| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
This is needed for ksh/bash style process substitution such as
<(command) and >(command) which was introduced in ash as of busybox
version 1.34.0 to work.
Signed-off-by: Erik Karlsson <erik.karlsson@genexis.eu>
(cherry picked from commit fdce970dbb47a6f91b08bdac21a098e77926549f)
|
| |
|
|
|
|
|
|
| |
122a5e3 Revert "sysupgrade: print errno on failure"
2db8365 system: add RISC-V CPU info
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 359638098742d7573ff422f6dc7125c89086072b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reduces open coding and allows to easily add a knob to enable
it treewide, where chosen packages can still opt-out via "no-lto".
Some packages used LTO, but not the linker plugin. This unifies 'em
all to attempt to produce better code.
Quoting man gcc(1):
"This improves the quality of optimization by exposing more code to the
link-time optimizer."
Also use -flto=auto instead of -flto=jobserver, as it's not guaranteed
that every buildsystem uses +$(MAKE) correctly.
Signed-off-by: Andre Heider <a.heider@gmail.com>
|
| |
|
|
|
|
|
|
| |
04d7570 jail: fs: don't overwrite existing mount target
6b9629b jail: don't assume positive return value of creat
190f13a init: attempt to mount efivarfs
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The libraries libpthread, libdl, libutil, libanl have been integrated
into the libc library in version 2.34. it is not needed to explicitly
link them any more.
Most of the functions have been moved from the librt.so into libc.so
some time ago already.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
| |
24f6bc4 jail: correctly check for null pointer
93b2c2d jail: ignore missing .dynamic sect
039b88f sysupgrade: print errno on failure
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
| |
ef5d3e3 jail: fix various ignoring return value compilation warning
8e4a956 jail: add WARNING macro to log non critical warning message
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
|
|
| |
557c98e init: selinux: don't relabel virtual filesystems
7a00968 init: only relabel rootfs if started from initramfs
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
652e6df init: restore SELinux labels after policy is loaded
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
| |
6343c3a procd: completely remove tmp-on-zram support
5c5e63f uxc: fix potential NULL-pointer dereference
eb03f03 jail: include necessary files for per-netns netifd instance
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
| |
The service command belongs to the procd and does not belong in the
shinit. In the course of the move, the script was also checked with
shellcheck and cleaned up.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The /tmp directory is mounted as tmpfs. The tmpfs filesystem is backed by
anonymous memory, which means it can be swapped out at any time, if there is
memory pressure [1]. For this reason, a zram swap device is a much better
choice than mounting /tmp on zram, since it's able to compress all anonymous
memory, and not just the memory assigned to /tmp. We already have the zram-swap
package for this specific purpose, which means procd's tmp-on-zram is both
redundant and more limited.
A follow-up patch will remove support for mounting /tmp in zram from procd
itself.
[1] https://www.kernel.org/doc/Documentation/filesystems/tmpfs.txt
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
a87d010 uxc: remove unused printf parameter
ad65249 instance: exit in case asprintf() fails
Build with glibc should again work after this commit.
Fixes: e9e61d76fd ("procd: update to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
| |
df1123e uxc: add support for user-defined settings
0272c7c uxc: allow editing settings using 'create'
a839518 uxc: clean up error handling
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From: Peter Lundkvist <peter.lundkvist@gmail.com>
This fixes the make_syscall_h.sh script to recognize both
__NR_Linux, used by mips, and __NR_SYSCALL_BASE and
__ARM_NR_BASE used by arm.
Run-tested on arm (ipq806x) and mips (ath79), both with glibc.
Compile-tested and checked resulting syscall_names.h file wuth
glibc: aarch64, powerpc, x86_64, i486
musl: arm, mips
Fixes: FS#4194, FS#4195
Signed-off-by: Peter Lundkvist <peter.lundkvist@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
| |
ca6c35c uxc: usage message cosmetics
e083dd4 uxc: fix two minor issues reported by Coverity
35dfbff procd: jail/cgroups: correctly enable "rdma" when requested
3b3ac64 procd: mount /dev with noexec
ac2b8b3 procd: clean up /dev/pts mounts
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
| |
eb522fc uxc: consider uvol and etc location for configurations
16a6ee9 uxc: integrate console into uxc
129d050 remove ujail-console
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
bb95fe8 jail: make sure jailed process is terminated
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
| |
8de12de system: add diskfree infos to ubus
bf3fe0e service: move jail parsing to end of instance parser
87b5836 procd: add full service shutdown prior to sysupgrade
01ac2c4 procd: service_stop_all: also kill inittab actions
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
| |
9d1431e jail: allow passing environment variable to procd jailed process
Fixes dnsmasq in ujail which needs USER_SCRIPT env variable to be
passed to jailed process.
Reported-by: Bastian Bittorf <bb@npl.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
Avoids building rpcd when not needed
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
| |
0ee8e73 trigger: use uloop_timeout_remaining64
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| |
|
|
|
|
|
| |
1056fc4 jail: elf: Use 64 bit variables for elf offsets
c1976e5 jail: elf: Remove MIPS 64 warning
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
jail: Fix build with glibc
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
| |
9b1e035 jail: netifd: code cosmetics
d2a2ecc jail: netifd: fix error handling issue reported by coverity
e1d7cee jail: netifd: check target netns fd before using it
59f7699 uxc: add missing 'break' statement
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Until now, this feature was switched on via the kernel configuration
option KERNEL_SECCOMP.
The follwing change a7f794cd2aa104fdbd4c6e38f9b76373bf9b96e1 now requires that
the package procd-seccomp must also enabled for buildinmg.
However, this is not the case we have no dependency and the imagebuilder
cannot build the image, because of the implicit package selection.
This change adds a new configuration option CONFIG_SECCOMP.
The new option has the same behaviour as the configuration
option CONFIG_SELINUX.
If the CONFIG_SECCOMP is selected then the package procd-seccomp and
KERNEL_SECCOMP is enabled for this build.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
97bcdcf uxc: fix segfault caused by use-after-free
6398e05 uxc: don't free the stack
324ebd0 jail: fs: add support for asymmetric mount bind
c44ab7f jail: netifd: generate netifd uci config and mount it
82dd390 jail: make use of per-container netifd via ubus
The new per-jail netifd is now configured by filtering the host
network configuration. As libuci is used for that, procd-ujail now
depends on libuci.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
8a60e7e trace: don't leak file descriptor in error path
68df9ac procd: fix container deletion
f16abe0 uxc: add JSON output option for 'list' command
a23c888 jail: prepare for adding process to existing namespace
50da8a4 instance: allow jailed service to join namespace(s)
482d1ab Revert "jail: do not hack /etc/resolv.conf on container rootfs"
1eb4371 jail: start ubus and netifd instances for container with netns
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The previous procd update broke mounting overlayfs in an attempt to
fix an off-by-one error. Revert that broken fix and apply fix from
Nick Hainke <vincent@systemli.org> instead to bring things back to
life.
20adf53 Revert "initd: fix off-by-one error in mkdev.c"
773e8da initd: fix off-by-one error in mkdev.c
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
| |
96d8bf2 trace: fix potential use-after-free occurence
8eb1d78 initd: fix off-by-one error in mkdev.c
86f82f3 utils: don't ignore open() return value
f5fe04b jail: actually check calloc return value
269c9e4 trace: preload: avoid NULL-dereference here as well
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
| |
df251c2 uxc: move mountpoint of persistent config to /var/run/uxc
e5b38fd trace: free memory allocated by blobmsg_format_json_indent()
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
8a8306d uxc.c: fix coverity resource leak warning
7f2398e jail: devices: create parent folder when creating devices
0603c8d jail: return to hook callback instead of just calling it
3edb7eb jail: check return value when opening console
af048a3 jail: use portable sizeof(void *)
6010bd3 utils: make sure read() string is 0 terminated
f6daca3 uxc: free string returned by blobmsg_format_json_indent()
51f1cd2 trace: free string returned by blobmsg_format_json_indent()
d716cb5 trace: handle open() return value and make sure string is terminated
b824a89 jail: preload: avoid NULL-dereference in case things go wrong
167dc24 jail: protect against strcat buffer overflows
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
procd.sh:
Instead of triggering on every mount.add event, there should be no
mount trigger at all in case none of the directories passed to
procd_add_*_mount_trigger() are located on a mountpoint configured in
/etc/config/fstab.
uxc:
add missing dependency on rpcd.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
| |
040fecc system: fix issues reported by Coverity
48f481b service: make sure string read is null terminated
16dbc2a uxc: fix a bunch of issues discovered by Coverity
ff9002f uxc: fix help output
104b49d uxc: support config in uvol
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
| |
48638ad hotplug-dispatch: yet another rare memory leak disovered by Coverity
459b3e8 jail: fix several issues discovered by Coverity
2562e2b ujail-console: add missing error handling discovered by coverity
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
9f233f5 system: make rootfs type accessible through board call
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
e10de28 jail: cgroups-bpf: fix compile with musl 1.2
f5d9b14 hotplug-dispatch: fix rare memory leaks in error paths
Add new init script helpers:
procd_add_start_mount_trigger
procd_add_reload_mount_trigger
procd_get_mountpoints
Both trigger helpers expect a list of paths which are checked against
the mount targets configured in /etc/config/fstab and a trigger for all
mountpoints covered by the list of paths is setup.
procd_get_mountpoints is useful to find out if and which mountpoints
are covered by a list of paths.
Example:
DATADIRS="/mnt/data/foo /mnt/data/bar /etc/foo/baz /var/lib/doe"
start_service() {
[ "$_BOOT" = "1" ] &&
[ "$(procd_get_mountpoints $DATADIRS)" ] && return 0
procd_open_instance
# ...
procd_close_instance
}
boot() {
_BOOT=1 start
}
service_triggers() {
procd_add_start_mount_trigger $DATADIRS
}
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix build on glibc targets and address a bunch of compiler warnings.
93fc089 jail: cgroups-bpf: don't use sys/reg.h when building with glibc
548d057 jail: don't ignore return value of seteuid()
220b716 jail: ignore return value when creating default /dev symlinks
78d5baa hotplug-dispatch: don't ignore asprintf() return value
736aee5 uxc: always handle asprintf() return value
2b20456 hotplug-dispatch: replace wrongly used assert()
bfc86a2 jail: cgroups: replace wrongly used assert()
516bdf2 jail: don't ignore return value of write()
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
f26233e watchdog: Add an info message if the watchdog reset the system
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
| |
772292e uxc: don't restart containers when mount shows up
3a9d910 uxc: resolve volume UUIDs by name of UCI fstab section
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
9bd1b7f jail: refactor directory handling for rootfs and overlaydir
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
0545905 jail: make use of realpath() for rootfs and overlaydir
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
0ee73b2 uxc: implement support for rootfs overlay in containers
b0a8ea1 jail: do not hack /etc/resolv.conf on container rootfs
92aba53 jail: increase max additional env records to 64
15997e6 jail: allow rootfs to be a symbolic link
0114c6f jail: open() extroot folder before mounting
ed96eda uxc: check for required blockd mounts
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
2dcefbd jail: add support for cgroup devices as in OCI run-time spec
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before this commit, it was assumed that mkhash is in the PATH. While
this was fine for the normal build workflow, this led to some issues if
make TOPDIR="$(pwd)" -C "$pkgdir" compile
was called manually. In most of the cases, I just saw warnings like this:
make: Entering directory '/home/.../package/gluon-status-page'
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
[...]
While these were only warnings and the package still compiled sucessfully,
I also observed that some package even fail to build because of this.
After applying this commit, the variable $(MKHASH) is introduced. This
variable points to $(STAGING_DIR_HOST)/bin/mkhash, which is always the
correct path.
Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
|
| |
|
|
|
|
| |
021ece8 procd: Use /dev/console for serial console if exists
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
7ee4563 procd: Adding support to detect Pantavisor Container Platform
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
| |
Enable seccomp features on Aarch64.
3e88c6f jail/seccomp: add support for aarch64
c23d8bf trace: fix build on aarch64
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
| |
945d0d7 utils: fix C style in header file
2cfc26f inittab: detect active console from kernel if no console= specified
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
64e9f3a procd: fix compilation with newer musl
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
