Jamie Nguyen
jamie****@tomoy*****
Mon Jun 13 17:36:20 JST 2011
TOMOYO
ForkI thought it might be a good idea to ship ccs-tools package with
optional support for systemd. I don't know if you've looked at systemd
already, but they have what is called "service" files (or units),
which are installed into "/lib/systemd/system/" folder. rsyslog has a
"./configure" option like this:
--with-systemdsystemunitdir=/lib/systemd/system
rsyslog then installs it's own service file that they maintain.
I am using at the moment "/lib/systemd/system/ccs-auditd.service"
which contains:
[Unit]
Description=TOMOYO Linux Auditing Daemon
[Service]
Type=forking
ExecStart=/usr/sbin/ccs-auditd
[Install]
WantedBy=multi-user.target
I'm planning to ship this with Arch Linux ccs-tools package once
CCS_trigger option is available.
Do you prefer to include this systemd service file upstream, or let
distributers package themselves? If shipping upstream, we could
include a configure option and service file like above. I've only
tested on Arch Linux, but it should almost definitely work on all
systemd environments as the service file is pretty simple.
One thing I did notice though is that /usr/sbin/ccs-auditd always
exits with "0" status. Would it be possible for you to make it exit
with non-zero status if it fails to load (e.g. kernel doesn't support
it)? This way ccs-auditd can let initscripts know if it failed to
load.
Also, this is less important but would it be possible to add support
for "/bin/kill -HUP" so that ccs-auditd can be restarted? If you wish
to add this functionality, then
"/lib/systemd/system/ccs-auditd.service" would look like this:
[Unit]
Description=TOMOYO Linux Auditing Daemon
[Service]
Type=forking
ExecStart=/usr/sbin/ccs-auditd
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
What do you think?