Run bird under own user
From upstream's documentation:
BIRD, as a routing daemon, uses several privileged operations (like setting routing table and using raw sockets). Traditionally, BIRD is executed and runs with root privileges, which may be prone to security problems. The recommended way is to use a privilege restriction (options -u, -g). In that case BIRD is executed with root privileges, but it changes its user and group ID to an unprivileged ones, while using Linux capabilities to retain just required privileges (capabilities CAP_NET_*). Note that the control socket is created before the privileges are dropped, but the config file is read after that. The privilege restriction is not implemented in BSD port of BIRD.
Merge request reports
Activity
- Resolved by Timothée Floure
- Resolved by Rasmus Thomsen
- Resolved by Timothée Floure
Thanks for the review @Cogitri, I'll update the MR later today.
- Resolved by Rasmus Thomsen
Hello! Is there anything preventing this patch to be merged / anything else I can do ?
- Resolved by Timothée Floure
added status:mr-changes-requested label
added 1 commit
- 175a2104 - testing/bird: use openrc's built-in checkpath
added 1 commit
- e45670d2 - testing/bird: use openrc's built-in checkpath
- Resolved by Timothée Floure
Please edit your MR and tick the "allow commits from maintainers" box, that's required for rebasing&merging this.
added 3175 commits
-
e45670d2...5965fa53 - 3171 commits from branch
alpine:master
- 50210cfc - testing/bird: run under own user
- f317f206 - testing/bird: also create user in pre-upgrade script
- 894f60ed - testing/bird: fix typo in initd file
- e2bbc5bd - testing/bird: use openrc's built-in checkpath
Toggle commit list-
e45670d2...5965fa53 - 3171 commits from branch