upstream/oracle/userland-gate: components/ntp/patches/75-notroot.patch@e2e23e69f5e7 (annotated)

5962 cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	1	This works around the limitation of requiring root as the user. This has
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	2	been reported to the community as NTP bug 2422 "Allow ntpd to be started as
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	3	non-root if appropriate POSIX capabilities are set" which although reported
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	4	as Linux specific, is being used to track the Solaris issue as well.
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	5
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	6	This particular solution is not being passed to the community as a solution
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	7	because it is specific to Solaris and to our specific use of SMF and is not
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	8	really suitable as a general solution.
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	9
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	10	--- ntpd/ntpd.c
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	11	+++ ntpd/ntpd.c
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	12	@@ -620,12 +620,14 @@ ntpdmain(
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	13
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	14	/* MPE lacks the concept of root */
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	15	# if defined(HAVE_GETUID) && !defined(MPE)
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	16	- uid = getuid();
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	17	- if (uid && !HAVE_OPT( SAVECONFIGQUIT )) {
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	18	- msyslog_term = TRUE;
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	19	- msyslog(LOG_ERR,
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	20	- "must be run as root, not uid %ld", (long)uid);
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	21	- exit(1);
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	22	+ if (!getenv("SMF_FMRI")) {
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	23	+ uid = getuid();
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	24	+ if (uid && !HAVE_OPT( SAVECONFIGQUIT )) {
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	25	+ msyslog_term = TRUE;
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	26	+ msyslog(LOG_ERR,
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	27	+ "must be run as root, not uid %ld", (long)uid);
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	28	+ exit(1);
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	29	+ }
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	30	}
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	31	# endif
cb383b2a2d0a 16834879 ntpd should run as non root user/group and use Extended Policy Brian Utterback <brian.utterback@oracle.com> parents: diff changeset	32

author	Brian Utterback <brian.utterback@oracle.com>
	Thu, 13 Apr 2017 17:10:44 -0700
changeset 7955	e2e23e69f5e7
parent 5962	cb383b2a2d0a
permissions	-rw-r--r--