Henrique de Moraes Holschuh <[email protected]> writes:
> Remove the rcS links.
(I assume you mean /etc/rc?.d/S* here.) I want that on my system the
default is that if a package installs a new service it is not started
on boot unless I explicitely enable it. Removing links works once but
requires me to re-investigate the situation after every package
installation to spot new services that have links to remove.
One solution that comes to my mind is to have
/etc/apt/apt.conf.d/04check-for-new-services with
DPkg {
Post-Invoke {"/usr/local/bin/check-for-new-services";};
}
where /usr/local/bin/check-for-new-services could do something like
#!/bin/bash
whitelist=/etc/policy-whitelist.conf
blacklist=/etc/policy-blacklist.conf
services=$(cd /etc/init.d && ls | grep -v README | grep -v .dpkg-new$)
# check if there are new services and ask the user what do about them
for service in $services; do
if ! grep "^$service$" $whitelist $blacklist > /dev/null; then
echo $0: You have a new service $service. Enable?
read reply
case "$reply" in
w)
echo $service >> $whitelist
;;
b)
echo $service >> $blacklist
;;
esac
fi
done
# disable all blacklisted services
for service in $(cat $blacklist); do
if [ "$(ls /etc/rc*/S??$service 2> /dev/null)" != "" ]; then
echo update-rc.d $service disable
fi
done
# enable all whitelisted services
for service in $(cat $whitelist); do
if [ "$(ls /etc/rc*/S??$service 2> /dev/null)" = "" ]; then
echo update-rc.d $service enable
fi
done
Usage example:
$ sudo aptitude install gnome
...
logger: /etc/policy-rc.d: anacron forbidden by default rule
invoke-rc.d: policy-rc.d denied execution of start.
...
logger: /etc/policy-rc.d: dbus allowed
...
logger: /etc/policy-rc.d: avahi-daemon forbidden by default rule
invoke-rc.d: policy-rc.d denied execution of start.
...
logger: /etc/policy-rc.d: dbus allowed
Reloading system message bus config...done.
...
logger: /etc/policy-rc.d: udev allowed
...
logger: /etc/policy-rc.d: bluetooth forbidden by default rule
invoke-rc.d: policy-rc.d denied execution of start.
...
logger: /etc/policy-rc.d: cups forbidden by default rule
invoke-rc.d: policy-rc.d denied execution of start.
...
logger: /etc/policy-rc.d: cups forbidden by default rule
invoke-rc.d: policy-rc.d denied execution of force-reload.
...
logger: /etc/policy-rc.d: gdm forbidden by default rule
invoke-rc.d: policy-rc.d denied execution of reload.
...
logger: /etc/policy-rc.d: dbus allowed
Reloading system message bus config...done.
...
logger: /etc/policy-rc.d: network-manager forbidden by default rule
invoke-rc.d: policy-rc.d denied execution of start.
...
logger: /etc/policy-rc.d: dbus allowed
Reloading system message bus config...done.
...
logger: /etc/policy-rc.d: openbsd-inetd allowed
logger: /etc/policy-rc.d: saned forbidden by default rule
invoke-rc.d: policy-rc.d denied execution of start.
...
/usr/local/bin/check-for-new-services: You have a new service anacron. Should
it be white or black listed?
b
/usr/local/bin/check-for-new-services: You have a new service avahi-daemon.
Should it be white or black listed?
b
/usr/local/bin/check-for-new-services: You have a new service bluetooth. Should
it be white or black listed?
b
/usr/local/bin/check-for-new-services: You have a new service console-setup.
Should it be white or black listed?
b
/usr/local/bin/check-for-new-services: You have a new service cups. Should it
be white or black listed?
b
/usr/local/bin/check-for-new-services: You have a new service gdm. Should it be
white or black listed?
b
/usr/local/bin/check-for-new-services: You have a new service keyboard-setup.
Should it be white or black listed?
b
/usr/local/bin/check-for-new-services: You have a new service network-manager.
Should it be white or black listed?
b
/usr/local/bin/check-for-new-services: You have a new service saned. Should it
be white or black listed?
b
>> Maybe /etc/init.d/rc could be modified to use invoke-rc? Or maybe
>> policyrcd-script-zg2 could provide some additional hooks?
>
> NO. invoke-rc.d is for package maintainer script use. It shouldn't be used
> anywhere else. It is bad enough the amount of crap that happens at shutdown
> because people started misusing it inside ifup/ifdown.d, etc.
Ok.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
