Package: pure-ftpd Version: 1.0.49-4 Severity: normal Tags: patch The following patch is needed to get the run directory correctly labeled on SE Linux systems. On non-SE systems restorecon won't exist so it won't change things. On systems that have SE Linux utilities installed but not enabled restorecon will detect this state and exit while doing nothing.
Also for systemd support you should have a tmpfiles.d(5) file which will simplify creating such directories and also set the correct SE Linux context if it detects that SE Linux is enabled. --- pure-ftpd.orig 2021-01-13 21:47:20.863054766 +1100 +++ pure-ftpd 2021-01-13 21:48:01.314229696 +1100 @@ -61,6 +61,7 @@ if [ ! -e `dirname $PIDFILE` ];then mkdir `dirname $PIDFILE` + [ -x /sbin/restorecon ] && /sbin/restorecon `dirname $PIDFILE` fi start_uploadscript() { -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-1-amd64 (SMP w/6 CPU threads) Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Enforcing - Policy name: default Versions of packages pure-ftpd depends on: ii libc6 2.31-9 ii libcap2 1:2.44-1 ii libcrypt1 1:4.4.17-1 ii libpam0g 1.4.0-2 ii libsodium23 1.0.18-1 ii libssl1.1 1.1.1i-1 ii lsb-base 11.1.0 ii pure-ftpd-common 1.0.49-4 ii xinetd [inet-superserver] 1:2.3.15.3-1 pure-ftpd recommends no packages. pure-ftpd suggests no packages. -- Configuration Files: /etc/init.d/pure-ftpd changed: PATH=/sbin:/bin:/usr/sbin:/usr/bin NAME=pure-ftpd DESC="ftp server" : ${SSDAEMONLOGOPTS:="--quiet"} UPLOADDAEMON=/usr/sbin/pure-uploadscript UDNAME=pure-uploadscript UDDESC="ftp upload handler" WRAPPER=/usr/sbin/pure-ftpd-wrapper . /lib/lsb/init-functions PIDFILE=/var/run/pure-ftpd/pure-ftpd.pid if [ -h $0 ]; then ME=`/bin/readlink $0` else ME=$0 fi SUFFIX=`basename $ME | sed -ne 's/^pure-ftpd-\(.*\)/\1/p'` if [ "$SUFFIX" ] ; then DAEMON=/usr/sbin/pure-ftpd-$SUFFIX else DAEMON=/usr/sbin/pure-ftpd fi export STANDALONE_OR_INETD=inetd export VIRTUALCHROOT= test -r /etc/default/pure-ftpd-common && . /etc/default/pure-ftpd-common if [ "$VIRTUALCHROOT" = "true" ]; then if [ "$SUFFIX" ]; then SUFFIX="$SUFFIX-virtualchroot" else SUFFIX="virtualchroot" fi fi test -x $DAEMON || exit 0 test -x $WRAPPER || exit 0 set -e if [ ! -e `dirname $PIDFILE` ];then mkdir `dirname $PIDFILE` [ -x /sbin/restorecon ] && /sbin/restorecon `dirname $PIDFILE` fi start_uploadscript() { if [ "$UPLOADSCRIPT" -a "$STANDALONE_OR_INETD" != inetd ] && \ egrep -i '^[ ]*(yes|1|on)[ ]*' /etc/pure-ftpd/conf/CallUploadScript > /dev/null 2>&1 then UOPTS="" test "$UPLOADUID" && UOPTS="$UOPTS -u $UPLOADUID" test "$UPLOADGID" && UOPTS="$UOPTS -g $UPLOADGID" echo -n "$1 $UDDESC: " start-stop-daemon --start $SSDAEMONLOGOPTS --oknodo \ --exec $UPLOADDAEMON -- -r "$UPLOADSCRIPT" -B $UOPTS echo "$UDNAME." fi } case "$1" in start) test "$STANDALONE_OR_INETD" = standalone || exit 0 echo -n "Starting $DESC: " start-stop-daemon --start $SSDAEMONLOGOPTS --pidfile "$PIDFILE" \ --exec $WRAPPER -- $SUFFIX start_uploadscript Starting ;; stop) echo -n "Stopping $DESC: " start-stop-daemon --stop $SSDAEMONLOGOPTS --oknodo \ --pidfile "$PIDFILE" start-stop-daemon --stop $SSDAEMONLOGOPTS --oknodo --exec $UPLOADDAEMON echo "$NAME." ;; restart|force-reload) test "$STANDALONE_OR_INETD" = standalone || exit 0 echo -n "Restarting $DESC: " start-stop-daemon --stop $SSDAEMONLOGOPTS --oknodo \ --pidfile "$PIDFILE" start-stop-daemon --stop $SSDAEMONLOGOPTS --oknodo --exec $UPLOADDAEMON sleep 1 start-stop-daemon --start $SSDAEMONLOGOPTS --pidfile "$PIDFILE" \ --exec $WRAPPER -- $SUFFIX start_uploadscript Restarting ;; status) status_of_proc -p /var/run/pure-ftpd/pure-ftpd.pid $DAEMON $NAME && exit 0 || exit $? ;; *) N=/etc/init.d/$NAME echo "Usage: $N {start|stop|restart|force-reload|status}" >&2 exit 1 ;; esac exit 0 -- no debconf information