d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1f9bd5f67c
freebsd-skq/sys/conf
History
Ian Lepore 3496c981ac Make it possible to run ntpd as a non-root user, add ntpd uid and gid. 
Code analysis and runtime analysis using truss(8) indicate that the only
privileged operations performed by ntpd are adjusting system time, and
(re-)binding to privileged UDP port 123. These changes add a new mac(4)
policy module, mac_ntpd(4), which grants just those privileges to any
process running with uid 123.

This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes
them the owner of the /var/db/ntp directory, so that it can be used as a
location where the non-privileged daemon can write files such as the
driftfile, and any optional logfile or stats files.

Because there are so many ways to configure ntpd, the question of how to
configure it to run without root privs can be a bit complex, so that will be
addressed in a separate commit. These changes are just what's required to
grant the limited subset of privs to ntpd, and the small change to ntpd to
prevent it from exiting with an error if running as non-root.

Differential Revision:	https://reviews.freebsd.org/D16281
2018-07-19 23:55:29 +00:00
..
config.mk Reduce overhead for simple 'make -V' lookups by avoiding 'find sys/'. 2018-03-10 02:09:36 +00:00
dtb.mk Add dtb overlays support 2018-03-24 21:30:24 +00:00
files Make it possible to run ntpd as a non-root user, add ntpd uid and gid. 2018-07-19 23:55:29 +00:00
files.amd64 All genassym.sh usage need offset.inc 2018-07-03 21:02:25 +00:00
files.arm Remove the dead code from ARM cpufunc_* files. 2018-07-18 10:33:07 +00:00
files.arm64 Create an empty stdint.h for arm_neon.h to include. 2018-07-16 15:39:33 +00:00
files.i386 All genassym.sh usage need offset.inc 2018-07-03 21:02:25 +00:00
files.mips Make ZSTD a real option via ZSTDIO. 2018-07-05 17:07:23 +00:00
files.powerpc Add the rest of the files for r335481 2018-06-21 14:30:14 +00:00
files.riscv Make ZSTD a real option via ZSTDIO. 2018-07-05 17:07:23 +00:00
files.sparc64 Define memmove and make bcopy alt entry point 2018-05-24 21:11:28 +00:00
kern.mk Remove kernel support for armeb 2018-07-17 23:23:45 +00:00
kern.opts.mk Add EFI to kernel options. 2018-03-17 17:18:29 +00:00
kern.post.mk Use OBJS_DEPEND_GUESS for forced opt_global.h dependency. 2018-07-04 00:18:36 +00:00
kern.pre.mk genoffset.c is not generated 2018-07-03 21:02:21 +00:00
kmod_syms_prefix.awk Add the infrastructure to support loading multiple versions of TCP 2017-06-08 20:41:28 +00:00
kmod_syms.awk
kmod.mk Use OBJS_DEPEND_GUESS for forced opt_global.h dependency. 2018-07-04 00:18:36 +00:00
ldscript.amd64 amd64: tweak the read_frequently section 2018-05-18 07:31:26 +00:00
ldscript.arm remove CONSTRUCTORS from kernel linker scripts 2016-07-28 13:54:46 +00:00
ldscript.arm64 Explicitly include all .rodata.* sections in the kernel .rodata. This 2016-09-03 17:23:24 +00:00
ldscript.i386 i386 4/4G split. 2018-04-13 20:30:49 +00:00
ldscript.mips remove CONSTRUCTORS from kernel linker scripts 2016-07-28 13:54:46 +00:00
ldscript.mips.cfe remove CONSTRUCTORS from kernel linker scripts 2016-07-28 13:54:46 +00:00
ldscript.mips.mips64 remove CONSTRUCTORS from kernel linker scripts 2016-07-28 13:54:46 +00:00
ldscript.mips.octeon1 remove CONSTRUCTORS from kernel linker scripts 2016-07-28 13:54:46 +00:00
ldscript.powerpc remove CONSTRUCTORS from kernel linker scripts 2016-07-28 13:54:46 +00:00
ldscript.powerpc64 Add support for 64-bit PowerPC kernels to be directly loaded by kexec, which 2017-12-29 20:30:10 +00:00
ldscript.powerpcspe Create a new MACHINE_ARCH for Freescale PowerPC e500v2 2016-10-22 01:57:15 +00:00
ldscript.riscv o Remove operation in machine mode. 2016-08-10 12:41:36 +00:00
ldscript.sparc64 remove CONSTRUCTORS from kernel linker scripts 2016-07-28 13:54:46 +00:00
Makefile.amd64 Revert r336353 completely based on protest; compatibility shims incoming 2018-07-17 14:11:30 +00:00
Makefile.arm Remove the dead code from ARM cpufunc_* files. 2018-07-18 10:33:07 +00:00
Makefile.arm64 Revert r336353 completely based on protest; compatibility shims incoming 2018-07-17 14:11:30 +00:00
Makefile.i386 Revert r336353 completely based on protest; compatibility shims incoming 2018-07-17 14:11:30 +00:00
Makefile.mips Revert r336353 completely based on protest; compatibility shims incoming 2018-07-17 14:11:30 +00:00
Makefile.powerpc Revert r336353 completely based on protest; compatibility shims incoming 2018-07-17 14:11:30 +00:00
Makefile.riscv Revert r336353 completely based on protest; compatibility shims incoming 2018-07-17 14:11:30 +00:00
Makefile.sparc64 Revert r336353 completely based on protest; compatibility shims incoming 2018-07-17 14:11:30 +00:00
makeLINT.mk Remove the mlx5 driver from LINT kernel config for 32-bit PPC 2018-05-30 02:26:36 +00:00
makeLINT.sed
newvers.sh newvers.sh: avoid possibly invalid relative directory 2018-06-29 18:45:29 +00:00
NOTES Make it possible to run ntpd as a non-root user, add ntpd uid and gid. 2018-07-19 23:55:29 +00:00
options Make it possible to run ntpd as a non-root user, add ntpd uid and gid. 2018-07-19 23:55:29 +00:00
options.amd64 Finish COMPAT_AOUT support for amd64. It wasn't in any amd64 or MI 2018-06-02 06:40:15 +00:00
options.arm Remove kernel support for armeb 2018-07-17 23:23:45 +00:00
options.arm64 Enable UART support for Xilinx Ultrascale+ SoCs 2018-07-13 19:54:22 +00:00
options.i386 Remove SVR4 (System V Release 4) binary compatibility support. 2017-02-28 05:14:42 +00:00
options.mips Add SMP support for BERI CPU. 2018-04-12 17:43:19 +00:00
options.powerpc Move most of the contents of opt_compat.h to opt_global.h. 2018-04-06 17:35:35 +00:00
options.riscv o Add driver for PLIC (Platform-Level Interrupt Controller) device. 2018-06-12 17:45:15 +00:00
options.sparc64
systags.sh sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
WITHOUT_SOURCELESS
WITHOUT_SOURCELESS_HOST
WITHOUT_SOURCELESS_UCODE rtwn(4), urtwn(4): merge common code, add support for 11ac devices. 2016-10-17 20:38:24 +00:00