mirror of
git://projects.qi-hardware.com/openwrt-xburst.git
synced 2024-11-27 17:13:11 +02:00
lldpd: bump to v0.6.1, enable privilege separation and chrooting
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@33729 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
parent
885315f8b4
commit
9767d62aa0
@ -8,12 +8,12 @@
|
|||||||
include $(TOPDIR)/rules.mk
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=lldpd
|
PKG_NAME:=lldpd
|
||||||
PKG_VERSION:=0.6.0
|
PKG_VERSION:=0.6.1
|
||||||
PKG_RELEASE:=1
|
PKG_RELEASE:=1
|
||||||
|
|
||||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||||
PKG_SOURCE_URL:=http://media.luffy.cx/files/lldpd
|
PKG_SOURCE_URL:=http://media.luffy.cx/files/lldpd
|
||||||
PKG_MD5SUM:=77279577e3b6d85a33dc0afe7c960b27
|
PKG_MD5SUM:=d2f9ae67e0bcce0206a3a501a81d0738
|
||||||
|
|
||||||
PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org>
|
PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org>
|
||||||
|
|
||||||
@ -43,8 +43,9 @@ endef
|
|||||||
define Package/lldpd/install
|
define Package/lldpd/install
|
||||||
$(INSTALL_DIR) $(1)/etc/init.d
|
$(INSTALL_DIR) $(1)/etc/init.d
|
||||||
$(INSTALL_DIR) $(1)/etc/config
|
$(INSTALL_DIR) $(1)/etc/config
|
||||||
$(INSTALL_DIR) $(1)/usr/sbin
|
$(INSTALL_DIR) $(1)/usr/lib $(1)/usr/sbin
|
||||||
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/lldp{ctl,d} $(1)/usr/sbin/
|
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/lldp{ctl,d} $(1)/usr/sbin/
|
||||||
|
$(CP) $(PKG_INSTALL_DIR)/usr/lib/liblldpctl.so* $(1)/usr/lib/
|
||||||
$(INSTALL_BIN) ./files/lldpd.init $(1)/etc/init.d/lldpd
|
$(INSTALL_BIN) ./files/lldpd.init $(1)/etc/init.d/lldpd
|
||||||
$(INSTALL_DATA) ./files/lldpd.config $(1)/etc/config/lldpd
|
$(INSTALL_DATA) ./files/lldpd.config $(1)/etc/config/lldpd
|
||||||
endef
|
endef
|
||||||
@ -53,4 +54,9 @@ define Package/lldpd/conffiles
|
|||||||
/etc/config/lldpd
|
/etc/config/lldpd
|
||||||
endef
|
endef
|
||||||
|
|
||||||
|
CONFIGURE_ARGS += \
|
||||||
|
--with-privsep-user=lldp \
|
||||||
|
--with-privsep-group=lldp \
|
||||||
|
--with-privsep-chroot=/var/run/lldp
|
||||||
|
|
||||||
$(eval $(call BuildPackage,lldpd))
|
$(eval $(call BuildPackage,lldpd))
|
||||||
|
@ -26,6 +26,12 @@ start() {
|
|||||||
[ $enable_sonmp -gt 0 ] && append args '-s'
|
[ $enable_sonmp -gt 0 ] && append args '-s'
|
||||||
[ $enable_edp -gt 0 ] && append args '-e'
|
[ $enable_edp -gt 0 ] && append args '-e'
|
||||||
|
|
||||||
|
user_exists lldp 121 || user_add lldp 121 129
|
||||||
|
group_exists lldp 129 || group_add lldp 129
|
||||||
|
|
||||||
|
mkdir -p /var/run/lldp
|
||||||
|
chown lldp:lldp /var/run/lldp
|
||||||
|
|
||||||
service_start /usr/sbin/lldpd $args \
|
service_start /usr/sbin/lldpd $args \
|
||||||
${lldp_class:+ -M $lldp_class}
|
${lldp_class:+ -M $lldp_class}
|
||||||
|
|
||||||
@ -37,4 +43,5 @@ start() {
|
|||||||
|
|
||||||
stop() {
|
stop() {
|
||||||
service_stop /usr/sbin/lldpd
|
service_stop /usr/sbin/lldpd
|
||||||
|
rm -f /var/run/lldpd.socket /var/run/lldpd.pid
|
||||||
}
|
}
|
||||||
|
@ -1,40 +0,0 @@
|
|||||||
--- a/src/priv.c
|
|
||||||
+++ b/src/priv.c
|
|
||||||
@@ -518,12 +518,14 @@ priv_init(char *chrootdir)
|
|
||||||
fatal("[priv]: unable to create socket pair for privilege separation");
|
|
||||||
|
|
||||||
/* Get users */
|
|
||||||
+ /*
|
|
||||||
if ((user = getpwnam(PRIVSEP_USER)) == NULL)
|
|
||||||
fatal("[priv]: no " PRIVSEP_USER " user for privilege separation");
|
|
||||||
uid = user->pw_uid;
|
|
||||||
if ((group = getgrnam(PRIVSEP_GROUP)) == NULL)
|
|
||||||
fatal("[priv]: no " PRIVSEP_GROUP " group for privilege separation");
|
|
||||||
gid = group->gr_gid;
|
|
||||||
+ */
|
|
||||||
|
|
||||||
/* Spawn off monitor */
|
|
||||||
if ((monitored = fork()) < 0)
|
|
||||||
@@ -534,17 +536,17 @@ priv_init(char *chrootdir)
|
|
||||||
if (RUNNING_ON_VALGRIND)
|
|
||||||
LLOG_WARNX("[priv]: running on valgrind, keep privileges");
|
|
||||||
else {
|
|
||||||
- if (chroot(chrootdir) == -1)
|
|
||||||
- fatal("[priv]: unable to chroot");
|
|
||||||
- if (chdir("/") != 0)
|
|
||||||
+ /*if (chroot(chrootdir) == -1)
|
|
||||||
+ fatal("[priv]: unable to chroot");*/
|
|
||||||
+ if (chdir("/tmp") != 0)
|
|
||||||
fatal("[priv]: unable to chdir");
|
|
||||||
gidset[0] = gid;
|
|
||||||
- if (setresgid(gid, gid, gid) == -1)
|
|
||||||
+ /*if (setresgid(gid, gid, gid) == -1)
|
|
||||||
fatal("[priv]: setresgid() failed");
|
|
||||||
if (setgroups(1, gidset) == -1)
|
|
||||||
fatal("[priv]: setgroups() failed");
|
|
||||||
if (setresuid(uid, uid, uid) == -1)
|
|
||||||
- fatal("[priv]: setresuid() failed");
|
|
||||||
+ fatal("[priv]: setresuid() failed");*/
|
|
||||||
}
|
|
||||||
remote = pair[0];
|
|
||||||
close(pair[1]);
|
|
@ -1,6 +1,6 @@
|
|||||||
--- a/configure.ac
|
--- a/configure.ac
|
||||||
+++ b/configure.ac
|
+++ b/configure.ac
|
||||||
@@ -48,7 +48,6 @@ AX_CFLAGS_GCC_OPTION([-Wformat])
|
@@ -62,7 +62,6 @@ AX_CFLAGS_GCC_OPTION([-Wformat])
|
||||||
AX_CFLAGS_GCC_OPTION([-Wformat-security])
|
AX_CFLAGS_GCC_OPTION([-Wformat-security])
|
||||||
AX_CFLAGS_GCC_OPTION([-Wcast-align])
|
AX_CFLAGS_GCC_OPTION([-Wcast-align])
|
||||||
AX_CFLAGS_GCC_OPTION([-Winline])
|
AX_CFLAGS_GCC_OPTION([-Winline])
|
||||||
|
Loading…
Reference in New Issue
Block a user