PKG_NAME:=busybox
PKG_VERSION:=1.31.1
-PKG_RELEASE:=4
+PKG_RELEASE:=5
PKG_FLAGS:=essential
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
TITLE:=Core utilities for embedded Linux
URL:=http://busybox.net/
DEPENDS:=+BUSYBOX_CONFIG_PAM:libpam +BUSYBOX_CONFIG_NTPD:jsonfilter
+ USERID:=ntpd=123:ntpd=123
endef
define Package/busybox
ifneq ($(CONFIG_BUSYBOX_$(BUSYBOX_SYM)_NTPD),)
$(INSTALL_BIN) ./files/sysntpd $(1)/etc/init.d/sysntpd
$(INSTALL_BIN) ./files/ntpd-hotplug $(1)/usr/sbin/ntpd-hotplug
+ $(INSTALL_DIR) $(1)/etc/capabilities/
+ $(INSTALL_DATA) ./files/ntpd.capabilities $(1)/etc/capabilities/ntpd.json
endif
-rm -rf $(1)/lib64
endef
--- /dev/null
+{
+ "bounding": [
+ "CAP_NET_BIND_SERVICE",
+ "CAP_SYS_TIME"
+ ],
+ "effective": [
+ "CAP_NET_BIND_SERVICE",
+ "CAP_SYS_TIME"
+ ],
+ "ambient": [
+ "CAP_NET_BIND_SERVICE",
+ "CAP_SYS_TIME"
+ ],
+ "permitted": [
+ "CAP_NET_BIND_SERVICE",
+ "CAP_SYS_TIME"
+ ],
+ "inheritable": [
+ "CAP_NET_BIND_SERVICE",
+ "CAP_SYS_TIME"
+ ]
+}
procd_append_param command -p $peer
done
procd_set_param respawn
+ [ -x /sbin/ujail ] && {
+ procd_add_jail ntpd
+ procd_set_param capabilities /etc/capabilities/ntpd.json
+ procd_set_param user ntpd
+ procd_set_param group ntpd
+ procd_set_param no_new_privs 1
+ }
procd_close_instance
}
--- /dev/null
+--- a/networking/ntpd.c
++++ b/networking/ntpd.c
+@@ -2414,9 +2414,6 @@ static NOINLINE void ntp_init(char **arg
+
+ srand(getpid());
+
+- if (getuid())
+- bb_error_msg_and_die(bb_msg_you_must_be_root);
+-
+ /* Set some globals */
+ G.discipline_jitter = G_precision_sec;
+ G.stratum = MAXSTRAT;
projects / openwrt / staging / dedeckeh.git / commitdiff