aboutsummaryrefslogtreecommitdiffstats
path: root/package/system/procd
Commit message (Collapse)AuthorAgeFilesLines
* procd: extend requirejail attribute handlingDaniel Golle2020-04-251-3/+3
| | | | | | | | e2ed964 jail: don't fail unless requirejail is set 17e7ae7 jail: don't load libpreload-seccomp.so if it doesn't exist Fixes openwrt/packages#11913 Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: fix jail when running on glibcDaniel Golle2020-04-191-3/+3
| | | | | | d200b70 jail: include /etc/nsswitch.conf in jail for glibc. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: jail fixes and improvementsDaniel Golle2020-04-141-3/+3
| | | | | | | | | | | 32c717e jail: only mess with rootfs if CLONE_NEWNS was set b275a62 instance: harmonize instance API 511fd97 jail: make /proc more secure 4953b7c jail: mount /sys read-only a4d6442 jail: replace /etc/resolv.conf with symlink in extroot+overlay a4cc165 jail: always mount /dev as additional tmpfs Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: bump to latest HEADDaniel Golle2020-04-092-4/+7
| | | | | | | | | | | | 2188d81 jail: add support for launching extroot containers 6f3dbd2 jail: add support for userns and cgroupsns 28a06e5 jail: add support for (ram-)overlayfs Add handling for extroot, overlaydir and tmpoverlaysize as well as jail flags for userns and cgroupsns to OpenWrt's shell script to allow their use in init scripts. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to latest git HEADDaniel Golle2020-03-131-4/+4
| | | | | | 77a6782 jail: mount-bind /etc/resolv.conf for non-netns jails Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: actually wire-up netns supportDaniel Golle2020-03-122-1/+2
| | | | | | | | When support for network namespaces was added to procd, adding the corresponding jail flag in procd.sh was ommitted. Add it now. Fixes: 97a03a4760 ("procd: update to latest git HEAD") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: seccomp: fix resource leakKevin Darbyshire-Bryant2020-02-111-3/+3
| | | | | | | | Bump to latest commit: c30b23e seccomp: fix resource leak Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* procd: update to latest git HEADHans Dedecker2020-02-091-2/+2
| | | | | | | | Fixes c0c988e179a75d33c82ed0621d954fc0ac2c0c14 bcb8655 instance: add 'requirejail' attribute Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: support 'requirejail' attributeKevin Darbyshire-Bryant2020-02-042-2/+3
| | | | | | | | | | | | | | | | Bump procd package to reduce log spam related to missing jail binaries in a non-jail capable system. bcb8655 instance: add 'requirejail' attribute An additional jail attribute 'requirejail' can now be used to indicate mandatory use of a jailed environment and hence prevent process startup in the event that the jail subsystem is unavailable. Procd will now only log errors if jail is unavailable and 1) is a mandatory requirement or 2) a procd debug level of at least 2 is in use. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* procd: update to version 2020-01-24Petr Štetiar2020-01-241-3/+3
| | | | | | | | 00aafc4f439e procd: show process's exit code 856b5f8be046 state: fix reboot causing shutdown inside LXC container b44417c20c7f instance: provide error feedback if ujail binary is missing Signed-off-by: Petr Štetiar <ynezz@true.cz>
* procd: update to latest git HEADDaniel Golle2020-01-211-4/+4
| | | | | | | | | | | | | 58c12f7 jail: add basic support for network namespaces ba69639 jail: create resolv.conf symlink for netns jails 81b88b1 jail: more strict mount options for /tmp/resolv.conf.d/ Add new 'netns' flag for procd_add_jail to make ujail setup a new network namespace for the jailed service. See previous netifd commit for example configuration for netns jailed service. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: activate PIE ASLR by defaultPetr Štetiar2020-01-141-0/+1
| | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. Size increase on x86/64: procd Installed-Size: 44931 -> 47362 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* procd: update to version 2020-01-04Petr Štetiar2020-01-051-3/+3
| | | | | | | | | | | a5af33ce9a16 instance: strdup string attributes d2e8bf6ef7cf system: watchdog_set: fix misleading indentation 9814807bd71c system: sysupgrade: fix possibly misleading error c7a2db3c1eb6 system: sysupgrade: rework firmware validation ea45c4a0f07c system: fix failing image validation due to EINTR 4fde95506243 cmake: fix lookup of external libraries Signed-off-by: Petr Štetiar <ynezz@true.cz>
* procd: fix running jailed non-root processDaniel Golle2019-12-301-4/+4
| | | | | | | | | Setting user and group for a jailed process caused the jail not to come up. Fix this by passing user and group to ujail and change user only once the jail has been setup. This allows jailing services which refuse to run as root user. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to latest git HEADHans Dedecker2019-11-261-3/+3
| | | | | | 3aa051b system: sysupgrade: close input side of pipe before reading Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: start additional consoles during hotpluggingMichael Heimpold2019-11-092-1/+5
| | | | | | | | Now that 'start-console' procd command has reached the main repo, we can add a rule to start consoles on serial devices which are created when USB gadget driver reports creation with hotplugging. Signed-off-by: Michael Heimpold <mhei@heimpold.de>
* procd: Update to version 2019-11-02Hauke Mehrtens2019-11-031-3/+3
| | | | | | | | | | | | | | f47622e instance: Warn about unexpected number of parameters 564ecdf instance: ujail: Fix allocated size for no_new_privs parameter 7fb2e1d procd: simplify code in procd_inittab_run 4a127c3 procd: replace exit(-1) with exit(EXIT_FAILURE) bc0a73e procd: add upgraded binary to .gitignore ba4c4db procd: add start-console support 3e39fe5 procd: shift arguments for askfirst only once 5d62829 procd: skip respawn in case device disappeared d27949f procd: guard fork_worker calls Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* procd: update to latest git HEADHans Dedecker2019-10-221-3/+3
| | | | | | 258aa04 procd: Add cached and available to memory table Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: allow usage of * as procd_running() instance parameterAlin Nastac2019-10-182-4/+4
| | | | | | | | | | | service_running() implementation in /etc/rc.common use it. It is preferable to use wildcard than assuming the instance name is the default one. jsonfilter returns all matches when wildcards are used, hence the -l 1 argument used to limit output to only one value. Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
* procd: update to the latest git HEADHauke Mehrtens2019-09-211-3/+3
| | | | | | | 8e9fb51 procd: Switch to nanosleep c844ace system: Fix possible integer overflows Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* procd: fix invalid JSON filter expression in procd_running()Jo-Philipp Wich2019-09-192-2/+2
| | | | | | | | | Since service and instance names may contain characters which are not allowed in JSON path labels, such as dashes or spaces, change the filter expression to array square bracket notation to properly match these cases as well. Fixes: 2c3dd70741 ("procd: add procd_running() helper for checking running state") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: update to the latest git HEADRafał Miłecki2019-09-181-3/+3
| | | | | | | 62dc8c0 system: sysupgrade: send reply on error 2710c65 system: refuse sysupgrade with backup if it's unsupported Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* base-files,procd: add generic service statusLuiz Angelo Daros de Luca2019-09-151-0/+25
| | | | | | | | | | | | | | Adds a default status action for init.d scripts. procd "service status" will return: 0) for loaded services (even if disabled by conf or dead) 3) for inactive services 4) when filtering a non-existing instance Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> [rebased, cleaned up] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* procd: update to the latest git HEADRafał Miłecki2019-09-111-3/+3
| | | | | | | | | b8238df sysupgrade: support "backup" attribute This update requires "sysupgrade" method callers to pass "backup" attribute if $UPGRADE_BACKUP is used in the project. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* procd: update to the latest git HEADRafał Miłecki2019-09-051-3/+3
| | | | | | | | | | 0f3c136 sysupgrade: set UPGRADE_BACKUP env variable 0bcbbbf system: fix uninitialized variables in firmware validation code This update includes a fix for uninitialized variable usage. Fixes: 7290963d0992 ("procd: update to the latest git HEAD") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* procd: update to the latest git HEADRafał Miłecki2019-09-041-3/+3
| | | | | | | | | | | | 34ac88c system: reject sysupgrade of invalid firmware images by default f55c235 system: reject sysupgrade of broken firmware images e990e21 system: add "validate_firmware_image" ubus method This update changes "sysupgrade" ubus method API. It's now required to pass "force" attribute whenever invalid firmware is meant to be installed. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* procd: fix compile issue with glibc (FS#2469)Hans Dedecker2019-08-281-3/+3
| | | | | | 0430252 sysupgrade: add missing _GNU_SOURCE define (FS#2469) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: update to latest git HEADRafał Miłecki2019-08-221-3/+3
| | | | | | 9558031 system: support passing "options" to the "sysupgrade" ubus method Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* procd: update to latest git HEAD (FS#2425)Hans Dedecker2019-08-071-3/+3
| | | | | | 8323690 state: fix shutdown when running in a container (FS#2425) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: update to latest git HEADHans Dedecker2019-07-131-2/+2
| | | | | | 31f0765 procd: check strchr() result before using it Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* treewide: fix syntax errors exposed after kconfig updateJo-Philipp Wich2019-06-201-1/+1
| | | | | | | | | | | | | | After commit e82a4d9cfb ("config: regenerate *_shipped sources") the mconf parser became more strict as a side effect and started to spew a series of warnings when evaluating our generated kconfig sources: tmp/.config-package.in:705:warning: ignoring unsupported character '@' The root cause of these warnings is a wrong use of the @SYMBOL dependency syntax in various Makefile. Fix the corresponding Makefiles by turning `@SYM||@SYM2` expressions into the proper `@(SYM||SYM2)` form. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: add direct dependencies on libblobmsg-json and libjson-cJo-Philipp Wich2019-06-201-1/+1
| | | | | | | | | | | | The OpenWrt buildroot ABI version rebuild tracker does not handle transient dependencies, therefor add all libraries linked by procd as direct dependencies to the corresponding binary package definition. This ensures that procd is automatically rebuilt and relinked if any of these libraries has its ABI_VERSION updated in the future. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: update to latest git HEADPetr Štetiar2019-05-301-3/+3
| | | | | | | ade00ca585a4 container: fix .dockerenv stat check 385b904b2f0a hotplug: improve error message during group ownership change Signed-off-by: Petr Štetiar <ynezz@true.cz>
* procd: update to latest git HEADPaul Spooren2019-05-291-3/+3
| | | | | | 7f0f6b2 procd: add docker support Signed-off-by: Paul Spooren <mail@aparcar.org>
* procd: fix compile issueHans Dedecker2019-05-091-3/+3
| | | | | | 1361b97 container: include stdbool.h Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: update to latest git HEADHans Dedecker2019-05-081-4/+4
| | | | | | 9b35439 procd: detect lxc container and behave accordingly Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: add procd_running() helper for checking running stateRafał Miłecki2019-05-022-1/+16
| | | | | | | | This should be helpful for implementing service_running() in procd init scripts. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Acked-by: John Crispin <john@phrozen.org>
* procd: update to latest git HEADHans Dedecker2019-05-021-2/+2
| | | | | | 01f3dc8 instance: dump user and group as well Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: allow passing optional group instance parameterMichael Heimpold2019-05-022-4/+5
| | | | | | | | | Sometimes is desirable to run a process with a specific group id instead of the default one which is derived from passwd entry. This can be achived now by using procd_set_param group $mygroup. Signed-off-by: Michael Heimpold <mhei@heimpold.de> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_SOURCE_VERSION update]
* procd: allow passing optional syslog facility as instance parameterMichael Heimpold2019-05-022-5/+8
| | | | | | | | | Optional syslog facility can be set by adding procd_set_param facility $myfacility. While at, also add stdout/stderr documentation. Signed-off-by: Michael Heimpold <mhei@heimpold.de> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_SOURCE_VERSION update]
* procd: update to latest git HEADHans Dedecker2019-04-291-3/+3
| | | | | | | cfaed56 procd: add SIGPWR as signal a30a8fd procd: copy the respawn property of new instance Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd/hotplug: add dependency to dialout and audio groupMartin Schiller2019-04-161-1/+2
| | | | | | | | | | | | | | | | Commit 6e060bd62c85 introduced a dependency to the dialout group. Adding this group to the "group" file in the base-files package is not enough to handle this dependency, because after a sysupgrade this entry will be missing in the "group" file. To address this problem the dependencies to the required groups needs to be set in the Makefile of the procd package. Then, the uci-default script "13_fix_group_user" will add the groups on first boot-up after a sysupgrade. Fixes: 6e060bd62c85 ("base-files/hotplug: fix dedicated group for tty devices") Tested-by: Michael Heimpold <mhei@heimpold.de> Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* procd: update to latest git HEADHans Dedecker2019-04-101-3/+3
| | | | | | baaf38c procd: instance: Support deleting stopped instances Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* base-files/hotplug: fix dedicated group for tty devicesMichael Heimpold2019-04-041-0/+4
| | | | | | | | | | | | | | | | | Commit 124ab1dc0a and 5523ee3459 introduced the assignment of the group "tty" to /dev/tty* devices in order to support unprivileged user access to serial devices. However, due to an improperly rebased commit this feature broke. This patch restores the lost hunk in hotplug.json file to re-introduce this feature and also renames the existing "tty" group to "dialout" as this is the more typical name for such a group on desktop systems. Fixes: 5209cfa534 ("procd: fix hotplug.json syntax") Signed-off-by: Michael Heimpold <mhei@heimpold.de> Acked-by: Jo-Philipp Wich <jo@mein.io>
* procd: Enable seccomp for powerpcWojciech Dubowik2019-03-111-4/+4
| | | | Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@neratec.com>
* procd: update to latest git HEADHans Dedecker2019-01-241-3/+3
| | | | | | e2b055e hotplug.c: Make sure hotplug buffer is NULL terminated Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: Add wrapper for uci_validate_section()Jeffery To2019-01-221-0/+17
| | | | | | | | | | | | | | | | | This adds a wrapper (uci_load_validate) for uci_validate_section() that allows callers (through a callback function) to access the values set by uci_validate_section(), without having to manually declare a (potentially long) list of local variables. The callback function receives two arguments when called, the config section name and the return value of uci_validate_section(). If no callback function is given, then the wrapper exits with the value returned by uci_validate_section(). This also updates several init scripts to use the new wrapper function. Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* procd: update to latest git HEADHans Dedecker2018-11-231-3/+3
| | | | | | d667354 early: set /tmp permissions explicitly Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: update to latest git HEADHans Dedecker2018-11-081-4/+4
| | | | | | 20192e4 watchdog: improve seting watchdog timeout and frequency Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: update to latest git HEADJohn Crispin2018-10-111-3/+3
| | | | | | 94944ab procd: Add cpu string to board detection Signed-off-by: John Crispin <john@phrozen.org>