This patchset implements a support for dropping all root privileges except adjusting the clock and binding to a privileged port, using the libcap library.
A new option is added to ptp4l/phc2sys/pmc to specify the username to which should be the identity switched. The UDS transport requires a directory where the user has write access, so each process can bind its own socket and write to the socket of the other process. When ptp4l is running under a non-root user, phc2sys and pmc need to run under the same user. With ptp4l and pmc the directory can be specified, but phc2sys doesn't have an option to specify its own socket yet, which means the -a and -w option don't work. I'm not sure if this is the right way. Maybe it would be better to make it a compile-time option, hardcoding the username and changing the default directory where all Unix sockets are created (e.g. /var/run/linuxptp)? Suggestions? Miroslav Lichvar (4): util: Add function to drop root privileges. ptp4l: Add support for dropping root privileges pmc: Add support for dropping root privileges. phc2sys: Add support for dropping root privileges. clock.c | 5 ++++ config.c | 1 + incdefs.sh | 11 ++++++++- makefile | 4 ++++ phc2sys.8 | 8 +++++++ phc2sys.c | 3 +++ pmc.8 | 8 +++++++ pmc.c | 5 ++++ ptp4l.8 | 7 ++++++ util.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ util.h | 9 ++++++++ 11 files changed, 127 insertions(+), 1 deletion(-) -- 2.17.1 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Linuxptp-devel mailing list Linuxptp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linuxptp-devel