* [Buildroot] [PATCH v2] package/chrony: add default unprivileged user option @ 2023-02-08 18:27 James Kent 2023-02-09 20:22 ` Arnout Vandecappelle 0 siblings, 1 reply; 3+ messages in thread From: James Kent @ 2023-02-08 18:27 UTC (permalink / raw) To: buildroot; +Cc: James Kent, yann.morin.1998 Configurable option to define and enable by default an unprivileged user which the Chrony daemon will assume once initialised. The functionality requires libcap which is selected as necessary. This option supports the good security practice of dropping elevated privileges for daemon runtime. The package configuration layout has been updated to current working practice. Signed-off-by: James Kent <james.kent@orchestrated-technology.com> --- package/chrony/Config.in | 12 +++++++++++- package/chrony/chrony.mk | 8 ++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/package/chrony/Config.in b/package/chrony/Config.in index 158dc20530..0ba14c6aef 100644 --- a/package/chrony/Config.in +++ b/package/chrony/Config.in @@ -7,10 +7,20 @@ config BR2_PACKAGE_CHRONY http://chrony.tuxfamily.org/ +if BR2_PACKAGE_CHRONY + config BR2_PACKAGE_CHRONY_DEBUG_LOGGING bool "enable debug logging support" - depends on BR2_PACKAGE_CHRONY help Enable support for debug logging output from Chrony when enabled at runtime. If disabled, code for debug logging will not be compiled in. + +config BR2_PACKAGE_CHRONY_USER + bool "chrony default unprivileged user" + select BR2_PACKAGE_LIBCAP + help + Define and enable default unprivileged user for the Chrony + daemon to run as. + +endif diff --git a/package/chrony/chrony.mk b/package/chrony/chrony.mk index 379e95a778..16f8f082a3 100644 --- a/package/chrony/chrony.mk +++ b/package/chrony/chrony.mk @@ -21,6 +21,14 @@ CHRONY_CONF_OPTS = \ ifeq ($(BR2_PACKAGE_LIBCAP),y) CHRONY_DEPENDENCIES += libcap + +ifeq ($(BR2_PACKAGE_CHRONY_USER),y) +CHRONY_CONF_OPTS += --with-user=chrony +define CHRONY_USERS + chrony -1 chrony -1 * /run/chrony - - Time daemon +endef +endif + else CHRONY_CONF_OPTS += --without-libcap endif -- 2.35.3 _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH v2] package/chrony: add default unprivileged user option 2023-02-08 18:27 [Buildroot] [PATCH v2] package/chrony: add default unprivileged user option James Kent @ 2023-02-09 20:22 ` Arnout Vandecappelle 2023-02-11 15:01 ` Yann E. MORIN 0 siblings, 1 reply; 3+ messages in thread From: Arnout Vandecappelle @ 2023-02-09 20:22 UTC (permalink / raw) To: James Kent, buildroot; +Cc: yann.morin.1998 Hi James, On 08/02/2023 19:27, James Kent wrote: > Configurable option to define and enable by default an unprivileged > user which the Chrony daemon will assume once initialised. The > functionality requires libcap which is selected as necessary. > > This option supports the good security practice of dropping elevated > privileges for daemon runtime. > > The package configuration layout has been updated to current working > practice. > > Signed-off-by: James Kent <james.kent@orchestrated-technology.com> > --- > package/chrony/Config.in | 12 +++++++++++- > package/chrony/chrony.mk | 8 ++++++++ > 2 files changed, 19 insertions(+), 1 deletion(-) > > diff --git a/package/chrony/Config.in b/package/chrony/Config.in > index 158dc20530..0ba14c6aef 100644 > --- a/package/chrony/Config.in > +++ b/package/chrony/Config.in > @@ -7,10 +7,20 @@ config BR2_PACKAGE_CHRONY > > http://chrony.tuxfamily.org/ > > +if BR2_PACKAGE_CHRONY > + > config BR2_PACKAGE_CHRONY_DEBUG_LOGGING > bool "enable debug logging support" > - depends on BR2_PACKAGE_CHRONY > help > Enable support for debug logging output from Chrony when > enabled at runtime. If disabled, code for debug logging will > not be compiled in. > + > +config BR2_PACKAGE_CHRONY_USER > + bool "chrony default unprivileged user" Is there any reason to do this conditionally? For all other packages, we do it unconditionally. Regards, Arnout > + select BR2_PACKAGE_LIBCAP > + help > + Define and enable default unprivileged user for the Chrony > + daemon to run as. > + > +endif > diff --git a/package/chrony/chrony.mk b/package/chrony/chrony.mk > index 379e95a778..16f8f082a3 100644 > --- a/package/chrony/chrony.mk > +++ b/package/chrony/chrony.mk > @@ -21,6 +21,14 @@ CHRONY_CONF_OPTS = \ > > ifeq ($(BR2_PACKAGE_LIBCAP),y) > CHRONY_DEPENDENCIES += libcap > + > +ifeq ($(BR2_PACKAGE_CHRONY_USER),y) > +CHRONY_CONF_OPTS += --with-user=chrony > +define CHRONY_USERS > + chrony -1 chrony -1 * /run/chrony - - Time daemon > +endef > +endif > + > else > CHRONY_CONF_OPTS += --without-libcap > endif _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH v2] package/chrony: add default unprivileged user option 2023-02-09 20:22 ` Arnout Vandecappelle @ 2023-02-11 15:01 ` Yann E. MORIN 0 siblings, 0 replies; 3+ messages in thread From: Yann E. MORIN @ 2023-02-11 15:01 UTC (permalink / raw) To: Arnout Vandecappelle; +Cc: James Kent, buildroot Arnout, James, All, On 2023-02-09 21:22 +0100, Arnout Vandecappelle spake thusly: > On 08/02/2023 19:27, James Kent wrote: > >Configurable option to define and enable by default an unprivileged > >user which the Chrony daemon will assume once initialised. The > >functionality requires libcap which is selected as necessary. > > > >This option supports the good security practice of dropping elevated > >privileges for daemon runtime. > > > >The package configuration layout has been updated to current working > >practice. > > > >Signed-off-by: James Kent <james.kent@orchestrated-technology.com> > >--- [--SNIP--] > >+config BR2_PACKAGE_CHRONY_USER > >+ bool "chrony default unprivileged user" > Is there any reason to do this conditionally? For all other packages, we do > it unconditionally. From what I read, there are three situation to run chrony: - start as root and stay running as root; - start as root, setuid to a user either with a commandline option, or a configuration directive; - start as root, and setuid to a user defined at build-time (which can still be overriden on the commandline or a configuration directive). What this patch does, is to allow for the third option. As it was previously already possible to run as non-root, by just enabling libcap in Buildroot's config, and adding the user configuration directive in chrony's config file (or run it with -u), some people may already do that in their setups, and we do not want to break that. So those people do have eithe the config directive or the -u option, which both take precendence over the build-time configuration. As for those that do run as root, switching to a non-root user should not have any impact in functionality. So, we can safely unconditionally default to a compile-time non-root user. Except, a linux kernel may only have the root user, see CONFIG_MULTIUSER. But in that case we'd have tons of other packages that are gonna whine... Applied to master without the condition, thanks. Regards, Yann E. MORIN. > Regards, > Arnout > > >+ select BR2_PACKAGE_LIBCAP > >+ help > >+ Define and enable default unprivileged user for the Chrony > >+ daemon to run as. > >+ > >+endif > >diff --git a/package/chrony/chrony.mk b/package/chrony/chrony.mk > >index 379e95a778..16f8f082a3 100644 > >--- a/package/chrony/chrony.mk > >+++ b/package/chrony/chrony.mk > >@@ -21,6 +21,14 @@ CHRONY_CONF_OPTS = \ > > ifeq ($(BR2_PACKAGE_LIBCAP),y) > > CHRONY_DEPENDENCIES += libcap > >+ > >+ifeq ($(BR2_PACKAGE_CHRONY_USER),y) > >+CHRONY_CONF_OPTS += --with-user=chrony > >+define CHRONY_USERS > >+ chrony -1 chrony -1 * /run/chrony - - Time daemon > >+endef > >+endif > >+ > > else > > CHRONY_CONF_OPTS += --without-libcap > > endif -- .-----------------.--------------------.------------------.--------------------. | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ | | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no | | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. | '------------------------------^-------^------------------^--------------------' _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-02-11 15:02 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-02-08 18:27 [Buildroot] [PATCH v2] package/chrony: add default unprivileged user option James Kent 2023-02-09 20:22 ` Arnout Vandecappelle 2023-02-11 15:01 ` Yann E. MORIN
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox