From 6f6aa306025eb63c3ad1320d885d720c11834095 Mon Sep 17 00:00:00 2001
From: Tanguy Raufflet <tanguy.raufflet@savoirfairelinux.com>
Date: Wed, 23 Oct 2024 14:58:06 +0200
Subject: netdata: modify apps.plugin permissions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Modification of the group for the apps.plugin file (from root to
netdata) and removal of execution authorization for the “others”.

This modification improves security by limiting the netdata group to
execute the plugin as root.

Signed-off-by: Tanguy Raufflet <tanguy.raufflet@savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta-webserver/recipes-webadmin/netdata/netdata_1.47.3.bb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta-webserver/recipes-webadmin/netdata/netdata_1.47.3.bb b/meta-webserver/recipes-webadmin/netdata/netdata_1.47.3.bb
index 841894ede9..3b9ae9ca89 100644
--- a/meta-webserver/recipes-webadmin/netdata/netdata_1.47.3.bb
+++ b/meta-webserver/recipes-webadmin/netdata/netdata_1.47.3.bb
@@ -83,7 +83,8 @@ do_compile:append() {
 
 do_install:append() {
     #set S UID for plugins
-    chmod 4755 ${D}${libexecdir}/netdata/plugins.d/apps.plugin
+    chown root:netdata ${D}${libexecdir}/netdata/plugins.d/apps.plugin
+    chmod 4750 ${D}${libexecdir}/netdata/plugins.d/apps.plugin
     rm -rf ${D}/${localstatedir}/
 
     if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
-- 
cgit v1.2.3-54-g00ecf