freebsd-skq/sys
Ian Lepore 3496c981ac Make it possible to run ntpd as a non-root user, add ntpd uid and gid.
Code analysis and runtime analysis using truss(8) indicate that the only
privileged operations performed by ntpd are adjusting system time, and
(re-)binding to privileged UDP port 123. These changes add a new mac(4)
policy module, mac_ntpd(4), which grants just those privileges to any
process running with uid 123.

This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes
them the owner of the /var/db/ntp directory, so that it can be used as a
location where the non-privileged daemon can write files such as the
driftfile, and any optional logfile or stats files.

Because there are so many ways to configure ntpd, the question of how to
configure it to run without root privs can be a bit complex, so that will be
addressed in a separate commit. These changes are just what's required to
grant the limited subset of privs to ntpd, and the small change to ntpd to
prevent it from exiting with an error if running as non-root.

Differential Revision:	https://reviews.freebsd.org/D16281
2018-07-19 23:55:29 +00:00
..
amd64 Have preload_delete_name() free pages backing preloaded data. 2018-07-19 20:00:28 +00:00
arm arm: Implement cpu_est_clockrate for armv[67] 2018-07-19 11:27:11 +00:00
arm64 arm64: Add vt_efifb to GENERIC 2018-07-19 21:59:52 +00:00
bsm
cam remove unneeded inclusion of sys/interrupt.h from several files 2018-07-04 09:07:18 +00:00
cddl Fix a couple of typos in r334844 noticed by Richard Kojedzinszky. 2018-07-18 16:03:40 +00:00
compat Regen after r336171. 2018-07-10 14:04:52 +00:00
conf Make it possible to run ntpd as a non-root user, add ntpd uid and gid. 2018-07-19 23:55:29 +00:00
contrib Correct the identifier for the Unifi Security Gateway 2018-07-10 17:01:19 +00:00
crypto Remove unused variable 2018-07-18 04:44:11 +00:00
ddb Extend show proc with reaper, sigparent, and vmspace information 2018-05-25 13:59:48 +00:00
dev ofwfb: Check for /chosen/stdout-path in addition to /chosen/stdout 2018-07-19 20:22:46 +00:00
dts Add spi-max-frequency properties to all spigen nodes. This is a required 2018-06-23 22:55:22 +00:00
fs Modify the reasons for not issuing a delegation in the NFSv4.1 server. 2018-07-16 21:32:50 +00:00
gdb amd64: Protect the kernel text, data, and BSS by setting the RW/NX bits 2018-03-06 14:28:37 +00:00
geom OpenCrypto: Convert sessions to opaque handles instead of integers 2018-07-18 00:56:25 +00:00
gnu dts: Update our copy to Linux 4.17 2018-06-14 07:12:10 +00:00
i386 Have preload_delete_name() free pages backing preloaded data. 2018-07-19 20:00:28 +00:00
isa Revert r330780, it was improperly tested and results in taking a spin 2018-03-11 20:13:15 +00:00
kern Raise the size of L3 table for early devmap on arm64 2018-07-19 21:58:06 +00:00
kgssapi OpenCrypto: Convert sessions to opaque handles instead of integers 2018-07-18 00:56:25 +00:00
libkern Sync strlcpy with userland version, again 2018-06-21 17:35:13 +00:00
mips OpenCrypto: Convert sessions to opaque handles instead of integers 2018-07-18 00:56:25 +00:00
modules Make it possible to run ntpd as a non-root user, add ntpd uid and gid. 2018-07-19 23:55:29 +00:00
net Move invoking of callout_stop(&lle->lle_timer) into llentry_free(). 2018-07-17 11:33:23 +00:00
net80211 net80211: Fix ifdetach w/o ifattach, small whitespace cleanup 2018-07-10 23:30:19 +00:00
netgraph Catch up two more places to the V_ifnet change to a CK_STAILQ. 2018-05-24 00:06:55 +00:00
netinet Whitespace changes due to changes in ident. 2018-07-19 20:16:33 +00:00
netinet6 Whitespace changes due to changes in ident. 2018-07-19 20:16:33 +00:00
netipsec OpenCrypto: Convert sessions to opaque handles instead of integers 2018-07-18 00:56:25 +00:00
netpfil pf: Fix synproxy 2018-07-14 10:14:59 +00:00
netsmb Eliminate the overhead of gratuitous repeated reinitialization of cap_rights 2018-05-09 18:47:24 +00:00
nfs Switch RIB and RADIX_NODE_HEAD lock from rwlock(9) to rmlock(9). 2018-06-16 08:26:23 +00:00
nfsclient
nfsserver
nlm
ofed Use __FBSDID() for RCS tags in ibcore. 2018-07-17 09:47:14 +00:00
opencrypto OpenCrypto: Convert sessions to opaque handles instead of integers 2018-07-18 00:56:25 +00:00
powerpc Revert r336509. Fails buildworld. 2018-07-19 21:06:58 +00:00
riscv Remove VM_FREELIST_ISADMA. It's not needed on these architectures. 2018-07-17 21:07:53 +00:00
rpc Fix the server side krpc so that the kernel nfsd threads terminate. 2018-07-02 17:50:46 +00:00
security Make it possible to run ntpd as a non-root user, add ntpd uid and gid. 2018-07-19 23:55:29 +00:00
sparc64 Fix a typo: change lists to list to match rest of sentence. 2018-07-17 21:18:49 +00:00
sys Make the definition of struct kevent in event.h match what the man page for kevent(2) says. 2018-07-18 13:04:03 +00:00
teken teken: Fix sequences header which was crossing the 80-col boundary 2018-05-29 08:41:44 +00:00
tests epoch_test: fix compile 2018-07-15 00:31:17 +00:00
tools Add dtb overlays support 2018-03-24 21:30:24 +00:00
ufs Add needed locking for um_flags added in -r335808. 2018-07-17 04:43:58 +00:00
vm Have preload_delete_name() free pages backing preloaded data. 2018-07-19 20:00:28 +00:00
x86 xen: implement early init helper for PVHv2 2018-07-19 08:44:52 +00:00
xdr
xen xen: add missing file from r336474 2018-07-19 10:14:52 +00:00
Makefile