packages: flashpolicyd/flashpolicyd.init, flashpolicyd/flashpolicyd.spec, f...

glen glen at pld-linux.org
Tue Feb 9 18:39:18 CET 2010 

Author: glen                         Date: Tue Feb  9 17:39:18 2010 GMT
Module: packages                      Tag: HEAD
---- Log message:
- run daemon as uid/gid nobody

---- Files affected:
packages/flashpolicyd:
   flashpolicyd.init (1.1 -> 1.2) , flashpolicyd.spec (1.3 -> 1.4) , flashpolicyd-runas-user.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: packages/flashpolicyd/flashpolicyd.init
diff -u packages/flashpolicyd/flashpolicyd.init:1.1 packages/flashpolicyd/flashpolicyd.init:1.2
--- packages/flashpolicyd/flashpolicyd.init:1.1	Tue Feb  9 17:07:34 2010
+++ packages/flashpolicyd/flashpolicyd.init	Tue Feb  9 18:39:11 2010
@@ -22,6 +22,7 @@
 XML=/etc/flashpolicy.xml
 LOGFREQ=1800
 LOGFILE=/var/log/flashpolicyd.log
+DAEMON_USER=nobody
 
 # Get service config - may override defaults
 [ -f /etc/sysconfig/flashpolicyd ] && . /etc/sysconfig/flashpolicyd
@@ -44,7 +45,7 @@
 	fi
 
 	msg_starting "Flash policy server"
-	daemon /usr/sbin/flashpolicyd --timeout=$TIMEOUT --xml=$XML --logfreq=$LOGFREQ --logfile=$LOGFILE
+	daemon /usr/sbin/flashpolicyd --user=$DAEMON_USER --timeout=$TIMEOUT --xml=$XML --logfreq=$LOGFREQ --logfile=$LOGFILE
 	RETVAL=$?
 	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/flashpolicyd
 }

================================================================
Index: packages/flashpolicyd/flashpolicyd.spec
diff -u packages/flashpolicyd/flashpolicyd.spec:1.3 packages/flashpolicyd/flashpolicyd.spec:1.4
--- packages/flashpolicyd/flashpolicyd.spec:1.3	Tue Feb  9 17:07:34 2010
+++ packages/flashpolicyd/flashpolicyd.spec	Tue Feb  9 18:39:11 2010
@@ -3,13 +3,14 @@
 Summary:	Daemon to serve Adobe Flash socket policy XML
 Name:		flashpolicyd
 Version:	2.1
-Release:	0.2
+Release:	0.3
 License:	GPL v2
 Group:		Networking/Daemons
 URL:		http://code.google.com/p/flashpolicyd/
 Source0:	http://flashpolicyd.googlecode.com/files/%{name}-%{version}.tgz
 # Source0-md5:	0ad1ed0b130cf5850d77600fab90a7c2
 Source1:	%{name}.init
+Patch0:		%{name}-runas-user.patch
 BuildRequires:	rpmbuild(macros) >= 1.268
 Requires(post,preun):	/sbin/chkconfig
 Requires:	rc-scripts
@@ -32,6 +33,7 @@
 
 %prep
 %setup -q
+%patch0 -p1
 mv doc rdoc
 
 cat > nagios.cfg <<'EOF'
@@ -85,6 +87,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.4  2010/02/09 17:39:11  glen
+- run daemon as uid/gid nobody
+
 Revision 1.3  2010/02/09 16:07:34  glen
 - pldized initscript
 

================================================================
Index: packages/flashpolicyd/flashpolicyd-runas-user.patch
diff -u /dev/null packages/flashpolicyd/flashpolicyd-runas-user.patch:1.1
--- /dev/null	Tue Feb  9 18:39:18 2010
+++ packages/flashpolicyd/flashpolicyd-runas-user.patch	Tue Feb  9 18:39:11 2010
@@ -0,0 +1,45 @@
+--- flashpolicyd-2.1/flashpolicyd.rb	2009-10-08 00:11:42.000000000 +0300
++++ flashpolicyd-2.1/flashpolicyd~	2010-02-09 19:34:24.850284233 +0200
+@@ -60,6 +60,7 @@
+     [ '--verbose', '-v', GetoptLong::NO_ARGUMENT],
+     [ '--timeout', '-t', GetoptLong::OPTIONAL_ARGUMENT],
+     [ '--logfreq', '-l', GetoptLong::OPTIONAL_ARGUMENT],
++    [ '--user', '-u', GetoptLong::OPTIONAL_ARGUMENT],
+     [ '--logfile', GetoptLong::REQUIRED_ARGUMENT],
+     [ '--help', '-h', GetoptLong::NO_ARGUMENT]
+ )
+@@ -71,6 +72,7 @@
+ @logfreq = 1800
+ xmlfile = ""
+ logfile = ""
++user = ""
+ 
+ opts.each { |opt, arg|
+   case opt
+@@ -86,6 +88,8 @@
+       exit
+     when '--xml'
+       xmlfile = arg
++    when '--user'
++      user = arg
+     when '--verbose'
+       @verbose = true
+     when '--maxclients'
+@@ -393,6 +397,17 @@
+     server = PolicyServer.new(843, "0.0.0.0", @xmldata, @logger, @timeout, @verbose)
+     server.start
+ 
++	# change user after binding to port
++	if (user.length > 0)
++        require 'etc'
++		uid = Etc.getpwnam(user).uid
++		gid = Etc.getpwnam(user).gid
++        # Change process ownership
++        Process.initgroups(user, gid)
++        Process::GID.change_privilege(gid)
++        Process::UID.change_privilege(uid)
++    end
++
+     # Send HUP to toggle debug mode or not for a running server
+     trap("HUP") {
+       server.toggledebug
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/flashpolicyd/flashpolicyd.init?r1=1.1&r2=1.2&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/flashpolicyd/flashpolicyd.spec?r1=1.3&r2=1.4&f=u

More information about the pld-cvs-commit mailing list