NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
63463ee43f
kumquat-buildroot/package/chrony/chrony.mk
James Kent 451672e890 package/chrony: run as unprivileged user 
There are three ways to run chronyd:
  - start as root, and continue running as root;
  - start as root, then setuid() to a non-root user via either a command
    line option or a configuration directive;
  - start as root, and setuid() to a build-time specified non-root user.

Currently, the first situation is used by Buildroot, which does not
follow security best practices of dropping elevated privileges for
daemon at runtime when that is possible.

We switch to the third situation, where a compile-time default non-root
user is then used at runtime to drop privileges, with libcap used to
keep the capabilities required to call the appropriate syscalls to
adjust the system time (typically, CAP_SYS_TIME to call adjtimex() or
clock_settime() et al.).

This means that libcap is now a mandatory dependency.

To be noted: users who previously had configured their systems to run
chronyd as non root, would have done so with either the command-line
option (`-u`), or the configuration directive (`user`). Those take
precedence over the compile-time default, so this should not break their
systems (presumably, they also run as the `chrony` user). They would
also have taken care to run chronyc as the appropriate user to
manipulate chronyd at runtime via the UNIX socket.

For those who were running chronyd as root, this does not change either:
the functionality is unchanged, and they were running chronyc as root,
which should still be capable of manipulating chronyd via its UNIX
socket.

Take that opportunity to brine chrony's Config.in to current coding
style: enclose sub-option in an if-endif block.

Signed-off-by: James Kent <james.kent@orchestrated-technology.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-02-11 15:58:35 +01:00

86 lines
2.0 KiB
Makefile
Raw Blame History

################################################################################
#
# chrony
#
################################################################################
CHRONY_VERSION = 4.3
CHRONY_SITE = http://download.tuxfamily.org/chrony
CHRONY_LICENSE = GPL-2.0
CHRONY_LICENSE_FILES = COPYING
CHRONY_CPE_ID_VENDOR = tuxfamily
CHRONY_SELINUX_MODULES = chronyd
CHRONY_DEPENDENCIES = host-pkgconf libcap
CHRONY_CONF_OPTS = \
--host-system=Linux \
--host-machine=$(BR2_ARCH) \
--prefix=/usr \
--without-tomcrypt \
--with-user=chrony \
$(if $(BR2_PACKAGE_CHRONY_DEBUG_LOGGING),--enable-debug,--disable-debug)
define CHRONY_USERS
chrony -1 chrony -1 * /run/chrony - - Time daemon
endef
ifeq ($(BR2_PACKAGE_LIBNSS),y)
CHRONY_DEPENDENCIES += libnss
else
CHRONY_CONF_OPTS += --without-nss
endif
ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
CHRONY_CONF_OPTS += --enable-scfilter
CHRONY_DEPENDENCIES += libseccomp
else
CHRONY_CONF_OPTS += --without-seccomp
endif
ifeq ($(BR2_PACKAGE_LIBEDIT),y)
CHRONY_DEPENDENCIES += libedit
else
CHRONY_CONF_OPTS += --without-editline --disable-readline
endif
# If pps-tools is available, build it before so the package can use it
# (HAVE_SYS_TIMEPPS_H).
ifeq ($(BR2_PACKAGE_PPS_TOOLS),y)
CHRONY_DEPENDENCIES += pps-tools
endif
ifeq ($(BR2_PACKAGE_GNUTLS),y)
CHRONY_DEPENDENCIES += gnutls
else
CHRONY_CONF_OPTS += --without-gnutls
endif
ifeq ($(BR2_PACKAGE_NETTLE),y)
CHRONY_DEPENDENCIES += nettle
else
CHRONY_CONF_OPTS += --without-nettle
endif
define CHRONY_CONFIGURE_CMDS
cd $(@D) && $(TARGET_CONFIGURE_OPTS) ./configure $(CHRONY_CONF_OPTS)
endef
define CHRONY_BUILD_CMDS
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D)
endef
define CHRONY_INSTALL_TARGET_CMDS
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR="$(TARGET_DIR)" install
endef
define CHRONY_INSTALL_INIT_SYSV
$(INSTALL) -D -m 755 package/chrony/S49chrony $(TARGET_DIR)/etc/init.d/S49chrony
endef
define CHRONY_INSTALL_INIT_SYSTEMD
$(INSTALL) -D -m 644 package/chrony/chrony.service \
$(TARGET_DIR)/usr/lib/systemd/system/chrony.service
endef
$(eval $(generic-package))
Reference in New Issue View Git Blame Copy Permalink