diff mbox series

[kirkstone,04/13] polkit: Add --shell /bin/nologin to polkitd user

Message ID eb9a5dcbf3b9b0bcfd2607587b5e351ab03c23b4.1659968069.git.akuster808@gmail.com
State New
Headers show
Series None | expand

Commit Message

akuster808 Aug. 8, 2022, 2:22 p.m. UTC 
From: Akash Hadke <akash.hadke@kpit.com>

polkitd user has default access to /bin/sh, add --shell /bin/nologin
to remove default access to /bin/sh and avoid login through it.

Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7ca63e5454bd7cbdb5ac58f6b5913e3387b64201)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/recipes-extended/polkit/polkit_0.119.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/meta-oe/recipes-extended/polkit/polkit_0.119.bb b/meta-oe/recipes-extended/polkit/polkit_0.119.bb
index 66bbf735f0..9444cb9f2d 100644
--- a/meta-oe/recipes-extended/polkit/polkit_0.119.bb
+++ b/meta-oe/recipes-extended/polkit/polkit_0.119.bb
@@ -58,7 +58,7 @@  FILES:${PN}:append = " \
 FILES:${PN}-examples = "${bindir}/*example*"
 
 USERADD_PACKAGES = "${PN}"
-USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/${BPN}-1 polkitd"
+USERADD_PARAM:${PN} = "--system --no-create-home --user-group --home-dir ${sysconfdir}/${BPN}-1 --shell /bin/nologin polkitd"
 
 SYSTEMD_SERVICE:${PN} = "${BPN}.service"
 SYSTEMD_AUTO_ENABLE = "disable"