projects / openwrt / openwrt.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
busybox: allow ntpd to run as non-root ntpd user
[openwrt/openwrt.git] / package / utils / busybox / files / sysntpd
diff --git a/package/utils/busybox/files/sysntpd b/package/utils/busybox/files/sysntpd
index 52866ba32acd26a490f9c9024fc3e43e0f757496..cbc760a48ede88a74fa4e9901a357be56ceb4249 100755 (executable)
--- a/package/utils/busybox/files/sysntpd
+++ b/package/utils/busybox/files/sysntpd
@@ -55,6 +55,13 @@ start_ntpd_instance() {
                procd_append_param command -p $peer
        done
        procd_set_param respawn
+       [ -x /sbin/ujail ] && {
+               procd_add_jail ntpd
+               procd_set_param capabilities /etc/capabilities/ntpd.json
+               procd_set_param user ntpd
+               procd_set_param group ntpd
+               procd_set_param no_new_privs 1
+       }
        procd_close_instance
 }
 
OpenWrt Source Repository