diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-09-21 20:29:49 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-09-21 20:32:57 +0200 |
| commit | 590cf0e626f6a5e813ec4f3021c028a5e098e27d (patch) | |
| tree | 9adac9fca58d578a31402b83f82d81df4f059111 | |
| parent | b243795eba1b36cadd81c3149e833bdf5c5bea70 (diff) | |
| download | vyos-1x-590cf0e626f6a5e813ec4f3021c028a5e098e27d.tar.gz vyos-1x-590cf0e626f6a5e813ec4f3021c028a5e098e27d.zip | |
vrrp: keepalived: T616: enable script security
| -rw-r--r-- | data/templates/vrrp/keepalived.conf.tmpl | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/data/templates/vrrp/keepalived.conf.tmpl b/data/templates/vrrp/keepalived.conf.tmpl index 2b53b04af..3696c8395 100644 --- a/data/templates/vrrp/keepalived.conf.tmpl +++ b/data/templates/vrrp/keepalived.conf.tmpl @@ -5,6 +5,9 @@ global_defs { dynamic_interfaces script_user root + # Don't run scripts configured to be run as root if any part of the path + # is writable by a non-root user. + enable_script_security notify_fifo /run/keepalived/keepalived_notify_fifo notify_fifo_script /usr/libexec/vyos/system/keepalived-fifo.py } |