v2:
- keep more capabilities (raw sockets, timestamping configuration)
- copy ownership of server UDS
- follow location of server UDS for client sockets
- support operation with NTPSHM servo
- move default UDS addresses to /var/run/linuxptp
This patchset implements a support for dropping all root
Drop root before binding the UDS socket and change the default UDS
address to follow to location of the server UDS.
Signed-off-by: Miroslav Lichvar
---
pmc.8| 13 +++--
pmc.c| 10 --
pmc_common.c | 32
3 files changed, 51
/var/run cannot be used by non-root users to bind and unlink sockets.
Move the default server UDS addresses to /var/run/linuxptp, which will be
created by ptp4l the first time it runs.
Signed-off-by: Miroslav Lichvar
---
config.c| 4 ++--
configs/default.cfg | 4 ++--
phc2sys.8
In the static mode, drop the privileges after opening the clocks.
In the automatic mode, drop the privileges before opening the UDS port,
which is required to get the list of interfaces, but is the part of the
operation that needs to be protected most. The non-root user must have
permissions to
To not require pmc and phc2sys to run under the same user as ptp4l,
change the ownership of their socket to the server socket, so it can
send a response to their socket.
Signed-off-by: Miroslav Lichvar
---
uds.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/uds.c b/uds.c
index
Add a function to switch the process UID/GID to a specified user in
order to drop the root privileges, but keep the capabilities needed to
adjust the clock, enable HW timestamping, bind to privileged ports and
raw sockets, using the libcap library.
Add a function to create a directory for a UDS
getopt_long() in glibc allows shortened long option names, e.g.
ptp4l --domain works as --domainNumber. When the match is ambiguous,
e.g. --fault matches --fault_badpeernet_interval and
--fault_reset_interval, it is supposed to return an error, but that
works only if their struct option have
