 120000 rc4.d/S02dbus create mode 120000 rc5.d/S01cgmanager create mode 120000 rc5.d/S02atd create mode 120000 rc5.d/S02cgproxy create mode 120000 rc5.d/S02dbus create mode 120000 rc6.d/K01atd create mode 120000 rc6.d/K01cgmanager create mode 120000 rc6.d/K01cgproxy create mode 120000 sysctl.d/99-sysctl.conf create mode 120000 systemd/system/multi-user.target.wants/atd.service create mode 120000 xdg/systemd/user diff --git a/.etckeeper b/.etckeeper index 277f528..2c99fc9 100755 --- a/.etckeeper +++ b/.etckeeper @@ -5,8 +5,10 @@ mkdir -p './apparmor.d/force-complain' mkdir -p './apt/preferences.d' mkdir -p './bind/dyn' mkdir -p './bind/zones' +mkdir -p './binfmt.d' mkdir -p './ca-certificates/update.d' mkdir -p './console' +mkdir -p './dbus-1/session.d' mkdir -p './dpkg/dpkg.cfg.d' mkdir -p './fail2ban/fail2ban.d' mkdir -p './initramfs-tools/conf.d' @@ -36,6 +38,10 @@ mkdir -p './postgresql-common/pg_upgradecluster.d' mkdir -p './salt/proxy.d' mkdir -p './security/limits.d' mkdir -p './security/namespace.d' +mkdir -p './systemd/network' +mkdir -p './systemd/ntp-units.d' +mkdir -p './systemd/user' +mkdir -p './tmpfiles.d' mkdir -p './udev/hwdb.d' maybe chmod 0755 '.' maybe chmod 0700 '.etckeeper' @@ -245,6 +251,8 @@ maybe chmod 0644 'apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg' maybe chmod 0644 'apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg' maybe chmod 0755 'apticron' maybe chmod 0644 'apticron/apticron.conf' +maybe chgrp 'daemon' 'at.deny' +maybe chmod 0640 'at.deny' maybe chmod 0644 'bash.bashrc' maybe chmod 0644 'bash_completion' maybe chmod 0755 'bash_completion.d' @@ -292,6 +300,7 @@ maybe chgrp 'bind' 'bind/zones' maybe chmod 0755 'bind/zones' maybe chmod 0644 'bind/zones.rfc1918' maybe chmod 0644 'bindresvport.blacklist' +maybe chmod 0755 'binfmt.d' maybe chmod 0755 'byobu' maybe chmod 0644 'byobu/backend' maybe chmod 0644 'byobu/socketdir' @@ -372,6 +381,9 @@ maybe chmod 0755 'dbconfig-common' maybe chmod 0600 'dbconfig-common/config' maybe chmod 0600 'dbconfig-common/phpmyadmin.conf' maybe chmod 0755 'dbus-1' +maybe chmod 0644 'dbus-1/session.conf' +maybe chmod 0755 'dbus-1/session.d' +maybe chmod 0644 'dbus-1/system.conf' maybe chmod 0755 'dbus-1/system.d' maybe chmod 0644 'dbus-1/system.d/org.freedesktop.hostname1.conf' maybe chmod 0644 'dbus-1/system.d/org.freedesktop.locale1.conf' @@ -389,6 +401,7 @@ maybe chmod 0644 'default/bind9' maybe chmod 0644 'default/bsdmainutils' maybe chmod 0644 'default/console-setup' maybe chmod 0644 'default/cron' +maybe chmod 0644 'default/dbus' maybe chmod 0644 'default/devpts' maybe chmod 0644 'default/exim4' maybe chmod 0644 'default/fail2ban' @@ -701,15 +714,19 @@ maybe chmod 0644 'init.d/README' maybe chmod 0755 'init.d/acpid' maybe chmod 0755 'init.d/aiccu' maybe chmod 0755 'init.d/apache2' +maybe chmod 0755 'init.d/atd' maybe chmod 0755 'init.d/bind9' maybe chmod 0755 'init.d/bootlogs' maybe chmod 0755 'init.d/bootmisc.sh' +maybe chmod 0755 'init.d/cgmanager' +maybe chmod 0755 'init.d/cgproxy' maybe chmod 0755 'init.d/checkfs.sh' maybe chmod 0755 'init.d/checkroot-bootclean.sh' maybe chmod 0755 'init.d/checkroot.sh' maybe chmod 0755 'init.d/chrony' maybe chmod 0755 'init.d/console-setup' maybe chmod 0755 'init.d/cron' +maybe chmod 0755 'init.d/dbus' maybe chmod 0755 'init.d/exim4' maybe chmod 0755 'init.d/fail2ban' maybe chmod 0755 'init.d/halt' @@ -754,6 +771,8 @@ maybe chmod 0755 'init.d/umountfs' maybe chmod 0755 'init.d/umountnfs.sh' maybe chmod 0755 'init.d/umountroot' maybe chmod 0755 'init.d/urandom' +maybe chmod 0644 'init/cgmanager.conf' +maybe chmod 0644 'init/cgproxy.conf' maybe chmod 0644 'init/network-interface-container.conf' maybe chmod 0644 'init/network-interface-security.conf' maybe chmod 0644 'init/network-interface.conf' @@ -949,6 +968,7 @@ maybe chmod 0644 'mke2fs.conf' maybe chmod 0755 'modprobe.d' maybe chmod 0644 'modprobe.d/fbdev-blacklist.conf' maybe chmod 0644 'modules' +maybe chmod 0755 'modules-load.d' maybe chmod 0644 'motd.tail' maybe chmod 0755 'mysql' maybe chmod 0755 'mysql/conf.d' @@ -978,6 +998,7 @@ maybe chmod 0644 'nsswitch.conf' maybe chmod 0755 'opt' maybe chmod 0644 'pam.conf' maybe chmod 0755 'pam.d' +maybe chmod 0644 'pam.d/atd' maybe chmod 0644 'pam.d/chfn' maybe chmod 0644 'pam.d/chpasswd' maybe chmod 0644 'pam.d/chsh' @@ -1211,6 +1232,8 @@ maybe chmod 0755 'systemd' maybe chmod 0644 'systemd/bootchart.conf' maybe chmod 0644 'systemd/journald.conf' maybe chmod 0644 'systemd/logind.conf' +maybe chmod 0755 'systemd/network' +maybe chmod 0755 'systemd/ntp-units.d' maybe chmod 0644 'systemd/resolved.conf' maybe chmod 0755 'systemd/system' maybe chmod 0644 'systemd/system.conf' @@ -1226,10 +1249,12 @@ maybe chmod 0755 'systemd/system/sockets.target.wants' maybe chmod 0755 'systemd/system/sysinit.target.wants' maybe chmod 0755 'systemd/system/timers.target.wants' maybe chmod 0644 'systemd/timesyncd.conf' +maybe chmod 0755 'systemd/user' maybe chmod 0644 'systemd/user.conf' maybe chmod 0755 'terminfo' maybe chmod 0644 'terminfo/README' maybe chmod 0644 'timezone' +maybe chmod 0755 'tmpfiles.d' maybe chmod 0644 'ucf.conf' maybe chmod 0755 'udev' maybe chmod 0755 'udev/hwdb.d' @@ -1249,6 +1274,8 @@ maybe chmod 0644 'vim/vimrc' maybe chmod 0644 'vim/vimrc.local' maybe chmod 0644 'vim/vimrc.tiny' maybe chmod 0644 'wgetrc' +maybe chmod 0755 'xdg' +maybe chmod 0755 'xdg/systemd' maybe chmod 0755 'xml' maybe chmod 0644 'xml/catalog' maybe chmod 0644 'xml/xml-core.xml' diff --git a/at.deny b/at.deny new file mode 100644 index 0000000..0d5a382 --- /dev/null +++ b/at.deny @@ -0,0 +1,24 @@ +alias +backup +bin +daemon +ftp +games +gnats +guest +irc +lp +mail +man +nobody +operator +proxy +qmaild +qmaill +qmailp +qmailq +qmailr +qmails +sync +sys +www-data diff --git a/dbus-1/session.conf b/dbus-1/session.conf new file mode 100644 index 0000000..251b58a --- /dev/null +++ b/dbus-1/session.conf @@ -0,0 +1,75 @@ + + + + + + session + + + + + unix:tmpdir=/tmp + + + EXTERNAL + + + + + + + + + + + + + + session.d + + + session-local.conf + + contexts/dbus_contexts + + + + + 1000000000 + 250000000 + 1000000000 + 250000000 + 1000000000 + + 120000 + 240000 + 150000 + 100000 + 10000 + 100000 + 10000 + 50000 + 50000 + 50000 + + diff --git a/dbus-1/system.conf b/dbus-1/system.conf new file mode 100644 index 0000000..891bc00 --- /dev/null +++ b/dbus-1/system.conf @@ -0,0 +1,91 @@ + + + + + + + + + system + + + messagebus + + + + + + + + + /usr/lib/dbus-1.0/dbus-daemon-launch-helper + + + /var/run/dbus/pid + + + + + + EXTERNAL + + + unix:path=/var/run/dbus/system_bus_socket + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + system.d + + + system-local.conf + + contexts/dbus_contexts + + diff --git a/default/dbus b/default/dbus new file mode 100644 index 0000000..4bc8e1b --- /dev/null +++ b/default/dbus @@ -0,0 +1,7 @@ +# This is a configuration file for /etc/init.d/dbus; it allows you to +# perform common modifications to the behavior of the dbus daemon +# startup without editing the init script (and thus getting prompted +# by dpkg on upgrades). We all love dpkg prompts. + +# Parameters to pass to dbus. +PARAMS="" diff --git a/group b/group index 9182123..5008dbe 100644 --- a/group +++ b/group @@ -54,3 +54,4 @@ postdrop:x:114: bind:x:999: ulog:x:115: postgres:x:116: +messagebus:x:117: diff --git a/group- b/group- index 5c5fd59..9182123 100644 --- a/group- +++ b/group- @@ -48,7 +48,7 @@ netdev:x:108: ssh:x:109: Debian-exim:x:110: mlocate:x:111:repo -ssl-cert:x:112: +ssl-cert:x:112:postgres postfix:x:113: postdrop:x:114: bind:x:999: diff --git a/gshadow b/gshadow index a574b3e..4ddf26a 100644 --- a/gshadow +++ b/gshadow @@ -54,3 +54,4 @@ postdrop:!:: bind:!:: ulog:!:: postgres:!:: +messagebus:!:: diff --git a/gshadow- b/gshadow- index df1c75c..a574b3e 100644 --- a/gshadow- +++ b/gshadow- @@ -48,7 +48,7 @@ netdev:!:: ssh:!:: Debian-exim:!:: mlocate:!::repo -ssl-cert:!:: +ssl-cert:!::postgres postfix:!:: postdrop:!:: bind:!:: diff --git a/init.d/atd b/init.d/atd new file mode 100755 index 0000000..2e825fc --- /dev/null +++ b/init.d/atd @@ -0,0 +1,48 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: atd +# Required-Start: $syslog $time $remote_fs +# Required-Stop: $syslog $time $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Deferred execution scheduler +# Description: Debian init script for the atd deferred executions +# scheduler +### END INIT INFO +# +# Author: Ryan Murray +# + +PATH=/bin:/usr/bin:/sbin:/usr/sbin +DAEMON=/usr/sbin/atd +PIDFILE=/var/run/atd.pid + +test -x $DAEMON || exit 0 + +. /lib/lsb/init-functions + +case "$1" in + start) + log_daemon_msg "Starting deferred execution scheduler" "atd" + start_daemon -p $PIDFILE $DAEMON + log_end_msg $? + ;; + stop) + log_daemon_msg "Stopping deferred execution scheduler" "atd" + killproc -p $PIDFILE $DAEMON + log_end_msg $? + ;; + force-reload|restart) + $0 stop + $0 start + ;; + status) + status_of_proc -p $PIDFILE $DAEMON atd && exit 0 || exit $? + ;; + *) + echo "Usage: /etc/init.d/atd {start|stop|restart|force-reload|status}" + exit 1 + ;; +esac + +exit 0 diff --git a/init.d/cgmanager b/init.d/cgmanager new file mode 100755 index 0000000..81604a3 --- /dev/null +++ b/init.d/cgmanager @@ -0,0 +1,138 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: cgmanager +# Required-Start: mountkernfs +# Required-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Cgroup manager daemon +# Description: +# The cgroup manager accepts cgroup administration requests +# over dbus, honoring privilege by root users in mapped user +# namespaces over the non-root mapped uids. This allows safe +# nesting of lxc containers by unprivileged users. +### END INIT INFO + +# Do NOT "set -e" + +PATH=/sbin:/bin + +DAEMON=/sbin/cgmanager +NAME=cgmanager +DESC="cgroup management daemon" + +BASEOPTS="--daemon -m name=systemd" + +test -x $DAEMON || exit 0 + +PIDFILE=/run/$NAME.pid + +if [ -f /etc/default/cgmanager ]; then + # get cgmanager_opts if specified + . /etc/default/cgmanager +fi + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +DAEMON_ARGS="$BASEOPTS $cgmanager_opts $cgm_extra_mounts" + +do_stop() +{ + # If the cgmanager stops, the proxy must stop + /etc/init.d/cgproxy stop >/dev/null 2>&1 || true + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + + # Kill any existing cgproxy + /etc/init.d/cgproxy stop >/dev/null 2>&1 || true + # check whether to start cgproxy or cgmanager + if /sbin/cgproxy --check-master; then + NESTED=yes /etc/init.d/cgproxy start || true && { exit 0; } + fi + + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return $? + # Todo - once the compiled cgm is installed we could use it here to ping + # cgmanager as our test for readiness. + sleep 1 +} + +case "$1" in + restart|force-reload) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + start) + log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + *) + echo "Usage: $0 {start|stop|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/init.d/cgproxy b/init.d/cgproxy new file mode 100755 index 0000000..2e54c33 --- /dev/null +++ b/init.d/cgproxy @@ -0,0 +1,135 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: cgproxy +# Required-Start: cgmanager +# Required-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Cgroup manager daemon +# Description: +# The cgroup manager accepts cgroup administration requests +# over dbus, honoring privilege by root users in mapped user +# namespaces over the non-root mapped uids. This allows safe +# nesting of lxc containers by unprivileged users. +### END INIT INFO + +# Do NOT "set -e" + +PATH=/sbin:/bin + +DAEMON=/sbin/cgproxy +NAME=cgproxy +DESC="cgroup management proxy daemon" + +BASEOPTS="--daemon" + +test -x $DAEMON || exit 0 + +PIDFILE=/run/$NAME.pid + +if [ -f /etc/default/cgmanager ]; then + # get cgmanager_opts if specified + . /etc/default/cgmanager +fi + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +DAEMON_ARGS="$BASEOPTS $cgmanager_opts" + +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + + # cgproxy should only run on container unless on older kernel + if [ -e /proc/self/ns/pid ] && [ "$NESTED" != "yes" ]; then + log_end_msg 0 + exit 0 + fi + + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return $? + # Todo - once the compiled cgm is installed we could use it here to ping + # cgmanager as our test for readiness. + sleep 1 +} + +case "$1" in + restart|force-reload) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + start) + log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + *) + echo "Usage: $0 {start|stop|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/init.d/dbus b/init.d/dbus new file mode 100755 index 0000000..4f41293 --- /dev/null +++ b/init.d/dbus @@ -0,0 +1,122 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: dbus +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: +# Short-Description: D-Bus systemwide message bus +# Description: D-Bus is a simple interprocess messaging system, used +# for sending messages between applications. +### END INIT INFO +# -*- coding: utf-8 -*- +# Debian init.d script for D-BUS +# Copyright © 2003 Colin Walters +# Copyright © 2005 Sjoerd Simons + +set -e + +DAEMON=/usr/bin/dbus-daemon +UUIDGEN=/usr/bin/dbus-uuidgen +UUIDGEN_OPTS=--ensure +NAME=dbus +DAEMONUSER=messagebus +PIDDIR=/var/run/dbus +PIDFILE=$PIDDIR/pid +DESC="system message bus" + +test -x $DAEMON || exit 0 + +. /lib/lsb/init-functions + +# Source defaults file; edit that file to configure this script. +PARAMS="" +if [ -e /etc/default/dbus ]; then + . /etc/default/dbus +fi + +create_machineid() { + # Create machine-id file + if [ -x $UUIDGEN ]; then + $UUIDGEN $UUIDGEN_OPTS + fi +} + +start_it_up() +{ + if [ ! -d $PIDDIR ]; then + mkdir -p $PIDDIR + chown $DAEMONUSER $PIDDIR + chgrp $DAEMONUSER $PIDDIR + fi + + if ! mountpoint -q /proc/ ; then + log_failure_msg "Can't start $DESC - /proc is not mounted" + return + fi + + if [ -e $PIDFILE ]; then + if $0 status > /dev/null ; then + log_success_msg "$DESC already started; not starting." + return + else + log_success_msg "Removing stale PID file $PIDFILE." + rm -f $PIDFILE + fi + fi + + create_machineid + + log_daemon_msg "Starting $DESC" "$NAME" + start-stop-daemon --start --quiet --pidfile $PIDFILE \ + --exec $DAEMON -- --system $PARAMS + log_end_msg $? +} + +shut_it_down() +{ + log_daemon_msg "Stopping $DESC" "$NAME" + start-stop-daemon --stop --retry 5 --quiet --oknodo --pidfile $PIDFILE \ + --user $DAEMONUSER + # We no longer include these arguments so that start-stop-daemon + # can do its job even given that we may have been upgraded. + # We rely on the pidfile being sanely managed + # --exec $DAEMON -- --system $PARAMS + log_end_msg $? + rm -f $PIDFILE +} + +reload_it() +{ + create_machineid + log_action_begin_msg "Reloading $DESC config" + dbus-send --print-reply --system --type=method_call \ + --dest=org.freedesktop.DBus \ + / org.freedesktop.DBus.ReloadConfig > /dev/null + # hopefully this is enough time for dbus to reload it's config file. + log_action_end_msg $? +} + +case "$1" in + start) + start_it_up + ;; + stop) + shut_it_down + ;; + reload|force-reload) + reload_it + ;; + restart) + shut_it_down + start_it_up + ;; + status) + status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $? + ;; + *) + echo "Usage: /etc/init.d/$NAME {start|stop|reload|restart|force-reload|status}" >&2 + exit 2 + ;; +esac + diff --git a/init/cgmanager.conf b/init/cgmanager.conf new file mode 100644 index 0000000..5d58475 --- /dev/null +++ b/init/cgmanager.conf @@ -0,0 +1,41 @@ +description "cgroup management daemon" +author "Serge Hallyn " + +respawn +expect stop + +# in trusty /sys/fs/cgroup will be mounted for us. +# prior to saucy, we would need to start on mounted +# MOUNTPOINT=/sys, and mount /sys/fs/cgroup ourselves +start on mounted MOUNTPOINT=/sys/fs/cgroup or virtual-filesystems or starting dbus +stop on runlevel [06] + +# to get debug output into /var/log/upstart/cgmanager.log, create/edit +# /etc/default/cgmanager and set cgmanager_opts="--debug" +env cgmanager_opts="" + +# unbound subsystems cgmanager should mount. If you need to add more, +# make the list comma-separated, for instance: +# env cgm_extra_mounts="-m name=systemd,name=yyy" +env cgm_extra_mounts="-m name=systemd" + +pre-start script + # Kill any existing cgproxy. This is required to allow proper + # respawning of cgmanager. + stop cgproxy >/dev/null 2>&1 || true + + # check whether we should start a cgproxy or a cgmanager + if cgproxy --check-master; then + start cgproxy NESTED=yes || true && { stop; exit 0; } + fi +end script + +script + [ -r /etc/default/cgmanager ] && . /etc/default/cgmanager + + exec /sbin/cgmanager --sigstop $cgmanager_opts $cgm_extra_mounts +end script + +post-start script + initctl notify-cgroup-manager-address "unix:path=/sys/fs/cgroup/cgmanager/sock" || true +end script diff --git a/init/cgproxy.conf b/init/cgproxy.conf new file mode 100644 index 0000000..6bcfbff --- /dev/null +++ b/init/cgproxy.conf @@ -0,0 +1,36 @@ +description "cgroup management proxy" +author "Serge Hallyn " + +respawn +expect stop +emits cgmanager-ready + +# in trusty /sys/fs/cgroup will be mounted for us. +# prior to saucy, we would need to start on mounted +# MOUNTPOINT=/sys, and mount /sys/fs/cgroup ourselves +start on started cgmanager +stop on runlevel [06] + +# to get debug output into /var/log/upstart/cgproxy.log, create/edit +# /etc/default/cgmanager and set cgmanager_opts="--debug" +env cgmanager_opts="" +env NESTED="no" + +pre-start script + # check whether we should start + if [ -e /proc/self/ns/pid ] && [ "$NESTED" = "no" ]; then + initctl emit -n cgmanager-ready + { stop; exit 0; } + fi +end script + +script + [ -r /etc/default/cgmanager ] && . /etc/default/cgmanager + + exec /sbin/cgproxy --sigstop $cgmanager_opts +end script + +post-start script +initctl emit -n cgmanager-ready +initctl notify-cgroup-manager-address "unix:path=/sys/fs/cgroup/cgmanager/sock" || true +end script diff --git a/modules-load.d/modules.conf b/modules-load.d/modules.conf new file mode 120000 index 0000000..464b823 --- /dev/null +++ b/modules-load.d/modules.conf @@ -0,0 +1 @@ +../modules \ No newline at end of file diff --git a/pam.d/atd b/pam.d/atd new file mode 100644 index 0000000..0036e71 --- /dev/null +++ b/pam.d/atd @@ -0,0 +1,10 @@ +# +# The PAM configuration file for the at daemon +# + +auth required pam_env.so +@include common-auth +@include common-account +session required pam_loginuid.so +@include common-session-noninteractive +session required pam_limits.so diff --git a/pam.d/common-session b/pam.d/common-session index 4ad1729..9d7324c 100644 --- a/pam.d/common-session +++ b/pam.d/common-session @@ -22,4 +22,5 @@ session requisite pam_deny.so session required pam_permit.so # and here are more per-package modules (the "Additional" block) session required pam_unix.so +session optional pam_systemd.so # end of pam-auth-update config diff --git a/passwd b/passwd index 0f31ef5..7b61ad0 100644 --- a/passwd +++ b/passwd @@ -27,3 +27,4 @@ bind:x:999:999:Bind daemon user,,,:/var/cache/bind:/bin/false ulog:x:107:115::/var/log/ulog:/bin/false repo:x:1111:100:Repository user ns1,,,:/home/repo:/bin/bash postgres:x:108:116:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash +messagebus:x:109:117::/var/run/dbus:/bin/false diff --git a/passwd- b/passwd- index 3fc416a..7b61ad0 100644 --- a/passwd- +++ b/passwd- @@ -26,4 +26,5 @@ postfix:x:106:113::/var/spool/postfix:/bin/false bind:x:999:999:Bind daemon user,,,:/var/cache/bind:/bin/false ulog:x:107:115::/var/log/ulog:/bin/false repo:x:1111:100:Repository user ns1,,,:/home/repo:/bin/bash -postgres:x:108:116::/var/lib/postgresql:/bin/bash +postgres:x:108:116:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash +messagebus:x:109:117::/var/run/dbus:/bin/false diff --git a/rc0.d/K01atd b/rc0.d/K01atd new file mode 120000 index 0000000..8cd7248 --- /dev/null +++ b/rc0.d/K01atd @@ -0,0 +1 @@ +../init.d/atd \ No newline at end of file diff --git a/rc0.d/K01cgmanager b/rc0.d/K01cgmanager new file mode 120000 index 0000000..3a4dcb0 --- /dev/null +++ b/rc0.d/K01cgmanager @@ -0,0 +1 @@ +../init.d/cgmanager \ No newline at end of file diff --git a/rc0.d/K01cgproxy b/rc0.d/K01cgproxy new file mode 120000 index 0000000..c31f360 --- /dev/null +++ b/rc0.d/K01cgproxy @@ -0,0 +1 @@ +../init.d/cgproxy \ No newline at end of file diff --git a/rc1.d/K01atd b/rc1.d/K01atd new file mode 120000 index 0000000..8cd7248 --- /dev/null +++ b/rc1.d/K01atd @@ -0,0 +1 @@ +../init.d/atd \ No newline at end of file diff --git a/rc1.d/K01cgmanager b/rc1.d/K01cgmanager new file mode 120000 index 0000000..3a4dcb0 --- /dev/null +++ b/rc1.d/K01cgmanager @@ -0,0 +1 @@ +../init.d/cgmanager \ No newline at end of file diff --git a/rc1.d/K01cgproxy b/rc1.d/K01cgproxy new file mode 120000 index 0000000..c31f360 --- /dev/null +++ b/rc1.d/K01cgproxy @@ -0,0 +1 @@ +../init.d/cgproxy \ No newline at end of file diff --git a/rc2.d/S01cgmanager b/rc2.d/S01cgmanager new file mode 120000 index 0000000..3a4dcb0 --- /dev/null +++ b/rc2.d/S01cgmanager @@ -0,0 +1 @@ +../init.d/cgmanager \ No newline at end of file diff --git a/rc2.d/S02atd b/rc2.d/S02atd new file mode 120000 index 0000000..8cd7248 --- /dev/null +++ b/rc2.d/S02atd @@ -0,0 +1 @@ +../init.d/atd \ No newline at end of file diff --git a/rc2.d/S02cgproxy b/rc2.d/S02cgproxy new file mode 120000 index 0000000..c31f360 --- /dev/null +++ b/rc2.d/S02cgproxy @@ -0,0 +1 @@ +../init.d/cgproxy \ No newline at end of file diff --git a/rc2.d/S02dbus b/rc2.d/S02dbus new file mode 120000 index 0000000..05fdfc6 --- /dev/null +++ b/rc2.d/S02dbus @@ -0,0 +1 @@ +../init.d/dbus \ No newline at end of file diff --git a/rc3.d/S01cgmanager b/rc3.d/S01cgmanager new file mode 120000 index 0000000..3a4dcb0 --- /dev/null +++ b/rc3.d/S01cgmanager @@ -0,0 +1 @@ +../init.d/cgmanager \ No newline at end of file diff --git a/rc3.d/S02atd b/rc3.d/S02atd new file mode 120000 index 0000000..8cd7248 --- /dev/null +++ b/rc3.d/S02atd @@ -0,0 +1 @@ +../init.d/atd \ No newline at end of file diff --git a/rc3.d/S02cgproxy b/rc3.d/S02cgproxy new file mode 120000 index 0000000..c31f360 --- /dev/null +++ b/rc3.d/S02cgproxy @@ -0,0 +1 @@ +../init.d/cgproxy \ No newline at end of file diff --git a/rc3.d/S02dbus b/rc3.d/S02dbus new file mode 120000 index 0000000..05fdfc6 --- /dev/null +++ b/rc3.d/S02dbus @@ -0,0 +1 @@ +../init.d/dbus \ No newline at end of file diff --git a/rc4.d/S01cgmanager b/rc4.d/S01cgmanager new file mode 120000 index 0000000..3a4dcb0 --- /dev/null +++ b/rc4.d/S01cgmanager @@ -0,0 +1 @@ +../init.d/cgmanager \ No newline at end of file diff --git a/rc4.d/S02atd b/rc4.d/S02atd new file mode 120000 index 0000000..8cd7248 --- /dev/null +++ b/rc4.d/S02atd @@ -0,0 +1 @@ +../init.d/atd \ No newline at end of file diff --git a/rc4.d/S02cgproxy b/rc4.d/S02cgproxy new file mode 120000 index 0000000..c31f360 --- /dev/null +++ b/rc4.d/S02cgproxy @@ -0,0 +1 @@ +../init.d/cgproxy \ No newline at end of file diff --git a/rc4.d/S02dbus b/rc4.d/S02dbus new file mode 120000 index 0000000..05fdfc6 --- /dev/null +++ b/rc4.d/S02dbus @@ -0,0 +1 @@ +../init.d/dbus \ No newline at end of file diff --git a/rc5.d/S01cgmanager b/rc5.d/S01cgmanager new file mode 120000 index 0000000..3a4dcb0 --- /dev/null +++ b/rc5.d/S01cgmanager @@ -0,0 +1 @@ +../init.d/cgmanager \ No newline at end of file diff --git a/rc5.d/S02atd b/rc5.d/S02atd new file mode 120000 index 0000000..8cd7248 --- /dev/null +++ b/rc5.d/S02atd @@ -0,0 +1 @@ +../init.d/atd \ No newline at end of file diff --git a/rc5.d/S02cgproxy b/rc5.d/S02cgproxy new file mode 120000 index 0000000..c31f360 --- /dev/null +++ b/rc5.d/S02cgproxy @@ -0,0 +1 @@ +../init.d/cgproxy \ No newline at end of file diff --git a/rc5.d/S02dbus b/rc5.d/S02dbus new file mode 120000 index 0000000..05fdfc6 --- /dev/null +++ b/rc5.d/S02dbus @@ -0,0 +1 @@ +../init.d/dbus \ No newline at end of file diff --git a/rc6.d/K01atd b/rc6.d/K01atd new file mode 120000 index 0000000..8cd7248 --- /dev/null +++ b/rc6.d/K01atd @@ -0,0 +1 @@ +../init.d/atd \ No newline at end of file diff --git a/rc6.d/K01cgmanager b/rc6.d/K01cgmanager new file mode 120000 index 0000000..3a4dcb0 --- /dev/null +++ b/rc6.d/K01cgmanager @@ -0,0 +1 @@ +../init.d/cgmanager \ No newline at end of file diff --git a/rc6.d/K01cgproxy b/rc6.d/K01cgproxy new file mode 120000 index 0000000..c31f360 --- /dev/null +++ b/rc6.d/K01cgproxy @@ -0,0 +1 @@ +../init.d/cgproxy \ No newline at end of file diff --git a/shadow b/shadow index 3892ee3..aec96d7 100644 --- a/shadow +++ b/shadow @@ -27,3 +27,4 @@ bind:!:16868:::::: ulog:*:16920:0:99999:7::: repo:!:17100:0:99999:7::: postgres:*:17175:0:99999:7::: +messagebus:*:17329:0:99999:7::: diff --git a/shadow- b/shadow- index 3892ee3..aec96d7 100644 --- a/shadow- +++ b/shadow- @@ -27,3 +27,4 @@ bind:!:16868:::::: ulog:*:16920:0:99999:7::: repo:!:17100:0:99999:7::: postgres:*:17175:0:99999:7::: +messagebus:*:17329:0:99999:7::: diff --git a/subgid b/subgid index 1910d87..ffbecdd 100644 --- a/subgid +++ b/subgid @@ -9,3 +9,4 @@ bind:558752:65536 ulog:624288:65536 repo:689824:65536 postgres:755360:65536 +messagebus:820896:65536 diff --git a/subgid- b/subgid- index 9bc29fe..1910d87 100644 --- a/subgid- +++ b/subgid- @@ -8,3 +8,4 @@ postfix:493216:65536 bind:558752:65536 ulog:624288:65536 repo:689824:65536 +postgres:755360:65536 diff --git a/subuid b/subuid index 1910d87..ffbecdd 100644 --- a/subuid +++ b/subuid @@ -9,3 +9,4 @@ bind:558752:65536 ulog:624288:65536 repo:689824:65536 postgres:755360:65536 +messagebus:820896:65536 diff --git a/subuid- b/subuid- index 9bc29fe..1910d87 100644 --- a/subuid- +++ b/subuid- @@ -8,3 +8,4 @@ postfix:493216:65536 bind:558752:65536 ulog:624288:65536 repo:689824:65536 +postgres:755360:65536 diff --git a/sysctl.d/99-sysctl.conf b/sysctl.d/99-sysctl.conf new file mode 120000 index 0000000..2b0036b --- /dev/null +++ b/sysctl.d/99-sysctl.conf @@ -0,0 +1 @@ +../sysctl.conf \ No newline at end of file diff --git a/systemd/system/multi-user.target.wants/atd.service b/systemd/system/multi-user.target.wants/atd.service new file mode 120000 index 0000000..e225a48 --- /dev/null +++ b/systemd/system/multi-user.target.wants/atd.service @@ -0,0 +1 @@ +/lib/systemd/system/atd.service \ No newline at end of file diff --git a/xdg/systemd/user b/xdg/systemd/user new file mode 120000 index 0000000..1c75bd3 --- /dev/null +++ b/xdg/systemd/user @@ -0,0 +1 @@ +../../systemd/user \ No newline at end of file -- 2.39.5