Hello Daniel, Le dim. 25 oct. 2020 à 09:08, LEDE Commits <lede-comm...@lists.infradead.org> a écrit : > > dangole pushed a commit to openwrt/openwrt.git, branch master: > https://git.openwrt.org/2d34355e16b442fcf51e93786401716dae3c4ea2 > > commit 2d34355e16b442fcf51e93786401716dae3c4ea2 > Author: Daniel Golle <dan...@makrotopia.org> > AuthorDate: Mon Oct 19 21:22:30 2020 +0100 > > busybox: allow ntpd to run as non-root ntpd user > > Signed-off-by: Daniel Golle <dan...@makrotopia.org> > --- > package/utils/busybox/Makefile | 5 ++++- > package/utils/busybox/files/ntpd.capabilities | 22 > ++++++++++++++++++++++ > package/utils/busybox/files/sysntpd | 7 +++++++ > .../busybox/patches/600-allow-ntpd-non-root.patch | 12 ++++++++++++ > 4 files changed, 45 insertions(+), 1 deletion(-) > > diff --git a/package/utils/busybox/Makefile b/package/utils/busybox/Makefile > index b2de0a852b..6d9a0088e5 100644 > --- a/package/utils/busybox/Makefile > +++ b/package/utils/busybox/Makefile > @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk > > PKG_NAME:=busybox > PKG_VERSION:=1.31.1 > -PKG_RELEASE:=4 > +PKG_RELEASE:=5 > PKG_FLAGS:=essential > > PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 > @@ -50,6 +50,7 @@ define Package/busybox/Default > TITLE:=Core utilities for embedded Linux > URL:=http://busybox.net/ > DEPENDS:=+BUSYBOX_CONFIG_PAM:libpam +BUSYBOX_CONFIG_NTPD:jsonfilter > + USERID:=ntpd=123:ntpd=123
ntpd package has USERID:=ntp=123:ntp=123 and this cause breakage (reports on IRC and https://github.com/openwrt/openwrt/commit/2d34355e16b442fcf51e93786401716dae3c4ea2#commitcomment-43560876) Just replace ntpd with ntp should fix it > endef > > define Package/busybox > @@ -144,6 +145,8 @@ endif > ifneq ($(CONFIG_BUSYBOX_$(BUSYBOX_SYM)_NTPD),) > $(INSTALL_BIN) ./files/sysntpd $(1)/etc/init.d/sysntpd > $(INSTALL_BIN) ./files/ntpd-hotplug $(1)/usr/sbin/ntpd-hotplug > + $(INSTALL_DIR) $(1)/etc/capabilities/ > + $(INSTALL_DATA) ./files/ntpd.capabilities > $(1)/etc/capabilities/ntpd.json > endif > -rm -rf $(1)/lib64 > endef > diff --git a/package/utils/busybox/files/ntpd.capabilities > b/package/utils/busybox/files/ntpd.capabilities > new file mode 100644 > index 0000000000..8a05dba4bc > --- /dev/null > +++ b/package/utils/busybox/files/ntpd.capabilities > @@ -0,0 +1,22 @@ > +{ > + "bounding": [ > + "CAP_NET_BIND_SERVICE", > + "CAP_SYS_TIME" > + ], > + "effective": [ > + "CAP_NET_BIND_SERVICE", > + "CAP_SYS_TIME" > + ], > + "ambient": [ > + "CAP_NET_BIND_SERVICE", > + "CAP_SYS_TIME" > + ], > + "permitted": [ > + "CAP_NET_BIND_SERVICE", > + "CAP_SYS_TIME" > + ], > + "inheritable": [ > + "CAP_NET_BIND_SERVICE", > + "CAP_SYS_TIME" > + ] > +} > diff --git a/package/utils/busybox/files/sysntpd > b/package/utils/busybox/files/sysntpd > index 52866ba32a..cbc760a48e 100755 > --- a/package/utils/busybox/files/sysntpd > +++ b/package/utils/busybox/files/sysntpd > @@ -55,6 +55,13 @@ start_ntpd_instance() { > procd_append_param command -p $peer > done > procd_set_param respawn > + [ -x /sbin/ujail ] && { > + procd_add_jail ntpd > + procd_set_param capabilities /etc/capabilities/ntpd.json > + procd_set_param user ntpd > + procd_set_param group ntpd > + procd_set_param no_new_privs 1 > + } > procd_close_instance > } > > diff --git a/package/utils/busybox/patches/600-allow-ntpd-non-root.patch > b/package/utils/busybox/patches/600-allow-ntpd-non-root.patch > new file mode 100644 > index 0000000000..b5d4c2a07d > --- /dev/null > +++ b/package/utils/busybox/patches/600-allow-ntpd-non-root.patch > @@ -0,0 +1,12 @@ > +--- a/networking/ntpd.c > ++++ b/networking/ntpd.c > +@@ -2414,9 +2414,6 @@ static NOINLINE void ntp_init(char **arg > + > + srand(getpid()); > + > +- if (getuid()) > +- bb_error_msg_and_die(bb_msg_you_must_be_root); > +- > + /* Set some globals */ > + G.discipline_jitter = G_precision_sec; > + G.stratum = MAXSTRAT; > > _______________________________________________ > lede-commits mailing list > lede-comm...@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/lede-commits _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
