wifi-presence: Add config for process user/group
On systems using seccomp, the hostapd socket files will be owned by the
'network' user/group ([source][0]). In this case, if wifi-presence is
run as root/root, then it does not have permissions to open the
hostapd socket files. This was discussed in awilliams/wifi-presence#3.
This change allows the process user/group to be specified in
/etc/config/wifi-presence. If no explicit user/group is set, then the
init script will use the owner of the socket files in /var/run/hostapd/
to determine the appropriate process user/group.
[0]: ec6293febc/package/network/services/hostapd/files/wpad.init (L35-L36)
Signed-off-by: Adam Williams <pwnfactory@gmail.com>
This commit is contained in:
parent
f1a59e9683
commit
a03282f0db
|
@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
|
|||
|
||||
PKG_NAME:=wifi-presence
|
||||
PKG_VERSION:=0.1.2
|
||||
PKG_RELEASE:=1
|
||||
PKG_RELEASE:=2
|
||||
|
||||
PKG_SOURCE:=-$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=https://codeload.github.com/awilliams/wifi-presence/tar.gz/v$(PKG_VERSION)?
|
||||
|
|
|
@ -44,3 +44,12 @@ config wifi-presence main
|
|||
## Set the MQTT topic prefix used by Home Assistant.
|
||||
## Default is 'homeassistant' (also Home Assistant's default value).
|
||||
# option hassPrefix 'homeassistant'
|
||||
|
||||
## Set the user and group that runs the wifi-presence process.
|
||||
## This can be useful to change if using seccomp, where the hostapd
|
||||
## socket files are owned by the 'network' user and group.
|
||||
## Use network / network when seccomp is enabled, otherwise root / root.
|
||||
## If unspecified, then the owner of the sockets in the /var/run/hostapd/
|
||||
## directory will be used.
|
||||
# option runAsUser 'network'
|
||||
# option runAsGroup 'network'
|
||||
|
|
|
@ -26,6 +26,9 @@ start_service() {
|
|||
local sockDir
|
||||
local verbose
|
||||
|
||||
local runAsUser
|
||||
local runAsGroup
|
||||
|
||||
config_get apName main apName
|
||||
config_get debounce main debounce
|
||||
config_get hassAutodiscovery main hassAutodiscovery
|
||||
|
@ -39,6 +42,9 @@ start_service() {
|
|||
config_get sockDir main sockDir
|
||||
config_get_bool verbose main verbose
|
||||
|
||||
config_get runAsUser main runAsUser
|
||||
config_get runAsGroup main runAsGroup
|
||||
|
||||
procd_open_instance
|
||||
|
||||
procd_set_param command ${PROG}
|
||||
|
@ -55,6 +61,22 @@ start_service() {
|
|||
[ -n "${sockDir}" ] && procd_append_param command "-sockDir=${sockDir}"
|
||||
[ -n "${verbose}" ] && procd_append_param command "-verbose=${verbose}"
|
||||
|
||||
if [ -z "${runAsUser}" ] && [ -z "${runAsGroup}" ]; then
|
||||
# If both runAsUser and runAsGroup are unspecified, then
|
||||
# determine their values by looking at the owner of the hostapd sockets.
|
||||
#
|
||||
# It would be preferable to use 'stat' to determine the owner of the socket,
|
||||
# but it may not be present on all systems, so instead we revert to parsing ls output.
|
||||
local sockOwner=$(find /var/run/hostapd/ -type s -maxdepth 1 -exec ls -ld {} \; | head -n 1 | awk '{ print $3 }')
|
||||
if [ -n "${sockOwner}" ]; then
|
||||
runAsUser="${sockOwner}"
|
||||
runAsGroup="${sockOwner}"
|
||||
fi
|
||||
fi
|
||||
|
||||
[ -n "${runAsUser}" ] && procd_set_param user "${runAsUser}"
|
||||
[ -n "${runAsGroup}" ] && procd_set_param group "${runAsGroup}"
|
||||
|
||||
procd_set_param file "/etc/config/${CONF}"
|
||||
procd_set_param stdout 1
|
||||
procd_set_param stderr 1
|
||||
|
|
Loading…
Reference in New Issue