aboutsummaryrefslogtreecommitdiff
path: root/package/openssh
diff options
context:
space:
mode:
authorGravatar Chris Lesiak <chris.lesiak@licor.com>2018-12-17 22:25:32 +0000
committerGravatar Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>2019-02-03 21:49:20 +0100
commitf85665c58562a967e3dcb5f72fa8af0a606c9274 (patch)
tree010266f9ef9988bde2a33dd9b6268ecef9e990bf /package/openssh
parent122089adf699ebe879d55466fe34f1ccabfe4808 (diff)
downloadbuildroot-f85665c58562a967e3dcb5f72fa8af0a606c9274.tar.gz
buildroot-f85665c58562a967e3dcb5f72fa8af0a606c9274.tar.bz2
package/openssh: Set /var/empty permissions
The openssh privilege separation feature, enabled by default, requires that the path /var/empty exists and has certain permissions (not writable by the sshd user). Note that nothing ever gets writting in this directory, so it works fine on a readonly rootfs. See README.privsep included as part of the openssh distribution. Signed-off-by: Chris Lesiak <chris.lesiak@licor.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Diffstat (limited to 'package/openssh')
-rw-r--r--package/openssh/openssh.mk4
1 files changed, 4 insertions, 0 deletions
diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
index 4ee7727fb9..4781cd3fbc 100644
--- a/package/openssh/openssh.mk
+++ b/package/openssh/openssh.mk
@@ -23,6 +23,10 @@ define OPENSSH_USERS
sshd -1 sshd -1 * - - - SSH drop priv user
endef
+define OPENSSH_PERMISSIONS
+ /var/empty d 755 root root - - - - -
+endef
+
ifeq ($(BR2_TOOLCHAIN_SUPPORTS_PIE),)
OPENSSH_CONF_OPTS += --without-pie
endif