mrrl-logincaps

commit 8eddc6597b7c9a10821c83271bdfca7ce27b97a8
parent 40d3a7c4c2c1098e876c33fd55254bb4fc7e49e5
Author: ccx <ccx@te2000.cz>
Date:   Thu, 20 Jun 2024 22:49:18 +0000

Allow controlling network services by logged in user

Diffstat:
A
sbin/login.capability.service
 | 
76
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

1 file changed, 76 insertions(+), 0 deletions(-)
diff --git a/sbin/login.capability.service b/sbin/login.capability.service
@@ -0,0 +1,76 @@
+#!/bin/zsh
+setopt no_unset warn_create_global extended_glob
+
+# s6-svc [ -wu | -wU | -wd | -wD | -wr | -wR ] [ -T timeout ] [ -s signal | -abqhkti12pcy ] [ -roduDUxO ] servicedir
+#
+### allowed:
+# • -o : once. Equivalent to "-uO".
+# • -d : down. If the supervised process is up, send it a SIGTERM (by default) then a SIGCONT (to make sure even
+#   stopped processes receive the signal aimed to kill them) and do not restart it. The SIGTERM default can be changed
+#   by editing the ./down-signal file in the service directory.
+# • -D : down, and create a ./down file so the service does not restart automatically if the supervisor dies. This
+#   option is mostly used by automated systems working on top of s6; as a human user, you probably don't need it.
+# • -u : up. If the supervised process is down, start it. Automatically restart it when it dies.
+# • -U : up, and remove any ./down file that may exist, in order to make sure the service is automatically restarted
+#   even if the supervisor dies. This option is mostly used by automated systems working on top of s6; as a human user,
+#   you probably don't need it.
+# • -O : mark the service to run once at most. iow: do not restart the supervised process when it dies. If it is down
+#   when the command is received, do not even start it.
+# • -Q : once at most, and create a ./down file. Like -D, but do not terminate the service if it is currently running.
+# • -r : If the service is up, restart it, by sending it a signal to kill it and letting s6-supervise start it again.
+#   By default, the signal is a SIGTERM; this can be configured via the ./down-signal file in the service directory.
+#
+### disallowed:
+# • -x : exit. When the service is asked to be down and the supervised process dies, s6-supervise will exit too. This
+#   command should normally never be used on a working system. Note that if this command is sent and a ./finish script
+#   exists for the service, the last ./finish invocation before s6-supervise exits will run with its stdin and stdout
+#   redirected to /dev/null.
+
+die_n() {
+	exitcode=$1
+	shift
+	printf >&2 '%s\n' "$@"
+	exit $exitcode
+}
+
+die100() {
+	die_n 100 "$@"
+}
+
+die111() {
+	die_n 111 "$@"
+}
+
+check_option() {
+	case $1 in
+		([abqhkti12pcy]) return;;  # Send signal
+		([oOuUdDrQ]) return;;  # State management
+	esac
+	die100 "invalid option: ${(qqq)1}"
+}
+
+check_service() {
+	case $1 in
+		(container.dhcpcd.dhcpcd) return;;
+		(container.tinc.tinc) return;;
+		(container.unbound.unbound) return;;
+		(container.wpa_supplicant.wpa_supplicant) return;;
+	esac
+	die100 "service not permitted: ${(qqq)1}"
+}
+
+typeset -g scandir=/run/service
+
+main() {
+	[[ $# == 2 ]] || die100 "usage: ${0:t} service-name action"
+	check_service $1
+	local opt
+	for opt in ${(s::)2}; do
+		check_option $opt
+	done
+	exec s6-svc -$2 $scandir/$1
+}
+typeset -f -t main
+
+main "$@"
+#  vim: ft=zsh noet ts=4 sts=4 sw=4