This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 34b7b986169eebce28c48cf4efc77200303c83b3 (commit) via 533c4312fad295d520f8ccef40e3e1b9f2b1b7f6 (commit) via 18136c5ce9f32b6186df48bc2c2a7fade6792615 (commit) from 03e4f8d60e5671bdc1ec90a829b1f389bcd0b8aa (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 34b7b986169eebce28c48cf4efc77200303c83b3 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Apr 19 17:37:28 2020 +0000
core144: add dhcpcd initskript and user
this commit also re/create the user after backup restore.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 533c4312fad295d520f8ccef40e3e1b9f2b1b7f6 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Apr 19 19:18:04 2020 +0200
dhcpcd: create dhcpcd user and chroot folder
dhcpcd 9.x adds privelege seperation by creating a chroot and running parts of the client not as root.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 18136c5ce9f32b6186df48bc2c2a7fade6792615 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Apr 19 15:24:02 2020 +0200
dhcpcd: new pid path for dhcpcd 9.x
dhcpcd 9.x move the path of the pids to an own folder.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/backup/backup.pl | 8 ++++++++ config/etc/group | 1 + config/etc/passwd | 1 + config/rootfiles/core/144/filelists/files | 3 +++ config/rootfiles/core/144/update.sh | 8 ++++++++ src/initscripts/networking/functions.network | 2 +- src/initscripts/networking/red | 6 +++--- src/initscripts/system/mountkernfs | 5 +++++ 8 files changed, 30 insertions(+), 4 deletions(-)
Difference in files: diff --git a/config/backup/backup.pl b/config/backup/backup.pl index e08d8de84..5b5734044 100644 --- a/config/backup/backup.pl +++ b/config/backup/backup.pl @@ -79,6 +79,14 @@ restore_backup() { # remove wrong vnstat tag file rm -f /var/log/vnstat/tag
+ # create dhcpcd user + groupadd -g 52 dhcpcd + useradd -c 'dhcpcd privsep user' \ + -d /run/dhcpcd/chroot \ + -g dhcpcd \ + -s /bin/false \ + -u 52 dhcpcd + # Run converters
# Outgoing Firewall diff --git a/config/etc/group b/config/etc/group index 4855214be..f1767b30c 100644 --- a/config/etc/group +++ b/config/etc/group @@ -20,6 +20,7 @@ dip:x:40: ftp:x:45: rsyncd:x:48: stunnel:x:51: +dhcpcd:x:52: lock:x:54: sshd:x:74: pcap:x:77: diff --git a/config/etc/passwd b/config/etc/passwd index 7893b43c9..cb0428085 100644 --- a/config/etc/passwd +++ b/config/etc/passwd @@ -7,6 +7,7 @@ ntp:x:38:38::/etc/ntp:/bin/false ftp:x:45:45:anonymous_user:/home/ftp:/bin/false rsyncd:x:48:48:rsyncd Daemon:/home/rsync:/bin/false stunnel:x:51:51:stunnel Daemon:/var/lib/stunnel:/bin/false +dhcpcd:x:52:52:dhcpcd privsep user:/run/dhcpcd/chroot:/bin/false sshd:x:74:74:sshd:/var/empty:/bin/false nobody:x:99:99:Nobody:/home/nobody:/bin/false postfix:x:100:100::/var/spool/postfix:/bin/false diff --git a/config/rootfiles/core/144/filelists/files b/config/rootfiles/core/144/filelists/files index ce4e51768..ead2c54b7 100644 --- a/config/rootfiles/core/144/filelists/files +++ b/config/rootfiles/core/144/filelists/files @@ -2,3 +2,6 @@ etc/system-release etc/issue srv/web/ipfire/cgi-bin/credits.cgi var/ipfire/langs +etc/rc.d/init.d/mountkernfs +etc/rc.d/init.d/networking/functions.network +etc/rc.d/init.d/networking/red diff --git a/config/rootfiles/core/144/update.sh b/config/rootfiles/core/144/update.sh index 6a9c51931..103f8ebc7 100644 --- a/config/rootfiles/core/144/update.sh +++ b/config/rootfiles/core/144/update.sh @@ -56,6 +56,14 @@ ldconfig
# Start services
+# create dhcpcd user +groupadd -g 52 dhcpcd +useradd -c 'dhcpcd privsep user' \ + -d /run/dhcpcd/chroot \ + -g dhcpcd \ + -s /bin/false \ + -u 52 dhcpcd + # Update Language cache /usr/local/bin/update-lang-cache
diff --git a/src/initscripts/networking/functions.network b/src/initscripts/networking/functions.network index 17191e7a9..b7ce1c5e0 100644 --- a/src/initscripts/networking/functions.network +++ b/src/initscripts/networking/functions.network @@ -25,7 +25,7 @@ dhcpcd_get_pid() { # network device, if a pidfile exists.
local device="$1" - local pidfile="/var/run/dhcpcd-${device}.pid" + local pidfile="/var/run/dhcpcd/${device}.pid"
# Check if a pid file exists. if [ -f "${pidfile}" ] ; then diff --git a/src/initscripts/networking/red b/src/initscripts/networking/red index e154cc8b1..db4209b44 100644 --- a/src/initscripts/networking/red +++ b/src/initscripts/networking/red @@ -228,13 +228,13 @@ case "${1}" in TYPE="pppoe" fi if [ "${IPTV}" == "enable" ]; then - PIDFILE="/var/run/dhcpcd-${DEVICE}.${IPTV_VLAN}.pid" + PIDFILE="/var/run/dhcpcd/${DEVICE}.${IPTV_VLAN}.pid" LEASEINFO="/var/ipfire/dhcpc/dhcpcd-${DEVICE}.${IPTV_VLAN}.info" # Test to see if there is a stale pid file if [ -f "$PIDFILE" ]; then ps `cat "$PIDFILE"` | grep dhcpcd > /dev/null if [ $? != 0 ]; then - rm -f /var/run/dhcpcd-${DEVICE}.${IPTV_VLAN}.pid > /dev/null + rm -f /var/run/dhcpcd/${DEVICE}.${IPTV_VLAN}.pid > /dev/null fi fi
@@ -289,7 +289,7 @@ case "${1}" in if [ -f "$PIDFILE" ]; then ps `cat "$PIDFILE"` | grep dhcpcd > /dev/null if [ $? != 0 ]; then - rm -f /var/run/dhcpcd-${DEVICE}.pid > /dev/null + rm -f /var/run/dhcpcd/${DEVICE}.pid > /dev/null fi fi
diff --git a/src/initscripts/system/mountkernfs b/src/initscripts/system/mountkernfs index f7be82d01..f0bfc5289 100644 --- a/src/initscripts/system/mountkernfs +++ b/src/initscripts/system/mountkernfs @@ -34,6 +34,11 @@ case "${1}" in mount -n -t tmpfs -o nosuid,nodev,mode=755,size=8M /run /run || failed=1 fi
+ # create folder for dhcpcd changeroot + mkdir -p /run/dhcpcd/chroot + chown dhcpcd:dhcpcd /run/dhcpcd/chroot + chmod 750 /run/dhcpcd/chroot + boot_mesg "" ${NORMAL}
(exit ${failed})
hooks/post-receive -- IPFire 2.x development tree