[Buildroot] [PATCH] package/openssh: Set /var/empty permissions
Chris Lesiak
chris.lesiak at licor.com
Mon Dec 17 22:25:32 UTC 2018
The openssh privilege separation feature, enabled by default,
requires that the path /var/empty exist and have certain permission.
See README.privsep included as part of the openssh distribution.
Use OPENSSH_PERMISSIONS to ensure this is done correctly.
Signed-off-by: Chris Lesiak <chris.lesiak at licor.com>
---
package/openssh/openssh.mk | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
index 07f3e0d663..9175f9589d 100644
--- a/package/openssh/openssh.mk
+++ b/package/openssh/openssh.mk
@@ -22,6 +22,10 @@ define OPENSSH_USERS
sshd -1 sshd -1 * - - - SSH drop priv user
endef
+define OPENSSH_PERMISSIONS
+ /var/empty d 755 root root - - - - -
+endef
+
ifeq ($(BR2_TOOLCHAIN_SUPPORTS_PIE),)
OPENSSH_CONF_OPTS += --without-pie
endif
--
2.17.2
More information about the buildroot
mailing list