#!/bin/sh
# GlobaLeaks daemon launcher.
#
# Do not run manually: the privilege drop is performed by systemd
# (User=globaleaks), so launching this script directly as root would start
# the daemon as root.
#
# Invoked by the systemd unit as the unprivileged service user (no '+'
# prefix on ExecStart). Configuration (LISTENING_IP, WORKING_DIR,
# APPARMOR_SANDBOXING) is provided through the unit's EnvironmentFile
# directives; this script does not source any configuration on its own.
set -e

DAEMON=/usr/bin/globaleaks

LISTENING_IP="${LISTENING_IP:-}"
WORKING_DIR="${WORKING_DIR:-/var/globaleaks}"
APPARMOR_SANDBOXING="${APPARMOR_SANDBOXING:-1}"

# The ramdisk directory is created by the daemon itself under the unit's
# RuntimeDirectory (/run/globaleaks, a root-owned systemd tmpfs), so no local
# user can pre-plant entries there and no guard is needed here.

if [ "${APPARMOR_SANDBOXING}" -eq 1 ]; then
    if ! command -v aa-status >/dev/null 2>&1 || ! aa-status --enabled; then
        echo "GlobaLeaks Apparmor Sandboxing Failure: requires apparmor" >&2
        exit 78
    fi

    exec aa-exec --profile=usr.bin.globaleaks -- "$DAEMON" -n --ip="${LISTENING_IP}" --working-path="${WORKING_DIR}"
fi

exec "$DAEMON" -n --ip="${LISTENING_IP}" --working-path="${WORKING_DIR}"
