diff options
| author | fhajny <fhajny@pkgsrc.org> | 2018-02-01 09:07:23 +0000 |
|---|---|---|
| committer | fhajny <fhajny@pkgsrc.org> | 2018-02-01 09:07:23 +0000 |
| commit | f92f1ac7b1707274788777560877f4744fc0ca5c (patch) | |
| tree | a6339f1edcd2409cf420b960fcdfa2bfd687cacc | |
| parent | 81c3981723a6c293839ec7de67382f081f6436e0 (diff) | |
| download | pkgsrc-f92f1ac7b1707274788777560877f4744fc0ca5c.tar.gz | |
mail/rspamd: Fix unprivileged execution in rc.d and SMF.
| -rw-r--r-- | mail/rspamd/Makefile | 7 | ||||
| -rw-r--r-- | mail/rspamd/files/rspamd.sh | 4 | ||||
| -rw-r--r-- | mail/rspamd/files/smf/manifest.xml | 66 |
3 files changed, 32 insertions, 45 deletions
diff --git a/mail/rspamd/Makefile b/mail/rspamd/Makefile index 2ad6cef0a01..4591b5fcc46 100644 --- a/mail/rspamd/Makefile +++ b/mail/rspamd/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.32 2017/11/30 16:45:30 adam Exp $ +# $NetBSD: Makefile,v 1.33 2018/02/01 09:07:23 fhajny Exp $ DISTNAME= rspamd-1.6.1 -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= mail MASTER_SITES= ${MASTER_SITE_GITHUB:=vstakhov/} @@ -42,6 +42,9 @@ LOGDIR= ${VARBASE}/log/rspamd DBDIR= ${VARBASE}/db/rspamd RUNDIR= ${VARBASE}/run/rspamd +FILES_SUBST+= RSPAMD_USER=${RSPAMD_USER} +FILES_SUBST+= RSPAMD_GROUP=${RSPAMD_GROUP} + RCD_SCRIPTS= rspamd CMAKE_ARGS+= -DMANDIR:PATH=${PREFIX}/${PKGMANDIR} diff --git a/mail/rspamd/files/rspamd.sh b/mail/rspamd/files/rspamd.sh index c042b2329c5..2444f6008e1 100644 --- a/mail/rspamd/files/rspamd.sh +++ b/mail/rspamd/files/rspamd.sh @@ -1,6 +1,6 @@ #!@RCD_SCRIPTS_SHELL@ # -# $NetBSD: rspamd.sh,v 1.1 2017/03/20 14:15:16 wiz Exp $ +# $NetBSD: rspamd.sh,v 1.2 2018/02/01 09:07:23 fhajny Exp $ # # PROVIDE: rspamd # REQUIRE: DAEMON @@ -14,7 +14,7 @@ name="rspamd" rcvar=$name command="@PREFIX@/bin/rspamd" pidfile="@VARBASE@/run/rspamd/${name}.pid" -command_args="-c @PKG_SYSCONFDIR@/rspamd.conf" +command_args="-u @RSPAMD_USER@ -g @RSPAMD_GROUP@ -c @PKG_SYSCONFDIR@/rspamd.conf" required_files="@PKG_SYSCONFDIR@/rspamd.conf" start_precmd="rspamd_precmd" diff --git a/mail/rspamd/files/smf/manifest.xml b/mail/rspamd/files/smf/manifest.xml index be47e3d1700..031b5ae9df4 100644 --- a/mail/rspamd/files/smf/manifest.xml +++ b/mail/rspamd/files/smf/manifest.xml @@ -1,45 +1,29 @@ <?xml version="1.0"?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <service_bundle type="manifest" name="export"> - - <service name="@SMF_PREFIX@/@SMF_NAME@" type="service" version="1"> - - <create_default_instance enabled="false"/> - - <single_instance/> - - <dependency name="network" grouping="require_all" restart_on="error" type="service"> - <service_fmri value="svc:/milestone/network:default"/> - </dependency> - - <dependency name="filesystem" grouping="require_all" restart_on="error" type="service"> - <service_fmri value="svc:/system/filesystem/local"/> - </dependency> - - <method_context> - </method_context> - - <exec_method type="method" name="start" exec="@PREFIX@/bin/rspamd -i -f -c %{config_file}" timeout_seconds="60"/> - <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60"/> - - <property_group name="startd" type="framework"> - <propval name="duration" type="astring" value="child"/> - <propval name="ignore_error" type="astring" value="core,signal"/> - </property_group> - - <property_group name="application" type="application"> - <propval name="config_file" type="astring" value="@PKG_SYSCONFDIR@/rspamd.conf"/> - </property_group> - - - <template> - <common_name> - <loctext xml:lang="C"> - Rspamd spam filtering system. - </loctext> - </common_name> - </template> - - </service> - + <service name="@SMF_PREFIX@/@SMF_NAME@" type="service" version="1"> + <create_default_instance enabled="false" /> + <single_instance /> + <dependency name="network" grouping="require_all" restart_on="error" type="service"> + <service_fmri value="svc:/milestone/network:default" /> + </dependency> + <dependency name="filesystem" grouping="require_all" restart_on="error" type="service"> + <service_fmri value="svc:/system/filesystem/local" /> + </dependency> + <method_context></method_context> + <exec_method type="method" name="start" exec="@PREFIX@/bin/rspamd -u @RSPAMD_USER@ -g @RSPAMD_USER@ -c %{config_file}" timeout_seconds="60" /> + <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60" /> + <property_group name="startd" type="framework"> + <propval name="duration" type="astring" value="contract" /> + <propval name="ignore_error" type="astring" value="core,signal" /> + </property_group> + <property_group name="application" type="application"> + <propval name="config_file" type="astring" value="@PKG_SYSCONFDIR@/rspamd.conf" /> + </property_group> + <template> + <common_name> + <loctext xml:lang="C">Rspamd spam filtering system.</loctext> + </common_name> + </template> + </service> </service_bundle> |