From: Florian Eckert <redacted>
Date: Wed, 29 Apr 2020 17:40:46 +0000 (+0200)
Subject: keepalived: add script security param to fix warning
X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=1b1ba710632f8f4850f02c22e83734a6c8b5c41a;p=openwrt-packages.git

keepalived: add script security param to fix warning

Openwrt is a single user system. So keepalived is runnig as root.
If we add the config options `script_user root` and
`enabled_script_security' the following warnings are gone.

> local1.info Keepalived_vrrp[5382]: SECURITY VIOLATION - scripts are
being executed but script_security not enabled.

Signed-off-by: Florian Eckert <redacted>
---

diff --git a/net/keepalived/files/keepalived.init b/net/keepalived/files/keepalived.init
index 05c47bb36..7af3f9c61 100644
--- a/net/keepalived/files/keepalived.init
+++ b/net/keepalived/files/keepalived.init
@@ -98,6 +98,9 @@ print_notify() {
 globals() {
 	local notification_email
 
+	printf '%bscript_user root\n' "${INDENT_1}" >> "$KEEPALIVED_CONF"
+	printf '%benabled_script_security\n' "${INDENT_1}" >> "$KEEPALIVED_CONF"
+
 	config_get notification_email "$1" notification_email
 	print_list_indent notification_email