summaryrefslogtreecommitdiff
path: root/pkg/linux/bitmask-root
diff options
context:
space:
mode:
authorIvan Alejandro <ivanalejandro0@gmail.com>2015-01-07 18:49:26 -0300
committerIvan Alejandro <ivanalejandro0@gmail.com>2015-01-08 12:59:49 -0300
commite046eeb7355a2ce3856eedee08bbc3d73ed7bbaa (patch)
tree64172447e4c5587f2ff4140605232b05066aba36 /pkg/linux/bitmask-root
parentb9326cfceb304cebeb97017ebb8d22ba06f98f75 (diff)
Support for 'nobody' (used on Arch) group name.
Diffstat (limited to 'pkg/linux/bitmask-root')
-rwxr-xr-xpkg/linux/bitmask-root30
1 files changed, 27 insertions, 3 deletions
diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root
index 622a0b8a..6fb1f0b3 100755
--- a/pkg/linux/bitmask-root
+++ b/pkg/linux/bitmask-root
@@ -51,7 +51,29 @@ cmdcheck = subprocess.check_output
# CONSTANTS
#
-VERSION = "4"
+
+def get_no_group_name():
+ """
+ Return the right group name to use for the current OS.
+ Examples:
+ - Ubuntu: nogroup
+ - Arch: nobody
+
+ :rtype: str or None
+ """
+ import grp
+ try:
+ grp.getgrnam('nobody')
+ return 'nobody'
+ except KeyError:
+ try:
+ grp.getgrnam('nogroup')
+ return 'nogroup'
+ except KeyError:
+ return None
+
+
+VERSION = "5"
SCRIPT = "bitmask-root"
NAMESERVER = "10.42.0.1"
BITMASK_CHAIN = "bitmask"
@@ -68,7 +90,7 @@ IPTABLES = "/sbin/iptables"
IP6TABLES = "/sbin/ip6tables"
OPENVPN_USER = "nobody"
-OPENVPN_GROUP = "nogroup"
+OPENVPN_GROUP = get_no_group_name()
LEAPOPENVPN = "LEAPOPENVPN"
OPENVPN_SYSTEM_BIN = "/usr/sbin/openvpn" # Debian location
OPENVPN_LEAP_BIN = "/usr/local/sbin/leap-openvpn" # installed by bundle
@@ -83,10 +105,12 @@ FIXED_FLAGS = [
"--management-signal",
"--script-security", "1",
"--user", "nobody",
- "--group", "nogroup",
"--remap-usr1", "SIGTERM",
]
+if OPENVPN_GROUP is not None:
+ FIXED_FLAGS.extend(["--group", OPENVPN_GROUP])
+
ALLOWED_FLAGS = {
"--remote": ["IP", "NUMBER", "PROTO"],
"--tls-cipher": ["CIPHER"],