aboutsummaryrefslogtreecommitdiffstats
path: root/package/base-files/files
Commit message (Collapse)AuthorAgeFilesLines
* base-files: improve lib/upgrade/common.shKlaus Kudielka2019-05-111-13/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Recently, upgrade device autodetection has been added to the mvebu target. This exposes some shortcomings of the generic export_bootdevice function, e.g. on the Turris Omnia: export_bootdevice silently reports the root partition to be the boot device. This makes the sysupgrade process fail at several places. Fix this by clearly distinguishing between /proc/cmdline arguments which specify the boot disk, and those which specify the root partition. Only in the latter case, strip off the partition, and do it consistently. root=PARTUUID=<pseudo PARTUUID for MBR> (any partition) and root=/dev/* (any partition) are accepted. The root of the problem is that the *existing* export_bootdevice in /lib/upgrade/common.sh behaves differently, if the kernel is booted with root=/dev/..., or if it is booted with root=PARTUUID=... In the former case, it reports back major/minor of the root partition, in the latter case it reports back major/minor of the complete boot disk. Targets, which boot with root=/dev/... *and* use export_bootdevice / export_partdevice, have added workarounds to this behaviour, by specifying *negative* increments to the export_partdevice function. Consequently, those targets have to be adapted to use positive increments, otherwise they are broken by the change to export_bootdevice. Fixes: 4e8345ff68 ("mvebu: base-files: autodetect upgrade device") Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com> Tested-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
* base-files: add service_stopped as a post stop hookArthur Skowronek2019-05-051-0/+3
| | | | | | | | | | | | | | | | | | | | Purpose of these changes is to introduce a hook for post service shutdown in a similar fashion to the existing hook service_started. I found it to be useful to specify a hook that is called once the service has been stopped and not before the service is stopped like the stop_service hook does. The concrete use case I have for this is that I'm running a binary that takes over the hardware watchdog timer. Said binary unfortunately can not use ubus directly to tell procd to hand over the watchdog timer so this has to be done in the service file for the binary in question. In order to support a clean handover of the watchdog timer back to procd, the service init script has to dispatch the ubus invocation once the binary in question has been stopped. Signed-off-by: Arthur Skowronek <ags@digineo.de> Signed-off-by: Petr Štetiar <ynezz@true.cz> [added commit message, use the same form as other hooks]
* base-files: add leds migrationTomasz Maciej Nowak2019-04-061-0/+39
| | | | | | | | | | | Currently leds migration scripts in ar71xx and lantiq share a lot of logic and introducing leds migration to another target would mean copying this code, again. Therefore add common logic to library in base-files package. Suggested-by: Petr Štetiar <ynezz@true.cz> Signed-off-by: Petr Štetiar <ynezz@true.cz> Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
* base-files/hotplug: fix dedicated group for tty devicesMichael Heimpold2019-04-041-1/+1
| | | | | | | | | | | | | | | | | Commit 124ab1dc0a and 5523ee3459 introduced the assignment of the group "tty" to /dev/tty* devices in order to support unprivileged user access to serial devices. However, due to an improperly rebased commit this feature broke. This patch restores the lost hunk in hotplug.json file to re-introduce this feature and also renames the existing "tty" group to "dialout" as this is the more typical name for such a group on desktop systems. Fixes: 5209cfa534 ("procd: fix hotplug.json syntax") Signed-off-by: Michael Heimpold <mhei@heimpold.de> Acked-by: Jo-Philipp Wich <jo@mein.io>
* base-files: fix ucert verificationFelix Fietkau2019-02-121-1/+2
| | | | | | | | ucert needs to check the firmware part with metadata, but without the signature. Use the new fwtool mode to extract that without altering the firmware image inside the check Signed-off-by: Felix Fietkau <nbd@nbd.name>
* base-files: enable BPF JIT sysctl by defaultTony Ambardar2019-02-111-0/+2
| | | | | | Set net.core.bpf_jit_enable=1 in /etc/sysctl.d/10-default.conf. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* base-files: do not strip fwtool signature data during checkFelix Fietkau2019-02-091-1/+1
| | | | | | | Same reason as in commit 9808bd279927bcd2d3a78d19a55229b93bbbcf05 - sysupgrade --test must not alter the image in any way Signed-off-by: Felix Fietkau <nbd@nbd.name>
* base-files: config_get: prevent filename globbingGünther Kelleter2019-01-301-1/+1
| | | | | | | | | When config_get is called as "config_get section option" the option is unexpectedly globbed by the shell which differs from the way options are read to a variable with "config_get variable section option". Add another layer of double quotes to fix it. Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
* base-files: sysupgrade: support additional mtd optionsDavid Bauer2019-01-262-2/+3
| | | | | | | | | | Add support for passing additional parameters to mtd called during sysupgrade. It will be required to toggle the "recovery moe" flag supported by recent tp-link boards. Signed-off-by: David Bauer <mail@david-bauer.net> [split code from board support patch; add commit message] Signed-off-by: Mathias Kresin <dev@kresin.me>
* build: Optionally provide file checksums in package metadataMichal Hrusecky2019-01-221-0/+130
| | | | | | | This may be useful if you don't entirely trust your flash and want to be able to check for corruptions. Signed-off-by: Michal Hrusecky <Michal@Hrusecky.net>
* procd: Add wrapper for uci_validate_section()Jeffery To2019-01-221-7/+3
| | | | | | | | | | | | | | | | | This adds a wrapper (uci_load_validate) for uci_validate_section() that allows callers (through a callback function) to access the values set by uci_validate_section(), without having to manually declare a (potentially long) list of local variables. The callback function receives two arguments when called, the config section name and the return value of uci_validate_section(). If no callback function is given, then the wrapper exits with the value returned by uci_validate_section(). This also updates several init scripts to use the new wrapper function. Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* base-files: allow non-standard rootfs volume name in UBI in sysupgradeINAGAKI Hiroshi2019-01-011-6/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit allows to use non-standard UBI volume name as the rootfs volume in sysupgrade. ex.: The U-Boot on Buffalo WXR-2533DHP checks existence and checksum of "ubi_rootfs" volume when booting, so this name is required. OpenWrt currently provides several patches: 490-ubi-auto-attach-mtd-device-named-ubi-or-data-on-boot.patch 491-ubi-auto-create-ubiblock-device-for-rootfs.patch 492-try-auto-mounting-ubi0-rootfs-in-init-do_mounts.c.patch to facilitate ubi rootfs automount. However the upstream kernel also supports the means of booting from a fully custom ubi partition name and ubi volume name via bootargs/kernel's cmdline parameters: ubi.mtd=mtd_partition_name ubi.block=rootfs_volume_name root=/dev/ubiblock$X_$Y For more information and examples visit the wiki over at linux-mtd: <http://www.linux-mtd.infradead.org/faq/ubifs.html> <http://www.linux-mtd.infradead.org/doc/ubi.html> Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [reworded commit]
* base-files: install missing /etc/iproute2/ematch_mapTony Ambardar2018-12-191-0/+8
| | | | | | | | This file is needed to properly use the tc ematch modules present in kmod-sched-core and kmod-sched. It is a read-only index file of ematch methods used only by tc. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* base-files: Fix netdev led triggerHauke Mehrtens2018-12-161-1/+4
| | | | | | | | | | In the upstream netdev led trigger the one mode file was replaced by 3 files named rx, tx and link. Fix the netdev trigger configuration code to use the modified API. Fixes: aa3b6a08c56 ("kernel: Replace ledtrig-netdev with upstream backport") Reported-by: Hannu Nyman <hannu.nyman@iki.fi> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* base-files: add sysupgrade -k to save list of pkgsLuiz Angelo Daros de Luca2018-12-091-1/+35
| | | | | | | | | | | | | | When '-k' is used, sysupgrade inserts into backup a new file /etc/backup/installed_packages.txt which contains pkgname and origin (rom, overlay, unknown) without touching rootfs. It's mainly used to reinstall all extra packages: # opkg update # grep "\toverlay" /etc/backup/installed_packages.txt | cut -f1 | xargs -r opkg install # rm /etc/backup/installed_packages.txt Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* base-files: add sysupgrade -o to save all overlay filesLuiz Angelo Daros de Luca2018-12-091-4/+48
| | | | | | | | | | | Add sysupgrade '-o' option in order to include all overlay files in backup, except for those that are from packages but including files listed in conffiles, sysupgrade.conf or /lib/upgrade/keep.d. With '-u' option, it will skip files equals to /rom and conffiles that were not changed. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* base-files: add sysupgrade -u to skip unchanged filesLuiz Angelo Daros de Luca2018-12-091-8/+19
| | | | | | | | | | | With '-u', for a file /aaa/bbb/ccc enlisted for backup, it will only get into backup if /rom/aaa/bbb/ccc does not exist or /aaa/bbb/ccc is different from /rom/aaa/bbb/ccc. It also works with '-c', but only effective for files touched but not modified. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* base-files: minor cleanups on sysupgradeLuiz Angelo Daros de Luca2018-12-091-16/+17
| | | | | | | | | | | | | Renamed add_uci_conffiles to add_conffiles as it includes any conffiles listed, not only UCI ones. Make do_save_conffiles arg mandatory Allow other options after -l (like -c) Do not use stdout for error messages (fixes backup to stdout) Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* base-files: diag.sh: Make it more generic towards DTS so it could be reusedPetr Štetiar2018-12-061-2/+48
| | | | | | | | | | | | | | | | I wanted to add status LEDs support to my imx6 based board and have found out, that I could use diag.sh script found in ramips platform, which seems to be also shared in a few other platforms: 4801276bc2078c5bcf03003c831e3b0a target/linux/ramips/base-files/etc/diag.sh 4801276bc2078c5bcf03003c831e3b0a target/linux/ipq40xx/base-files/etc/diag.sh 4801276bc2078c5bcf03003c831e3b0a target/linux/ath79/base-files/etc/diag.sh So I've extended the base diag.sh in a way, that if it detects any of the DTS LED aliases, then it would use the generic DTS set_led_state code. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* base-files: fix several bashismsMichael Heimpold2018-12-055-5/+5
| | | | | | | For equality test a simple = is sufficient, the == is usually disregarded as bashism. Signed-off-by: Michael Heimpold <mhei@heimpold.de>
* Revert "base-files: fwtool: Fix wrong checksum on combined-image with metadata"Jo-Philipp Wich2018-12-021-1/+1
| | | | | | | | | | | | | | | | | This reverts commit 41770add03ad77a0ce41ed424ad050238f7d9272. The fwtool_check_image() procedure is used by `sysupgrade --test` which must not alter the image under test in any way. Currently, when the LuCI ui or any other sysupgrade wrapper first invokes sysupgrade --test to verify the compatibility of the image and then calculates the sha256sum over it, the resulting checksum will differ from the original image since the test invocation will implicitely strip the metadata trailer. To properly fix the underlying issue, the combined image checksumming code must be modified to skip the metadata trailer. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* base-files: fix prerm return value, align with postinst codeTony Ambardar2018-11-291-5/+10
| | | | | | | | | | | | | | | The return value of a package prerm script is discarded and not returned correctly by default_prerm(). This allows other operations like service shutdown to "leak" their return value, prompting workarounds like commit 48cfc826 which do not address the root cause. Preserve a package prerm script return value for use by default_prerm(), sharing the corresponding code from default_postinst() for consistency. Also use consistent code for handling of /etc/init.d/ scripts. Run Tested on: LEDE 17.01.4 running ar71xx. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* base-files: fwtool: Fix wrong checksum on combined-image with metadataPetr Štetiar2018-11-261-1/+1
| | | | | | | | | | | | | | | | | | If I create following image: define Device/engenius-m36 IMAGE/sysupgrade.bin := combined-image | append-metadata endef Sysupgrade then errors out: Invalid image. Contents do not match checksum (image:cd285595eaf297370404ae0e2815ec1a calculated:2cf9a2286fb6b01af3ea189128017d44) Image check 'platform_check_image' failed. By removing the metadata from the image I get combined-image checksum working again and sysupgrade works. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* base-files: sysupgrade: Allow downloading of firmware images using HTTPSPetr Štetiar2018-11-251-1/+2
| | | | | | Currently it's only possible to download images over HTTP. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* base-files: fix unkillable processes after restartLinus Kardell2018-11-221-0/+1
| | | | | | | | | | | | | | | When restart is run on an init script, the script traps SIGTERM. This is done as a workaround for scripts named the same name as the program they start. In that case, the init script process will have the same name as the program process, and so when the init script runs killall, it will kill itself. So SIGTERM is trapped to make the init script unkillable. However, the trap is retained when the init script runs start, and thus processes started by restart will not respond to SIGTERM, and will thus be unkillable unless you use SIGKILL. This fixes that by removing the trap before running start. Signed-off-by: Linus Kardell <linus@telliq.com>
* base-files: make it possible to specify switch led modeChristian Lamparter2018-09-293-4/+9
| | | | | | | | | | | | | | | | | The swconfig switch led driver has the ability to switch between a "link, rx and/or tx" mode. However, this feature was not implemented in uci, the led init script and config_generate. This patch adds a seventh parameter to the ucidef_set_led_switch() function. The accepted values for this parameter are: link, rx and tx. Any permutations of these three values are supported, as long as they are properly encased with quotes. If the parameter is not specified it will default to "all" (link rx tx). Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* base-files: add network_get_metric() to /lib/functions/network.shFlorian Eckert2018-09-251-0/+5
| | | | | Signed-off-by: Florian Eckert <fe@dev.tdt.de> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* base-files: fix postinstall uci-defaults removalTony Ambardar2018-09-241-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 7f694582 introduced a bug where default_postinst() often fails to remove a uci-defaults script after application, leaving it to run again after a reboot. (Note: commit 7f694582 also introduced FS#1021, now fixed by 73c745f6) The subtle problem arises from the shell logical chain: [ -f "$i" ] && . "$i" && rm -f "$i" Most uci-defaults scripts contain a terminal 'exit 0' statement which, when sourced, results in the logic chain exiting before executing 'rm -f'. This was observed while testing upgrades of 'luci-app-sqm'. The solution is to wrap the shell sourcing in a subshell relative to the command 'rm -f': ( [ -f "$i" ] && . "$i" ) && rm -f "$i" Revert to using 'grep' to prefilter the list of entries from the control file, which yields the full path of uci-defaults scripts. This allows keeping the existence check, directory change and script sourcing inside the subshell, with the script removal correctly outside. This approach avoids adding a second subshell only around the "." (source) command. The change also preserves the fix FS#1021, since the full path is used to source the script, which is POSIX-portable irrespective of PATH variable or reference to the CWD. Run Tested on: LEDE 17.01.4 running ar71xx, while tracing installation of package luci-app-sqm with its associated /etc/uci-defaults/luci-sqm file. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* base-files: /etc/services: add missing 'rpcbind' aliasAndy Walsh2018-09-101-2/+2
| | | | | | | | * add missing 'rpcbind' alias to /etc/services Allows rpcbind to open its 111 port and be reachable via lan, this is the default behaviour. Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* base-files: provide more tolerant xterm detectionPaul Wassi2018-08-291-1/+5
| | | | | | | | Set the window title not only in "xterm", but also in e.g. "xterm-256color", "xterm-color", etc. The case statement is taken from Debian / Ubuntu. Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* base-files: create /etc/ethers by defaultLuiz Angelo Daros de Luca2018-08-211-0/+6
| | | | | | | | | | | /etc/ethers is missing on /rom but always created when dnsmasq runs. It is better to have it in place and avoid an extra change in flash after firstboot. It will generate an extra /etc/ethers-opkg when it has changed. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* treewide: consolidate upgrade state setMathias Kresin2018-08-162-0/+6
| | | | | | | | | | Set the (sys)upgrade state when sourcing the stage2 script instead of setting the state for each target individual. This change fixes the, due to a missing state set, not working upgrade led on ath79 and apm821xx. Signed-off-by: Mathias Kresin <dev@kresin.me>
* base-files: add function to get mac as text from flashMathias Kresin2018-08-111-0/+23
| | | | | | | | | Add a function to get a mac stored as text from flash. The octets of the mac address need to be separated by any separator supported by macaddr_canonicalize(). Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com> Signed-off-by: Mathias Kresin <dev@kresin.me>
* base-files: use consistent coding styleMathias Kresin2018-08-111-8/+4
| | | | | | | | Add the opening bracket right after the function name, to do it the same way for all functions in this file. Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com> Signed-off-by: Mathias Kresin <dev@kresin.me>
* base-files: make wifi report unknown commandThibaut VARÈNE2018-08-101-2/+3
| | | | | | | | | | | Avoid having /sbin/wifi silently ignore unknown keywords and execute "up"; instead display the help message and exit with an error. Spell out the "up" keyword (which has users), add it to usage output, and preserve the implicit assumption that runing /sbin/wifi without argument performs "up". Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* base-files: introduce sysupgrade signature chain verificationDaniel Golle2018-08-082-1/+26
| | | | | | | | | Verify ucert signature chains in sysupgrade images in case ucert is installed and $CHECK_IMAGE_SIGNARURE = 1. Also make sure ucert host binary is present and generate a self-signed ucert in case $TOPDIR/key-build.ucert is missing. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* base-files: do not add relevant sections & options except when ipv6 is ↵Rosy Song2018-08-061-16/+26
| | | | | | support in kernel Signed-off-by: Rosy Song <rosysong@rosinson.com>
* base-files: sysupgrade: abort if config backup failsAndreas Ziegler2018-08-061-0/+5
| | | | | | | Sysupgrade shouldn't proceed, if the backup of the configuration fails because tar (or gzip) exit with a non-zero code. Signed-off-by: Andreas Ziegler <dev@andreas-ziegler.de>
* base-files: drop fwtool_pre_upgradeJohn Crispin2018-07-302-7/+0
| | | | | | | this feature has never worked, the fw image name was not passed and the -t parameter was missing in the tool invocation. drop the feature. Signed-off-by: John Crispin <john@phrozen.org>
* base-files: fix wrong sysctl parameter orderLuiz Angelo Daros de Luca2018-07-181-1/+1
| | | | | | | | | | | Restarting service sysctl echos multiple errors like: sysctl: -e: No such file or directory After the first filename, all remaining arguments are treated as files. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* base-files: network.sh: gracefully handle missing network.interface ubus nsJo-Philipp Wich2018-07-171-4/+10
| | | | | | | | | | | | | | | | | | | | | When attempting to use any of the functions in network.sh while netifd is not started yet, the ubus interface dump query will fail with "Not found", yielding an empty response. Subsequently, jsonfilter is invoked with an empty string instead of a valid JSON document, causing it to emit a second "unexpected end of data" error. This caused the dnsmasq init script to log the following errors during early boot on some systems: procd: /etc/rc.d/S19dnsmasq: Command failed: Not found. procd: /etc/rc.d/S19dnsmasq: Failed to parse json data: unexpected end of data. Fix the issue by allowing the ubus query to fail with "Not found" but still logging other failures, and by passing an empty JSON object to jsonfilter if the interface status cache is empty. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* basefiles: Reword sysupgrade messageKevin Darbyshire-Bryant2018-07-081-1/+1
| | | | | | sysupgrade 'upgrade' message more verbose than needs be. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* base-files: add menuconfig option for HOME_URLMathias Kresin2018-06-271-1/+1
| | | | | | | | | | Add a menuconfig option to set the HOME_URL exposed in /usr/lib/os-release independent from the LEDE_DEVICE_MANUFACTURER_URL. Fixes: FS#1123 Signed-off-by: Mathias Kresin <dev@kresin.me>
* base-files: fix links in banner.failsafeSven Roederer2018-06-181-1/+3
| | | | | | | Update the link to the current section in the documentaion wiki. This fixes https://github.com/openwrt/packages/issues/6282 Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de>
* base-files: exit if mtd write command fails during sysupgradeRafał Miłecki2018-06-181-0/+1
| | | | | | | | | | It avoids confusing situations like: > Could not get image magic > Image check failed. > Upgrade completed > Rebooting system... Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* base-files: sysupgrade: fix handing get_image unpack commandsMatthias Schiffer2018-06-111-6/+6
| | | | | | | | On bcm53xx and brcm47xx, commands are passed to default_do_upgrade that expect the image to be passed on stdin, rather than as an argument. Fixes: 30f61a34b4cf ("base-files: always use staged sysupgrade") Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* base-files: fix UCI config parsing and callback handlingTony Ambardar2018-06-061-8/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are several long-standing issues present in the UCI shell API as documented in https://wiki.openwrt.org/doc/devel/config-scripting. They relate both to high-level, user-defined callback functions used to process UCI config files, and also to low-level functions used within scripts generally. The related problems have been encountered now and in the past, e.g. https://forum.openwrt.org/viewtopic.php?id=54295, and include: a) UCI parsing option() function and user-defined option_cb() callbacks being erroneously called during processing of "list" config file entries; b) normal usage of the low-level config_set() unexpectedy calling any defined option_cb() if present; and c) handling of the list_cb() not respecting the NO_CALLBACK variable. Root causes include a function stack "inversion", where the low-level config_set() function incorrectly calls the high-level option() function, intended only for processing the "option" keyword of UCI config files. This change addresses the inversion and other issues, making the option handling code more consistent and smaller, and simplifying developers' usage of UCI callbacks. Signed-off-by: Tony Ambardar <itugrok@yahoo.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* base-files: fix ucidef_set_interface() protocol selectionJo-Philipp Wich2018-05-251-5/+11
| | | | | | | | | | | | The previous refactoring of ucidef_set_interface() removed the protocol selection heuristic which breaks the networking defaults for the majority of boards. Re-add the protocol selection and rename two bad "proto" references to the expected "protocol" value. Fixes: 85048a9c1f ("base-files: rework _ucidef_set_interface to be more generic") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* base-files: rework _ucidef_set_interface to be more genericRoman Yeryomin2018-05-241-50/+24
| | | | | | | | | | | | This is a rework of previously submitted patch reworking ucidef_set_interface_raw [1]. Here, keep the idea but instead make _ucidef_set_interface more generic and use it instead of ucidef_set_interface_raw. Also change the users like ucidef_set_interface_lan and others. [1] https://patchwork.ozlabs.org/patch/844961/ Signed-off-by: Roman Yeryomin <roman@advem.lv>
* sysctl: Protect hard/symlinks by default.Rosen Penev2018-05-011-0/+3
| | | | | | | There is no usecase for not protecting symlinks that I know of in OpenWrt. Not even on desktop systems where you have multiple users with a shell. Signed-off-by: Rosen Penev <rosenp@gmail.com>