Skip to content
Snippets Groups Projects

Run bird under own user

Merged Timothée Floure requested to merge fnux/aports:bird-user into master
All threads resolved!

From upstream's documentation:

BIRD, as a routing daemon, uses several privileged operations (like setting routing table and using raw sockets). Traditionally, BIRD is executed and runs with root privileges, which may be prone to security problems. The recommended way is to use a privilege restriction (options -u, -g). In that case BIRD is executed with root privileges, but it changes its user and group ID to an unprivileged ones, while using Linux capabilities to retain just required privileges (capabilities CAP_NET_*). Note that the control socket is created before the privileges are dropped, but the config file is read after that. The privilege restriction is not implemented in BSD port of BIRD.

Edited by Timothée Floure

Merge request reports

Merge request pipeline #37301 passed with warnings

Merge request pipeline passed with warnings for e2bbc5bd

Approval is optional

Merged by Rasmus ThomsenRasmus Thomsen 4 years ago (Aug 8, 2020 9:16am UTC)

Merge details

  • Changes merged into master with 169dedf4.
  • Deleted the source branch.

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Rasmus Thomsen
  • Author Contributor

    Thanks for the review @Cogitri, I'll update the MR later today.

  • Timothée Floure added 2 commits

    added 2 commits

    • 68bdd085 - testing/bird: also create user in pre-upgrade script
    • 420c5071 - testing/bird: fix typo in initd file

    Compare with previous version

  • Timothée Floure resolved all threads

    resolved all threads

  • added 1 commit

    • 175a2104 - testing/bird: use openrc's built-in checkpath

    Compare with previous version

  • added 1 commit

    • e45670d2 - testing/bird: use openrc's built-in checkpath

    Compare with previous version

  • Timothée Floure changed the description

    changed the description

  • Rasmus Thomsen added 3175 commits

    added 3175 commits

    • e45670d2...5965fa53 - 3171 commits from branch alpine:master
    • 50210cfc - testing/bird: run under own user
    • f317f206 - testing/bird: also create user in pre-upgrade script
    • 894f60ed - testing/bird: fix typo in initd file
    • e2bbc5bd - testing/bird: use openrc's built-in checkpath

    Compare with previous version

  • Rasmus Thomsen resolved all threads

    resolved all threads

  • Thanks!

  • Please register or sign in to reply
    Loading