source-git / pacemaker

Clone
Source Code
GIT

33843e High: pacemakerd: ignore shutdown requests from unprivileged users

1 file Authored by kgaillot 4 years ago, Committed by Packit Service 4 years ago,
raw patch tree parent
1 file changed. 20 lines added. 3 lines removed.
daemons/pacemakerd/pacemakerd.c
file modified
+20 -3 
    High: pacemakerd: ignore shutdown requests from unprivileged users
    
    The pacemakerd IPC API supports a shutdown request, along with a
    command-line interface for using it (pacemakerd --shutdown).
    
    Only the haclient group has access to the IPC. Without ACLs, that group can
    already shut down Pacemaker via the CIB, so there's no security implication.
    
    However, it might not be desired to allow ACL-restricted users to shut down
    Pacemaker, so block users other than root or hacluster if ACLs are supported.
file modified
+20 -3

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation