diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-09-21 20:29:49 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2021-09-21 22:19:17 +0200 |
commit | b66ab0b02566d2b4eec6ec26db5122269fde89f1 (patch) | |
tree | 498ad1d9f6a381b78aa554a108706155e7699767 /data/templates | |
parent | 65398e5c8aedf2f206bb706e97aa828e409d07b3 (diff) | |
download | vyos-1x-b66ab0b02566d2b4eec6ec26db5122269fde89f1.tar.gz vyos-1x-b66ab0b02566d2b4eec6ec26db5122269fde89f1.zip |
vrrp: keepalived: T616: enable script security
(cherry picked from commit 590cf0e626f6a5e813ec4f3021c028a5e098e27d)
Diffstat (limited to 'data/templates')
-rw-r--r-- | data/templates/vrrp/keepalived.conf.tmpl | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/data/templates/vrrp/keepalived.conf.tmpl b/data/templates/vrrp/keepalived.conf.tmpl index c9835049a..6b0f8e58e 100644 --- a/data/templates/vrrp/keepalived.conf.tmpl +++ b/data/templates/vrrp/keepalived.conf.tmpl @@ -5,6 +5,9 @@ global_defs { dynamic_interfaces script_user root + # Don't run scripts configured to be run as root if any part of the path + # is writable by a non-root user. + enable_script_security notify_fifo /run/keepalived/keepalived_notify_fifo notify_fifo_script /usr/libexec/vyos/system/keepalived-fifo.py } |