This is the modified apache2 init-script
--- apache2_orginal 2008-07-01 14:33:17.000000000 +0200
+++ apache2 2008-07-02 18:11:08.000000000 +0200
@@ -115,6 +115,8 @@
fi
done
fi
+ echo "sleeping a bit, otherwise the port is blocking from dieing apache"
+ sleep 2
}
# Stupid hack to keep lintian happy. (Warrk! Stupidhack!).
@@ -126,7 +128,9 @@
#ssl_scache shouldn't be here if we're just starting up.
[ -f /var/run/apache2/ssl_scache ] && rm -f /var/run/apache2/*ssl_scache*
log_begin_msg "Starting web server (apache2)..."
- if $APACHE2CTL start; then
+# if $APACHE2CTL start; then
+ $ENV run-jail apache2 /usr/sbin/apache2ctl start
+ if [ "$?" -eq 0 ]; then
log_end_msg 0
else
log_end_msg 1
@@ -148,7 +152,9 @@
fi
log_begin_msg "Reloading web server config..."
if pidof_apache; then
- if $APACHE2CTL graceful $2 ; then
+ $ENV run-jail apache2 /usr/sbin/apache2ctl graceful reload
+ #if $APACHE2CTL graceful $2 ; then
+ if [ "$?" -eq 0 ]; then
log_end_msg 0
else
log_end_msg 1
@@ -160,7 +166,9 @@
if ! apache_sync_stop; then
log_end_msg 1
fi
- if $APACHE2CTL start; then
+ $ENV run-jail apache2 /usr/sbin/apache2ctl start
+ if [ "$?" -eq 0 ]; then
+# if $APACHE2CTL start; then
log_end_msg 0
else
log_end_msg 1
;
; RSBAC JAIL definition for apache2
; 20060502
;
; Tested by:
; Fuleki Miklos (RAk)
; Peter Busser (peter)
; Robert Penz (robert)
; igraltist on debian
;
""
"0.0.0.0"
(allow-dev-read
allow-dev-write
allow-all-net-family
allow-inet-raw
private-namespace)
(setuid
setgid
net-bind-service
kill)
(sysctl)
(rlimit)
/etc/init.d/apache2 start
Starting web server (apache2)...
This is execute now:
rsbac_jail -d -D -n -r -N -C SETUID SETGID NET_BIND_SERVICE KILL -G sysctl -M rlimit /usr/sbin/apache2ctl start