domenico/openwrt_NSS_ACW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
aa6fe00a4804c782b2ad4afc894ea62109bc8d91
openwrt_NSS_ACW/package/utils/busybox/files/sysntpd
Daniel Golle aa6fe00a48 busybox: add check for capabilities file 
Similar to the previous commit adding a check to the init script of
umdns, do a similar change for sysntpd, just to be on the safe side.

Inspired-by: 520403cd49 ("umdns: add check for seccomp list")

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-30 10:39:01 +00:00

98 lines
2.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh /etc/rc.common
# Copyright (C) 2011 OpenWrt.org
START=98
USE_PROCD=1
PROG=/usr/sbin/ntpd
HOTPLUG_SCRIPT=/usr/sbin/ntpd-hotplug
get_dhcp_ntp_servers() {
local interfaces="$1"
local filter="*"
local interface ntpservers ntpserver
for interface in $interfaces; do
[ "$filter" = "*" ] && filter="@.interface='$interface'" || filter="$filter,@.interface='$interface'"
done
ntpservers=$(ubus call network.interface dump | jsonfilter -e "@.interface[$filter]['data']['ntpserver']")
for ntpserver in $ntpservers; do
local duplicate=0
local entry
for entry in $server; do
[ "$ntpserver" = "$entry" ] && duplicate=1
done
[ "$duplicate" = 0 ] && server="$server $ntpserver"
done
}
validate_ntp_section() {
uci_load_validate system timeserver "$1" "$2" \
'server:list(host)' 'enabled:bool:1' 'enable_server:bool:0' 'use_dhcp:bool:1' 'dhcp_interface:list(string)'
}
start_ntpd_instance() {
local peer
[ "$2" = 0 ] || {
echo "validation failed"
return 1
}
[ $enabled = 0 ] && return
[ $use_dhcp = 1 ] && get_dhcp_ntp_servers "$dhcp_interface"
[ -z "$server" -a "$enable_server" = "0" ] && return
procd_open_instance
procd_set_param command "$PROG" -n -N
[ "$enable_server" = "1" ] && procd_append_param command -l
[ -x "$HOTPLUG_SCRIPT" ] && procd_append_param command -S "$HOTPLUG_SCRIPT"
for peer in $server; do
procd_append_param command -p $peer
done
procd_set_param respawn
[ -x /sbin/ujail -a -e /etc/capabilities/ntpd.json ] && {
procd_add_jail ntpd
procd_set_param capabilities /etc/capabilities/ntpd.json
procd_set_param user ntp
procd_set_param group ntp
procd_set_param no_new_privs 1
}
procd_close_instance
}
start_service() {
validate_ntp_section ntp start_ntpd_instance
}
service_triggers() {
local script name use_dhcp
script=$(readlink -f "$initscript")
name=$(basename ${script:-$initscript})
procd_add_config_trigger "config.change" "system" /etc/init.d/$name reload
config_load system
config_get use_dhcp ntp use_dhcp 1
[ $use_dhcp = 1 ] && {
local dhcp_interface
config_get dhcp_interface ntp dhcp_interface
if [ -n "$dhcp_interface" ]; then
for n in $dhcp_interface; do
procd_add_interface_trigger "interface.*" $n /etc/init.d/$name reload
done
else
procd_add_raw_trigger "interface.*" 1000 /etc/init.d/$name reload
fi
}
procd_add_validation validate_ntp_section
}
Reference in New Issue View Git Blame Copy Permalink