[OpenWrt-Devel] ubus acls for params or hotplugd ?
champetier.etienne at gmail.com
Sun Apr 19 20:16:03 EDT 2020
Most OpenWrt daemon are still running as root today.
If we take the case of ntpd, to do its job it just need CAP_SYS_TIME
and to be able to deliver a hotplug event.
Right now hotplug-call is a simple shell loop executing all the
scripts in /etc/hotplug.d/$1/, so ntpd need to run as root.
I would like to have this hotplug call go over ubus, and I see 2 ways:
1) either extend ubus acl to validate params, then have a generic exec
functionality to basically have a sudo via ubus (really flexible but
not super clean)
2) or have a small hotplugd that publish one path per type (ie have
'hotplug.ntp' with an 'event' method)
Similarly to ntpd, udhcpc and odhcp6c don't require much capabilities
(at most CAP_NET_RAW, CAP_NET_BIND_SERVICE) if we send the dhcp events
as hotplug events over ubus.
As some of you might already have ideas on this topic, I'm sending
this email to get feedback how you would see this implemented (1, 2 or
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
More information about the openwrt-devel