diff options
-rw-r--r-- | changes/feature_support-arch-nobody | 1 | ||||
-rwxr-xr-x | pkg/linux/bitmask-root | 30 |
2 files changed, 28 insertions, 3 deletions
diff --git a/changes/feature_support-arch-nobody b/changes/feature_support-arch-nobody new file mode 100644 index 00000000..6aa587a3 --- /dev/null +++ b/changes/feature_support-arch-nobody @@ -0,0 +1 @@ +- Support 'nobody' (used on Arch) as well as 'nogroup' as group names. Related to #6058. diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root index 622a0b8a..6fb1f0b3 100755 --- a/pkg/linux/bitmask-root +++ b/pkg/linux/bitmask-root @@ -51,7 +51,29 @@ cmdcheck = subprocess.check_output # CONSTANTS # -VERSION = "4" + +def get_no_group_name(): + """ + Return the right group name to use for the current OS. + Examples: + - Ubuntu: nogroup + - Arch: nobody + + :rtype: str or None + """ + import grp + try: + grp.getgrnam('nobody') + return 'nobody' + except KeyError: + try: + grp.getgrnam('nogroup') + return 'nogroup' + except KeyError: + return None + + +VERSION = "5" SCRIPT = "bitmask-root" NAMESERVER = "10.42.0.1" BITMASK_CHAIN = "bitmask" @@ -68,7 +90,7 @@ IPTABLES = "/sbin/iptables" IP6TABLES = "/sbin/ip6tables" OPENVPN_USER = "nobody" -OPENVPN_GROUP = "nogroup" +OPENVPN_GROUP = get_no_group_name() LEAPOPENVPN = "LEAPOPENVPN" OPENVPN_SYSTEM_BIN = "/usr/sbin/openvpn" # Debian location OPENVPN_LEAP_BIN = "/usr/local/sbin/leap-openvpn" # installed by bundle @@ -83,10 +105,12 @@ FIXED_FLAGS = [ "--management-signal", "--script-security", "1", "--user", "nobody", - "--group", "nogroup", "--remap-usr1", "SIGTERM", ] +if OPENVPN_GROUP is not None: + FIXED_FLAGS.extend(["--group", OPENVPN_GROUP]) + ALLOWED_FLAGS = { "--remote": ["IP", "NUMBER", "PROTO"], "--tls-cipher": ["CIPHER"], |