diff options
| author | Treehugger Robot <treehugger-gerrit@google.com> | 2018-06-20 21:00:42 +0000 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2018-06-20 21:00:42 +0000 |
| commit | ab8131f18ff73f209de7cc35d77366ebff3931cb (patch) | |
| tree | 913e00c7e1e4d3757d6d697ed722b532d0d121c9 | |
| parent | c50fe3dc542e6970e27e38118398a04d1a0abc29 (diff) | |
| parent | 47111aee401300f36b856a8fedca57277172aee3 (diff) | |
Merge "init: document what host init verifier checks"
| -rw-r--r-- | init/README.md | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/init/README.md b/init/README.md index 550ef0582..b0a73b946 100644 --- a/init/README.md +++ b/init/README.md @@ -752,3 +752,22 @@ Below is an example of doing the same but with strace kill -SIGCONT 4343 > strace runs + +Host Init Script Verification +----------------------------- + +Init scripts are checked for correctness during build time. Specifically the below is checked. + +1) Well formatted action, service and import sections, e.g. no actions without a preceding 'on' +line, and no extraneous lines after an 'import' statement. +2) All commands map to a valid keyword and the argument count is within the correct range. +3) All service options are valid. This is stricter than how commands are checked as the service +options' arguments are fully parsed, e.g. UIDs and GIDs must resolve. + +There are other parts of init scripts that are only parsed at runtime and therefore not checked +during build time, among them are the below. + +1) The validity of the arguments of commands, e.g. no checking if file paths actually exist, if +SELinux would permit the operation, or if the UIDs and GIDs resolve. +2) No checking if a service exists or has a valid SELinux domain defined +3) No checking if a service has not been previously defined in a different init script. |