Save rules in /var/lib rather than user home directory

10 years ago · 04ce8b58e7
parent 3ee2a3bbc4
commit 04ce8b58e7
1 changed files with 28 additions and 12 deletions
--- a/rules.go
+++ b/rules.go
@ -10,8 +10,8 @@ import (
 	"github.com/subgraph/fw-daemon/nfqueue"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strconv"
 	"path"
 )
 const (
@ -168,24 +168,35 @@ func parseRule(s string) (*Rule, error) {
 	return r, nil
 }
-const ruleFile = ".sgfw_rules"
+const ruleFile = "/var/lib/sgfw/sgfw_rules"
-func rulesPath() string {
+func maybeCreateDir(dir string) error {
-	home := os.Getenv("HOME")
+	_,err := os.Stat(dir)
-	if home != "" {
+	if os.IsNotExist(err) {
-		return filepath.Join(home, ruleFile)
+		return os.MkdirAll(dir, 0755)
 	}
-	// XXX try something else?
+	return err
-	return ""
+}
 func rulesPath() (string, error) {
 	if err := maybeCreateDir(path.Dir(ruleFile)); err != nil {
 		return ruleFile, err
 	}
 	return ruleFile, nil
 }
 func (fw *Firewall) saveRules() {
 	fw.lock.Lock()
 	defer fw.lock.Unlock()
-	f, err := os.Create(rulesPath())
+	p,err := rulesPath()
 	if err != nil {
-		log.Warning("Failed to open %s for writing: %v", rulesPath(), err)
+		log.Warning("Failed to open %s for writing: %v", p, err)
 		return
 	}
 	f, err := os.Create(p)
 	if err != nil {
 		log.Warning("Failed to open %s for writing: %v", p, err)
 		return
 	}
 	defer f.Close()
@ -227,10 +238,15 @@ func (fw *Firewall) loadRules() {
 	fw.lock.Lock()
 	defer fw.lock.Unlock()
-	bs, err := ioutil.ReadFile(rulesPath())
+	p,err := rulesPath()
 	if err != nil {
 		log.Warning("Failed to open %s for reading: %v", p, err)
 		return
 	}
 	bs, err := ioutil.ReadFile(p)
 	if err != nil {
 		if !os.IsNotExist(err) {
-			log.Warning("Failed to open %s for reading: %v", rulesPath(), err)
+			log.Warning("Failed to open %s for reading: %v", p, err)
 		}
 		return
 	}