aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services/mdns/files
diff options
context:
space:
mode:
Diffstat (limited to 'package/network/services/mdns/files')
-rw-r--r--package/network/services/mdns/files/mdns.config1
-rw-r--r--package/network/services/mdns/files/mdns.init4
-rw-r--r--package/network/services/mdns/files/mdns.json32
3 files changed, 36 insertions, 1 deletions
diff --git a/package/network/services/mdns/files/mdns.config b/package/network/services/mdns/files/mdns.config
index d64ba6768c..b09eaf5c89 100644
--- a/package/network/services/mdns/files/mdns.config
+++ b/package/network/services/mdns/files/mdns.config
@@ -1,2 +1,3 @@
config mdns
+ option jail 1
list network lan
diff --git a/package/network/services/mdns/files/mdns.init b/package/network/services/mdns/files/mdns.init
index 1bb764ee13..6f781190ff 100644
--- a/package/network/services/mdns/files/mdns.init
+++ b/package/network/services/mdns/files/mdns.init
@@ -35,6 +35,7 @@ start_service() {
procd_open_instance
procd_set_param command "$PROG"
+ procd_set_param seccomp /etc/seccomp/mdns.json
procd_set_param respawn
procd_open_trigger
procd_add_config_trigger "config.change" "mdns" /etc/init.d/mdns reload
@@ -43,10 +44,11 @@ start_service() {
done
procd_add_raw_trigger "instance.update" 5000 "/bin/ubus" "call" "mdns" "reload"
procd_close_trigger
+ [ "$(uci get mdns.@mdns[-1].jail)" = 1 ] && procd_add_jail mdns ubus log
procd_close_instance
}
service_started() {
- ubus wait_for -t 5 mdns
+ ubus wait_for -t 10 mdns
[ $? = 0 ] && reload_service
}
diff --git a/package/network/services/mdns/files/mdns.json b/package/network/services/mdns/files/mdns.json
new file mode 100644
index 0000000000..c22ba6f5fb
--- /dev/null
+++ b/package/network/services/mdns/files/mdns.json
@@ -0,0 +1,32 @@
+{
+ "whitelist": [
+ "read",
+ "write",
+ "open",
+ "close",
+ "time",
+ "brk",
+ "ioctl",
+ "uname",
+ "bind",
+ "connect",
+ "getsockname",
+ "recvmsg",
+ "sendmsg",
+ "sendto",
+ "setsockopt",
+ "socket",
+ "poll",
+ "fcntl64",
+ "epoll_create",
+ "epoll_ctl",
+ "epoll_wait",
+ "rt_sigaction",
+ "sigreturn",
+ "rt_sigreturn",
+ "exit_group",
+ "exit",
+ "clock_gettime"
+ ],
+ "policy": 1
+}