packages: flashpolicyd/flashpolicyd.init, flashpolicyd/flashpolicyd.spec, f...

Tue, 09 Feb 2010 09:39:27 -0800 

Author: glen                         Date: Tue Feb  9 17:39:18 2010 GMT
Module: packages                      Tag: HEAD
---- Log message:
- run daemon as uid/gid nobody

---- Files affected:
packages/flashpolicyd:
   flashpolicyd.init (1.1 -> 1.2) , flashpolicyd.spec (1.3 -> 1.4) , 
flashpolicyd-runas-user.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: packages/flashpolicyd/flashpolicyd.init
diff -u packages/flashpolicyd/flashpolicyd.init:1.1 
packages/flashpolicyd/flashpolicyd.init:1.2
--- packages/flashpolicyd/flashpolicyd.init:1.1 Tue Feb  9 17:07:34 2010
+++ packages/flashpolicyd/flashpolicyd.init     Tue Feb  9 18:39:11 2010
@@ -22,6 +22,7 @@
 XML=/etc/flashpolicy.xml
 LOGFREQ=1800
 LOGFILE=/var/log/flashpolicyd.log
+DAEMON_USER=nobody
 
 # Get service config - may override defaults
 [ -f /etc/sysconfig/flashpolicyd ] && . /etc/sysconfig/flashpolicyd
@@ -44,7 +45,7 @@
        fi
 
        msg_starting "Flash policy server"
-       daemon /usr/sbin/flashpolicyd --timeout=$TIMEOUT --xml=$XML 
--logfreq=$LOGFREQ --logfile=$LOGFILE
+       daemon /usr/sbin/flashpolicyd --user=$DAEMON_USER --timeout=$TIMEOUT 
--xml=$XML --logfreq=$LOGFREQ --logfile=$LOGFILE
        RETVAL=$?
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/flashpolicyd
 }

================================================================
Index: packages/flashpolicyd/flashpolicyd.spec
diff -u packages/flashpolicyd/flashpolicyd.spec:1.3 
packages/flashpolicyd/flashpolicyd.spec:1.4
--- packages/flashpolicyd/flashpolicyd.spec:1.3 Tue Feb  9 17:07:34 2010
+++ packages/flashpolicyd/flashpolicyd.spec     Tue Feb  9 18:39:11 2010
@@ -3,13 +3,14 @@
 Summary:       Daemon to serve Adobe Flash socket policy XML
 Name:          flashpolicyd
 Version:       2.1
-Release:       0.2
+Release:       0.3
 License:       GPL v2
 Group:         Networking/Daemons
 URL:           http://code.google.com/p/flashpolicyd/
 Source0:       http://flashpolicyd.googlecode.com/files/%{name}-%{version}.tgz
 # Source0-md5: 0ad1ed0b130cf5850d77600fab90a7c2
 Source1:       %{name}.init
+Patch0:                %{name}-runas-user.patch
 BuildRequires: rpmbuild(macros) >= 1.268
 Requires(post,preun):  /sbin/chkconfig
 Requires:      rc-scripts
@@ -32,6 +33,7 @@
 
 %prep
 %setup -q
+%patch0 -p1
 mv doc rdoc
 
 cat > nagios.cfg <<'EOF'
@@ -85,6 +87,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.4  2010/02/09 17:39:11  glen
+- run daemon as uid/gid nobody
+
 Revision 1.3  2010/02/09 16:07:34  glen
 - pldized initscript
 

================================================================
Index: packages/flashpolicyd/flashpolicyd-runas-user.patch
diff -u /dev/null packages/flashpolicyd/flashpolicyd-runas-user.patch:1.1
--- /dev/null   Tue Feb  9 18:39:18 2010
+++ packages/flashpolicyd/flashpolicyd-runas-user.patch Tue Feb  9 18:39:11 2010
@@ -0,0 +1,45 @@
+--- flashpolicyd-2.1/flashpolicyd.rb   2009-10-08 00:11:42.000000000 +0300
++++ flashpolicyd-2.1/flashpolicyd~     2010-02-09 19:34:24.850284233 +0200
+@@ -60,6 +60,7 @@
+     [ '--verbose', '-v', GetoptLong::NO_ARGUMENT],
+     [ '--timeout', '-t', GetoptLong::OPTIONAL_ARGUMENT],
+     [ '--logfreq', '-l', GetoptLong::OPTIONAL_ARGUMENT],
++    [ '--user', '-u', GetoptLong::OPTIONAL_ARGUMENT],
+     [ '--logfile', GetoptLong::REQUIRED_ARGUMENT],
+     [ '--help', '-h', GetoptLong::NO_ARGUMENT]
+ )
+@@ -71,6 +72,7 @@
+ @logfreq = 1800
+ xmlfile = ""
+ logfile = ""
++user = ""
+ 
+ opts.each { |opt, arg|
+   case opt
+@@ -86,6 +88,8 @@
+       exit
+     when '--xml'
+       xmlfile = arg
++    when '--user'
++      user = arg
+     when '--verbose'
+       @verbose = true
+     when '--maxclients'
+@@ -393,6 +397,17 @@
+     server = PolicyServer.new(843, "0.0.0.0", @xmldata, @logger, @timeout, 
@verbose)
+     server.start
+ 
++      # change user after binding to port
++      if (user.length > 0)
++        require 'etc'
++              uid = Etc.getpwnam(user).uid
++              gid = Etc.getpwnam(user).gid
++        # Change process ownership
++        Process.initgroups(user, gid)
++        Process::GID.change_privilege(gid)
++        Process::UID.change_privilege(uid)
++    end
++
+     # Send HUP to toggle debug mode or not for a running server
+     trap("HUP") {
+       server.toggledebug
================================================================

---- CVS-web:
    
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/flashpolicyd/flashpolicyd.init?r1=1.1&r2=1.2&f=u
    
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/flashpolicyd/flashpolicyd.spec?r1=1.3&r2=1.4&f=u

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to