aboutsummaryrefslogtreecommitdiffstats
path: root/package/system/procd/files/procd.sh
diff options
context:
space:
mode:
authorJohn Crispin <john@openwrt.org>2015-03-26 10:58:25 +0000
committerJohn Crispin <john@openwrt.org>2015-03-26 10:58:25 +0000
commite85b93d9b83fef4f3d6f1bc82be15f97b2cb98bf (patch)
tree670150b40ff9f8751f6d1e6088950d6d59ce7eab /package/system/procd/files/procd.sh
parent4cf79298697bb34de1df53ea79535cba5d2c1e99 (diff)
downloadupstream-e85b93d9b83fef4f3d6f1bc82be15f97b2cb98bf.tar.gz
upstream-e85b93d9b83fef4f3d6f1bc82be15f97b2cb98bf.tar.bz2
upstream-e85b93d9b83fef4f3d6f1bc82be15f97b2cb98bf.zip
procd: add jail support
Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 45010
Diffstat (limited to 'package/system/procd/files/procd.sh')
-rw-r--r--package/system/procd/files/procd.sh60
1 files changed, 59 insertions, 1 deletions
diff --git a/package/system/procd/files/procd.sh b/package/system/procd/files/procd.sh
index 78352c0b76..f6c5e97216 100644
--- a/package/system/procd/files/procd.sh
+++ b/package/system/procd/files/procd.sh
@@ -112,6 +112,7 @@ _procd_open_instance() {
_PROCD_INSTANCE_SEQ="$(($_PROCD_INSTANCE_SEQ + 1))"
name="${name:-instance$_PROCD_INSTANCE_SEQ}"
json_add_object "$name"
+ [ -n "$TRACE_SYSCALLS" ] && json_add_boolean trace "1"
}
_procd_open_trigger() {
@@ -122,6 +123,60 @@ _procd_open_validate() {
json_add_array "validate"
}
+_procd_add_jail() {
+ json_add_object "jail"
+ json_add_string name "$1"
+ json_add_string root "/tmp/.jail/$1"
+
+ shift
+
+ for a in $@; do
+ case $a in
+ log) json_add_boolean "log" "1";;
+ ubus) json_add_boolean "ubus" "1";;
+ procfs) json_add_boolean "procfs" "1";;
+ sysfs) json_add_boolean "sysfs" "1";;
+ esac
+ done
+ json_add_object "mount"
+ json_close_object
+ json_close_object
+}
+
+_procd_add_jail_mount() {
+ local _json_no_warning=1
+
+ json_select "jail"
+ [ $? = 0 ] || return
+ json_select "mount"
+ [ $? = 0 ] || {
+ json_select ..
+ return
+ }
+ for a in $@; do
+ json_add_string "$a" "0"
+ done
+ json_select ..
+ json_select ..
+}
+
+_procd_add_jail_mount_rw() {
+ local _json_no_warning=1
+
+ json_select "jail"
+ [ $? = 0 ] || return
+ json_select "mount"
+ [ $? = 0 ] || {
+ json_select ..
+ return
+ }
+ for a in $@; do
+ json_add_string "$a" "1"
+ done
+ json_select ..
+ json_select ..
+}
+
_procd_set_param() {
local type="$1"; shift
@@ -140,7 +195,7 @@ _procd_set_param() {
nice)
json_add_int "$type" "$1"
;;
- user)
+ user|seccomp)
json_add_string "$type" "$1"
;;
stdout|stderr)
@@ -367,6 +422,9 @@ _procd_wrapper \
procd_close_instance \
procd_open_validate \
procd_close_validate \
+ procd_add_jail \
+ procd_add_jail_mount \
+ procd_add_jail_mount_rw \
procd_set_param \
procd_append_param \
procd_add_validation \