matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[tacacs]: Fix tcpdump report error when tacacs enabled (#16372) (#17077)

Browse Source
This commit is contained in:
mssonicbld 2023-11-03 04:31:18 +08:00 committed by GitHub
parent feaa855346
commit fbf30ec6a8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
build_debian.sh
View File

@ -424,6 +424,10 @@ LogsDirectory=audit
LogsDirectoryMode=0750 LogsDirectoryMode=0750
EOF EOF
# latest tcpdump control resource access with AppArmor.
# override tcpdump profile to allow tcpdump access TACACS config file.
sudo cp files/apparmor/usr.bin.tcpdump $FILESYSTEM_ROOT/etc/apparmor.d/local/usr.bin.tcpdump
if [[ $CONFIGURED_ARCH == amd64 ]]; then if [[ $CONFIGURED_ARCH == amd64 ]]; then
## Pre-install the fundamental packages for amd64 (x86) ## Pre-install the fundamental packages for amd64 (x86)
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install \ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install \

2
files/apparmor/usr.bin.tcpdump Normal file
View File

@ -0,0 +1,2 @@
# tcpdump will call getpwnam get current user information, the NSS plugin nss_tacplus hook this API and need access tacacs config file.
/etc/tacplus_nss.conf r,