To quote from the kernel documentation:
> Historically the kernel has allowed TIOCSTI, which will push
> characters into a controlling TTY. This continues to be used
> as a malicious privilege escalation mechanism, and provides no
> meaningful real-world utility any more. Its use is considered
> a dangerous legacy operation, and can be disabled on most
> systems.
>
> Say Y here only if you have confirmed that your system's
> userspace depends on this functionality to continue operating
> normally.
>
> Processes which run with CAP_SYS_ADMIN, such as BRLTTY, can
> use TIOCSTI even when this is set to N.
>
> This functionality can be changed at runtime with the
> dev.tty.legacy_tiocsti sysctl. This configuration option sets
> the default value of the sysctl.
This patch therefore proposes to no longer allow legacy TIOCSTI usage
in IPFire, given its security implications and the apparent lack of
legitimate usage.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The "ping" plugin does not re-resolve the gateway IP address after
pinging it for the first time. For most people this won't be a big
problem, but if the default gateway changes, the latency graph won't
work any more.
In order to do re-resolve "gateway", the only way is to restart
collectd.
Fixes: #13522
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
this is the first version that support booting linux kernel on
riscv. The release of the final version was delayed again and again
so i have bootstrapped the rc1 from the git and fixed the path in 25_bli.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
This update builds glibc with FORTIFY_SOURCE and disables building nscd
which has been unused in IPFire.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch does not include the rootfile for riscv64 because GCC FTBFS.
Bug #13156 has been opened to address this.
But since we don't officially support IPFire riscv64, yet, this should
not delay this going into next.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- With the last update of lvm2 lvmetad was removed from lvm2. I did not recognise that
lvmetad had been setup as an automatic initscript, so it no longer works as the
binary is no longer provided.
- This patch removes the lvmetad initscript, the reference to lvmetad in the initscript
lfs file and the lvmetad initscript entries in the rootfile for each architecture.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
this patch add nanopi r2c plus support.
if this u-boot is installed on the eMMC this is also
supported.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- rngd removed from initscripts lfs and rootfiles due to change of rng-tools to addon
Fixes: Bug#12900
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
