From: Arne Fitzenreiter <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 34b7b986169eebce28c48cf4efc77200303c83b3
Date: Sun, 19 Apr 2020 17:40:18 +0000 [thread overview]
Message-ID: <494xtV471nz2xyB@people01.haj.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 6840 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 34b7b986169eebce28c48cf4efc77200303c83b3 (commit)
via 533c4312fad295d520f8ccef40e3e1b9f2b1b7f6 (commit)
via 18136c5ce9f32b6186df48bc2c2a7fade6792615 (commit)
from 03e4f8d60e5671bdc1ec90a829b1f389bcd0b8aa (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 34b7b986169eebce28c48cf4efc77200303c83b3
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Apr 19 17:37:28 2020 +0000
core144: add dhcpcd initskript and user
this commit also re/create the user after backup restore.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 533c4312fad295d520f8ccef40e3e1b9f2b1b7f6
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Apr 19 19:18:04 2020 +0200
dhcpcd: create dhcpcd user and chroot folder
dhcpcd 9.x adds privelege seperation by creating a chroot
and running parts of the client not as root.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 18136c5ce9f32b6186df48bc2c2a7fade6792615
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Apr 19 15:24:02 2020 +0200
dhcpcd: new pid path for dhcpcd 9.x
dhcpcd 9.x move the path of the pids to an own folder.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/backup/backup.pl | 8 ++++++++
config/etc/group | 1 +
config/etc/passwd | 1 +
config/rootfiles/core/144/filelists/files | 3 +++
config/rootfiles/core/144/update.sh | 8 ++++++++
src/initscripts/networking/functions.network | 2 +-
src/initscripts/networking/red | 6 +++---
src/initscripts/system/mountkernfs | 5 +++++
8 files changed, 30 insertions(+), 4 deletions(-)
Difference in files:
diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index e08d8de84..5b5734044 100644
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -79,6 +79,14 @@ restore_backup() {
# remove wrong vnstat tag file
rm -f /var/log/vnstat/tag
+ # create dhcpcd user
+ groupadd -g 52 dhcpcd
+ useradd -c 'dhcpcd privsep user' \
+ -d /run/dhcpcd/chroot \
+ -g dhcpcd \
+ -s /bin/false \
+ -u 52 dhcpcd
+
# Run converters
# Outgoing Firewall
diff --git a/config/etc/group b/config/etc/group
index 4855214be..f1767b30c 100644
--- a/config/etc/group
+++ b/config/etc/group
@@ -20,6 +20,7 @@ dip:x:40:
ftp:x:45:
rsyncd:x:48:
stunnel:x:51:
+dhcpcd:x:52:
lock:x:54:
sshd:x:74:
pcap:x:77:
diff --git a/config/etc/passwd b/config/etc/passwd
index 7893b43c9..cb0428085 100644
--- a/config/etc/passwd
+++ b/config/etc/passwd
@@ -7,6 +7,7 @@ ntp:x:38:38::/etc/ntp:/bin/false
ftp:x:45:45:anonymous_user:/home/ftp:/bin/false
rsyncd:x:48:48:rsyncd Daemon:/home/rsync:/bin/false
stunnel:x:51:51:stunnel Daemon:/var/lib/stunnel:/bin/false
+dhcpcd:x:52:52:dhcpcd privsep user:/run/dhcpcd/chroot:/bin/false
sshd:x:74:74:sshd:/var/empty:/bin/false
nobody:x:99:99:Nobody:/home/nobody:/bin/false
postfix:x:100:100::/var/spool/postfix:/bin/false
diff --git a/config/rootfiles/core/144/filelists/files b/config/rootfiles/core/144/filelists/files
index ce4e51768..ead2c54b7 100644
--- a/config/rootfiles/core/144/filelists/files
+++ b/config/rootfiles/core/144/filelists/files
@@ -2,3 +2,6 @@ etc/system-release
etc/issue
srv/web/ipfire/cgi-bin/credits.cgi
var/ipfire/langs
+etc/rc.d/init.d/mountkernfs
+etc/rc.d/init.d/networking/functions.network
+etc/rc.d/init.d/networking/red
diff --git a/config/rootfiles/core/144/update.sh b/config/rootfiles/core/144/update.sh
index 6a9c51931..103f8ebc7 100644
--- a/config/rootfiles/core/144/update.sh
+++ b/config/rootfiles/core/144/update.sh
@@ -56,6 +56,14 @@ ldconfig
# Start services
+# create dhcpcd user
+groupadd -g 52 dhcpcd
+useradd -c 'dhcpcd privsep user' \
+ -d /run/dhcpcd/chroot \
+ -g dhcpcd \
+ -s /bin/false \
+ -u 52 dhcpcd
+
# Update Language cache
/usr/local/bin/update-lang-cache
diff --git a/src/initscripts/networking/functions.network b/src/initscripts/networking/functions.network
index 17191e7a9..b7ce1c5e0 100644
--- a/src/initscripts/networking/functions.network
+++ b/src/initscripts/networking/functions.network
@@ -25,7 +25,7 @@ dhcpcd_get_pid() {
# network device, if a pidfile exists.
local device="$1"
- local pidfile="/var/run/dhcpcd-${device}.pid"
+ local pidfile="/var/run/dhcpcd/${device}.pid"
# Check if a pid file exists.
if [ -f "${pidfile}" ] ; then
diff --git a/src/initscripts/networking/red b/src/initscripts/networking/red
index e154cc8b1..db4209b44 100644
--- a/src/initscripts/networking/red
+++ b/src/initscripts/networking/red
@@ -228,13 +228,13 @@ case "${1}" in
TYPE="pppoe"
fi
if [ "${IPTV}" == "enable" ]; then
- PIDFILE="/var/run/dhcpcd-${DEVICE}.${IPTV_VLAN}.pid"
+ PIDFILE="/var/run/dhcpcd/${DEVICE}.${IPTV_VLAN}.pid"
LEASEINFO="/var/ipfire/dhcpc/dhcpcd-${DEVICE}.${IPTV_VLAN}.info"
# Test to see if there is a stale pid file
if [ -f "$PIDFILE" ]; then
ps `cat "$PIDFILE"` | grep dhcpcd > /dev/null
if [ $? != 0 ]; then
- rm -f /var/run/dhcpcd-${DEVICE}.${IPTV_VLAN}.pid > /dev/null
+ rm -f /var/run/dhcpcd/${DEVICE}.${IPTV_VLAN}.pid > /dev/null
fi
fi
@@ -289,7 +289,7 @@ case "${1}" in
if [ -f "$PIDFILE" ]; then
ps `cat "$PIDFILE"` | grep dhcpcd > /dev/null
if [ $? != 0 ]; then
- rm -f /var/run/dhcpcd-${DEVICE}.pid > /dev/null
+ rm -f /var/run/dhcpcd/${DEVICE}.pid > /dev/null
fi
fi
diff --git a/src/initscripts/system/mountkernfs b/src/initscripts/system/mountkernfs
index f7be82d01..f0bfc5289 100644
--- a/src/initscripts/system/mountkernfs
+++ b/src/initscripts/system/mountkernfs
@@ -34,6 +34,11 @@ case "${1}" in
mount -n -t tmpfs -o nosuid,nodev,mode=755,size=8M /run /run || failed=1
fi
+ # create folder for dhcpcd changeroot
+ mkdir -p /run/dhcpcd/chroot
+ chown dhcpcd:dhcpcd /run/dhcpcd/chroot
+ chmod 750 /run/dhcpcd/chroot
+
boot_mesg "" ${NORMAL}
(exit ${failed})
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2020-04-19 17:40 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=494xtV471nz2xyB@people01.haj.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox