update-ids-ruleset: Always drop the lock file if it has been created during runtime.

In some situations or if an error happened, the lock file could be keep on the system. In such a case the IDS page would be locked forever until user interaction or reboot of the system. Now the script checks if it has created such a lock and release it when the script exists. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org>
2026-04-09 18:45:54 +02:00 · 2022-03-03 05:49:43 +01:00
parent 8353e28ad2
commit a956712e75
1 changed files with 16 additions and 3 deletions
--- a/src/scripts/update-ids-ruleset
+++ b/src/scripts/update-ids-ruleset
@@ -26,6 +26,9 @@ require '/var/ipfire/general-functions.pl';
 require "${General::swroot}/ids-functions.pl";
 require "${General::swroot}/lang.pl";

+# Variable to store if the process has written a lockfile.
+my $locked;
+
 # Hash to store the configured providers.
 my %providers = ();

@@ -77,6 +80,9 @@ if(&IDS::checkdiskspace()) {
 # Lock the IDS page.
 &IDS::lock_ids_page();

+# The script has requested a lock, so set locket to "1".
+$locked = "1";
+
 # Grab the configured providers.
 &General::readhasharray("$IDS::providers_settings_file", \%providers);

@@ -114,13 +120,20 @@ foreach my $id (keys %providers) {
 # Set correct ownership for the rulesdir and files.
 &IDS::set_ownership("$IDS::rulespath");

-# Unlock the IDS page.
-&IDS::unlock_ids_page();
-
 # Check if the IDS is running.
 if(&IDS::ids_is_running()) {
 	# Call suricatactrl to perform a reload.
 	&IDS::call_suricatactrl("reload");
 }

+# Custom END declaration to release a IDS page lock
+# when the script has created one.
+END {
+	# Check if a lock has been requested.
+	if ($locked) {
+		# Unlock the IDS page.
+		&IDS::unlock_ids_page();
+	}
+}
+
 1;