From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Tue, 29 Jun 2021 07:11:43 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1ly62B-0007Et-1B for lore@lore.pengutronix.de; Tue, 29 Jun 2021 07:11:43 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1ly62A-00007a-Lh; Tue, 29 Jun 2021 07:11:42 +0200 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1ly5zv-0005gL-ED; Tue, 29 Jun 2021 07:09:23 +0200 Received: from [2a0a:edc0:0:1101:1d::39] (helo=dude03.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1ly5zu-0005ct-Tp; Tue, 29 Jun 2021 07:09:22 +0200 Received: from mol by dude03.red.stw.pengutronix.de with local (Exim 4.92) (envelope-from ) id 1ly5zu-00AagL-Qy; Tue, 29 Jun 2021 07:09:22 +0200 From: Michael Olbrich To: ptxdist@pengutronix.de Date: Tue, 29 Jun 2021 07:09:22 +0200 Message-Id: <20210629050922.2524242-1-m.olbrich@pengutronix.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210619152607.858107-1-bruno.thomsen@gmail.com> References: <20210619152607.858107-1-bruno.thomsen@gmail.com> MIME-Version: 1.0 Subject: Re: [ptxdist] [APPLIED] chrony: fix runtime with busybox init X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: Bruno Thomsen Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Thanks, applied as e109b0935b4676f027714dbe59317185a9d602cd. Michael [sent from post-receive hook] On Tue, 29 Jun 2021 07:09:22 +0200, Bruno Thomsen wrote: > Run as root if busybox init is used (INITMETHOD_BBINIT) so > runtime directory is read and writable. When running under > systemd (INITMETHOD_SYSTEMD) use chrony user. > > A busybox init system typically ends up with a turtle shell > security architecture where systemd is used when defense in > depth is needed. > > Signed-off-by: Bruno Thomsen > Message-Id: <20210619152607.858107-1-bruno.thomsen@gmail.com> > Signed-off-by: Michael Olbrich > > diff --git a/rules/chrony.make b/rules/chrony.make > index 4435b8e97796..cbdf9314b52b 100644 > --- a/rules/chrony.make > +++ b/rules/chrony.make > @@ -54,7 +54,7 @@ CHRONY_CONF_OPT := \ > --disable-phc \ > $(call ptx/ifdef, PTXCONF_CHRONY_PPS_REFCLK,,--disable-pps) \ > $(call ptx/ifdef, PTXCONF_GLOBAL_IPV6,,--disable-ipv6) \ > - --with-user=chrony \ > + --with-user=$(call ptx/ifdef, PTXCONF_INITMETHOD_SYSTEMD,chrony,root) \ > $(call ptx/ifdef, PTXCONF_CHRONY_SECCOMP,--enable-scfilter,) \ > $(call ptx/ifdef, PTXCONF_CHRONY_SECCOMP,,--without-seccomp) > _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de