diff options
author | Daniel Golle <daniel@makrotopia.org> | 2020-11-17 13:11:16 +0000 |
---|---|---|
committer | Daniel Golle <daniel@makrotopia.org> | 2020-11-17 13:12:37 +0000 |
commit | 01b83040d3a9f6f30199c2fe8f0ceb1bc05e76cf (patch) | |
tree | cbe9b79eb816eff836b9125a89750004a2871aa6 | |
parent | 62a3430f9ba648ec2508e8f539b2e1dc1797668a (diff) | |
download | upstream-01b83040d3a9f6f30199c2fe8f0ceb1bc05e76cf.tar.gz upstream-01b83040d3a9f6f30199c2fe8f0ceb1bc05e76cf.tar.bz2 upstream-01b83040d3a9f6f30199c2fe8f0ceb1bc05e76cf.zip |
umdns: convert seccomp filter rules to OCI format
procd-seccomp switched to OCI-compliant seccomp parser instead of our
(legacy, OpenWrt-specific) format. Convert ruleset to new format.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
-rw-r--r-- | package/network/services/umdns/Makefile | 2 | ||||
-rw-r--r-- | package/network/services/umdns/files/umdns.json | 71 |
2 files changed, 42 insertions, 31 deletions
diff --git a/package/network/services/umdns/Makefile b/package/network/services/umdns/Makefile index f02177dca2..d8cd9ae749 100644 --- a/package/network/services/umdns/Makefile +++ b/package/network/services/umdns/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=umdns -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_URL=$(PROJECT_GIT)/project/mdnsd.git PKG_SOURCE_PROTO:=git diff --git a/package/network/services/umdns/files/umdns.json b/package/network/services/umdns/files/umdns.json index c22ba6f5fb..db62f5f36d 100644 --- a/package/network/services/umdns/files/umdns.json +++ b/package/network/services/umdns/files/umdns.json @@ -1,32 +1,43 @@ { - "whitelist": [ - "read", - "write", - "open", - "close", - "time", - "brk", - "ioctl", - "uname", - "bind", - "connect", - "getsockname", - "recvmsg", - "sendmsg", - "sendto", - "setsockopt", - "socket", - "poll", - "fcntl64", - "epoll_create", - "epoll_ctl", - "epoll_wait", - "rt_sigaction", - "sigreturn", - "rt_sigreturn", - "exit_group", - "exit", - "clock_gettime" - ], - "policy": 1 + "defaultAction": "SCMP_ACT_KILL_PROCESS", + "syscalls": [ + { + "names": [ + "read", + "write", + "open", + "close", + "time", + "brk", + "ioctl", + "uname", + "bind", + "connect", + "getsockname", + "recvmsg", + "recvfrom", + "sendmsg", + "sendto", + "setsockopt", + "socket", + "pipe", + "poll", + "fcntl64", + "epoll_create", + "epoll_create1", + "epoll_ctl", + "epoll_wait", + "epoll_pwait", + "rt_sigaction", + "sigreturn", + "rt_sigreturn", + "rt_sigprocmask", + "exit_group", + "exit", + "fcntl", + "clock_gettime" + ], + "action": "SCMP_ACT_ALLOW" + } + ] } |