wiki:experiences:igraltist:jail_ntpd
=>  Releases

Current version
Git/Snapshot: 1.5.3
Release: 1.5.0

Latest Snapshots
Produced after each commit or rebase to new upstream version

GIT
RSBAC source code, can be unstable sometimes

=>  Events

No events planned

This is an old revision of the document!


--- ntpd_org	2008-07-14 02:29:40.000000000 +0200
+++ ntpd	2008-07-05 01:52:18.000000000 +0200
@@ -22,7 +22,7 @@
 	checkconfig || return $?
 
 	ebegin "Starting ntpd"
-	start-stop-daemon --start --exec /usr/sbin/ntpd \
+	run-jail ntpd start-stop-daemon --start --exec /usr/sbin/ntpd \
 	    --pidfile /var/run/ntpd.pid \
 	    -- -p /var/run/ntpd.pid ${NTPD_OPTS}
 	eend $? "Failed to start ntpd"
; ; RSBAC JAIL definition for ntpd ; ; Installed versions: 4.2.6_p3(13:14:40 06.05.2011)(caps ssl -debug -ipv6 -openntpd -parse-clocks -selinux -snmp -vim-syntax -zeroconf) ; ; 20060920 20111301 ; ; tested by: Jens Kasten (igraltist) ; ; tested on: Gentoo (hardened) ; "" "0.0.0.0" (allow-external-ipc allow-dev-write allow-netlink allow-inet-raw) () () (time-strucs capability)
 

Depcreated:

;
; RSBAC JAIL definition for ntp-server
; 20060920
;
 
""
"0.0.0.0"
(allow-external-ipc
 allow-all-net-family
 allow-dev-read
 allow-dev-write)
(sys-time
 net-bind-service
 ipc-lock
 dac-override
 setgid
 setuid
 sys-resource)
()
(capability
 clock
 time-strucs
 mlock
 rlimit)
This is execute now:
rsbac_jail  -i -n -d -D -C  SYS_TIME NET_BIND_SERVICE IPC_LOCK DAC_OVERRIDE SETGID SETUID SYS_RESOURCE -M  capability clock time_strucs mlock rlimit start-stop-daemon  --start --exec /usr/sbin/ntpd --pidfile /var/run/ntpd.pid -- -p /var/run/ntpd.pid -u ntp:ntp   
//
wiki/experiences/igraltist/jail_ntpd.1309408100.txt.gz · Last modified: 2011/06/30 06:28 by 127.0.0.1

wiki/experiences/igraltist/jail_ntpd.1309408100.txt.gz · Last modified: 2011/06/30 06:28 by 127.0.0.1
This website is kindly hosted by m-privacy