busybox: allow ntpd to run as non-root ntpd user

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
author: Daniel Golle <daniel@makrotopia.org> 2020-10-19 21:22:30 +0100
committer: Daniel Golle <daniel@makrotopia.org> 2020-10-25 13:01:35 +0000
commit: 2d34355e16b442fcf51e93786401716dae3c4ea2 (patch)
tree: 1fe6e9c20153a6f76d5baf7a48480c93a0537b06 /package/utils/busybox/files/sysntpd
parent: ccb283c71cce2248eea3afd42624f626cdc3a4f2 (diff)
download: upstream-2d34355e16b442fcf51e93786401716dae3c4ea2.tar.gz
upstream-2d34355e16b442fcf51e93786401716dae3c4ea2.tar.bz2
upstream-2d34355e16b442fcf51e93786401716dae3c4ea2.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/package/utils/busybox/files/sysntpd b/package/utils/busybox/files/sysntpd
index 52866ba32a..cbc760a48e 100755
--- a/package/utils/busybox/files/sysntpd
+++ b/package/utils/busybox/files/sysntpd
@@ -55,6 +55,13 @@ start_ntpd_instance() {
 		procd_append_param command -p $peer
 	done
 	procd_set_param respawn
+	[ -x /sbin/ujail ] && {
+		procd_add_jail ntpd
+		procd_set_param capabilities /etc/capabilities/ntpd.json
+		procd_set_param user ntpd
+		procd_set_param group ntpd
+		procd_set_param no_new_privs 1
+	}
 	procd_close_instance
 }
author	Daniel Golle <daniel@makrotopia.org>	2020-10-19 21:22:30 +0100
committer	Daniel Golle <daniel@makrotopia.org>	2020-10-25 13:01:35 +0000
commit	2d34355e16b442fcf51e93786401716dae3c4ea2 (patch)
tree	1fe6e9c20153a6f76d5baf7a48480c93a0537b06 /package/utils/busybox/files/sysntpd
parent	ccb283c71cce2248eea3afd42624f626cdc3a4f2 (diff)
download	upstream-2d34355e16b442fcf51e93786401716dae3c4ea2.tar.gz upstream-2d34355e16b442fcf51e93786401716dae3c4ea2.tar.bz2 upstream-2d34355e16b442fcf51e93786401716dae3c4ea2.zip