diff options
-rwxr-xr-x | rc.d/rc.sysinit | 40 |
1 files changed, 28 insertions, 12 deletions
diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit index e535aecf..f9e70add 100755 --- a/rc.d/rc.sysinit +++ b/rc.d/rc.sysinit @@ -594,19 +594,35 @@ if [ "$READONLY" = "yes" -o "$TEMPORARY_STATE" = "yes" ]; then mount -t nfs $CLIENTSTATE/$HOSTNAME $STATE_MOUNT -o rw,nolock fi - if [ -d $STATE_MOUNT/etc ]; then - # Copy the puppet CA's cert from the r/o image into the - # state directory so that we can create a bind mount on - # the ssl directory for storing the client cert. I'd really - # rather have a unionfs to deal with this stuff - cp --parents -f -p /var/lib/puppet/ssl/certs/ca.pem $STATE_MOUNT 2>/dev/null - - # In the future this will be handled by puppet - for i in $(grep -v "^#" $STATE_MOUNT/files); do - if [ -e $i ]; then - mount -n -o bind $STATE_MOUNT/${i} ${i} + if [ -w "$STATE_MOUNT" ]; then + + mount_state() { + if [ -e "$1" ]; then + [ ! -e "$STATE_MOUNT$1" ] && cp -a --parents "$1" "$STATE_MOUNT" + mount -n --bind "$STATE_MOUNT$1" "$1" + fi + } + + for file in /etc/statetab /etc/statetab.d/* ; do + is_ignored_file "$file" && continue + [ ! -f "$file" ] && continue + + if [ -f "$STATE_MOUNT/$file" ] ; then + mount -n --bind "$STATE_MOUNT/$file" "$file" fi - done + + for path in $(grep -v "^#" "$file" 2>/dev/null); do + mount_state "$path" + [ -n "$SELINUX_STATE" -a -e "$path" ] && restorecon -R "$path" + done + done + + if [ -f "$STATE_MOUNT/files" ] ; then + for path in $(grep -v "^#" "$STATE_MOUNT/files" 2>/dev/null); do + mount_state "$path" + [ -n "$SELINUX_STATE" -a -e "$path" ] && restorecon -R "$path" + done + fi fi fi |