diff options
author | Bruno Thomsen <bruno.thomsen@gmail.com> | 2020-07-31 18:11:39 +0200 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2020-08-02 10:03:09 +0200 |
commit | a1045bff1045a99c17f00ae017d58f6a0b7588fd (patch) | |
tree | 53f2061f9647b441ad98109188293fe5ee4b22ea | |
parent | 33a77b259dde94d87390c01f5a1dbb83053daf4c (diff) | |
download | ptxdist-a1045bff1045a99c17f00ae017d58f6a0b7588fd.tar.gz ptxdist-a1045bff1045a99c17f00ae017d58f6a0b7588fd.tar.xz |
chrony: run chronyd as chrony user
Running service as non-root limits system exposure and it's
considered best practice when doing network communication.
Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
Message-Id: <20200731161141.6155-5-bruno.thomsen@gmail.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
-rw-r--r-- | rules/chrony.make | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/rules/chrony.make b/rules/chrony.make index afdfe434a..51141059c 100644 --- a/rules/chrony.make +++ b/rules/chrony.make @@ -53,6 +53,7 @@ CHRONY_CONF_OPT := \ --disable-phc \ --disable-pps \ $(call ptx/ifdef, PTXCONF_GLOBAL_IPV6,,--disable-ipv6) \ + --with-user=chrony \ --without-seccomp # ---------------------------------------------------------------------------- |