commands: disable services for commands running in chroot

Disabled services start/stop for commands running in chroot. This also prevents services from start during packages install. Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2026-01-27 10:18:47 +00:00 · 2017-10-16 12:24:40 +03:00
parent d8a6fe12ca
commit 0993e1996b
2 changed files with 81 additions and 0 deletions
--- a/commands.go
+++ b/commands.go
@@ -125,6 +125,13 @@ func (cmd Command) Run(label string, cmdline ...string) error {
 		exe.Env = append(os.Environ(), cmd.extraEnv...)
 	}

+	// Disable services start/stop for commands running in chroot
+	if cmd.ChrootMethod != CHROOT_METHOD_NONE {
+		services := ServiceHelper{cmd.Chroot}
+		services.Deny()
+		defer services.Allow()
+	}
+
 	err := exe.Run()
 	w.flush()
 	q.Cleanup()
--- a/os.go
+++ b/os.go
@@ -0,0 +1,74 @@
+package debos
+
+import (
+	"fmt"
+	"os"
+	"path"
+)
+
+const debianPolicyHelper = "/usr/sbin/policy-rc.d"
+
+/*
+ServiceHelper is used to manage services.
+Currently supports only debian-based family.
+*/
+
+type ServiceHelper struct {
+	Rootdir string
+}
+
+type ServicesManager interface {
+	Allow() error
+	Deny() error
+}
+
+/*
+Allow() allows to start/stop services on OS level.
+*/
+func (s *ServiceHelper) Allow() error {
+
+	helperFile := path.Join(s.Rootdir, debianPolicyHelper)
+
+	if _, err := os.Stat(helperFile); os.IsNotExist(err) {
+		return nil
+	}
+	if err := os.Remove(helperFile); err != nil {
+		return err
+	}
+	return nil
+}
+
+/*
+Deny() prohibits to start/stop services on OS level.
+*/
+func (s *ServiceHelper) Deny() error {
+
+	helperFile := path.Join(s.Rootdir, debianPolicyHelper)
+	var helper = []byte(`#!/bin/sh
+
+exit 101
+`)
+
+	if _, err := os.Stat(helperFile); os.IsExist(err) {
+		return fmt.Errorf("Policy helper file '%s' exists already", debianPolicyHelper)
+	}
+	if _, err := os.Stat(path.Dir(helperFile)); os.IsNotExist(err) {
+		// do not try to do something if ".../usr/sbin" is not exists
+		return nil
+	}
+	pf, err := os.Create(helperFile)
+	if err != nil {
+		return err
+	}
+	defer pf.Close()
+
+	if _, err := pf.Write(helper); err != nil {
+		return err
+	}
+
+	if err := pf.Chmod(0755); err != nil {
+		return err
+	}
+
+	return nil
+}