aboutsummaryrefslogtreecommitdiffstats
path: root/package/utils/busybox/files
diff options
context:
space:
mode:
Diffstat (limited to 'package/utils/busybox/files')
-rw-r--r--package/utils/busybox/files/ntpd.capabilities22
-rwxr-xr-xpackage/utils/busybox/files/sysntpd7
2 files changed, 29 insertions, 0 deletions
diff --git a/package/utils/busybox/files/ntpd.capabilities b/package/utils/busybox/files/ntpd.capabilities
new file mode 100644
index 0000000000..8a05dba4bc
--- /dev/null
+++ b/package/utils/busybox/files/ntpd.capabilities
@@ -0,0 +1,22 @@
+{
+ "bounding": [
+ "CAP_NET_BIND_SERVICE",
+ "CAP_SYS_TIME"
+ ],
+ "effective": [
+ "CAP_NET_BIND_SERVICE",
+ "CAP_SYS_TIME"
+ ],
+ "ambient": [
+ "CAP_NET_BIND_SERVICE",
+ "CAP_SYS_TIME"
+ ],
+ "permitted": [
+ "CAP_NET_BIND_SERVICE",
+ "CAP_SYS_TIME"
+ ],
+ "inheritable": [
+ "CAP_NET_BIND_SERVICE",
+ "CAP_SYS_TIME"
+ ]
+}
diff --git a/package/utils/busybox/files/sysntpd b/package/utils/busybox/files/sysntpd
index 52866ba32a..cbc760a48e 100755
--- a/package/utils/busybox/files/sysntpd
+++ b/package/utils/busybox/files/sysntpd
@@ -55,6 +55,13 @@ start_ntpd_instance() {
procd_append_param command -p $peer
done
procd_set_param respawn
+ [ -x /sbin/ujail ] && {
+ procd_add_jail ntpd
+ procd_set_param capabilities /etc/capabilities/ntpd.json
+ procd_set_param user ntpd
+ procd_set_param group ntpd
+ procd_set_param no_new_privs 1
+ }
procd_close_instance
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-03 14:54:00 +0000