projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 122089a)
package/openssh: Set /var/empty permissions
authorChris Lesiak <chris.lesiak@licor.com>
Mon, 17 Dec 2018 22:25:32 +0000 (22:25 +0000)
committerArnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Sun, 3 Feb 2019 20:49:20 +0000 (21:49 +0100)
The openssh privilege separation feature, enabled by default,
requires that the path /var/empty exists and has certain permissions
(not writable by the sshd user). Note that nothing ever gets writting
in this directory, so it works fine on a readonly rootfs.

See README.privsep included as part of the openssh distribution.

Signed-off-by: Chris Lesiak <chris.lesiak@licor.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
package/openssh/openssh.mk patch | blob | history

diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
index 4ee7727fb9e8895d52d43c73ec89df1ddb828a6e..4781cd3fbc9d04fa52de1fcb013023b162730626 100644 (file)
--- a/package/openssh/openssh.mk
+++ b/package/openssh/openssh.mk
@@ -23,6 +23,10 @@ define OPENSSH_USERS
        sshd -1 sshd -1 * - - - SSH drop priv user
 endef
 
+define OPENSSH_PERMISSIONS
+       /var/empty d 755 root root - - - - -
+endef
+
 ifeq ($(BR2_TOOLCHAIN_SUPPORTS_PIE),)
 OPENSSH_CONF_OPTS += --without-pie
 endif