aboutsummaryrefslogtreecommitdiffstats
path: root/package/system
Commit message (Collapse)AuthorAgeFilesLines
* rpcd: bump version to 2022-08-24Petr Štetiar2022-08-251-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | gcc 10 with -O2 reports following: In function ‘strncpy’, inlined from ‘rpc_sys_packagelist’ at /opt/devel/openwrt/c-projects/rpcd/sys.c:244:4: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 128 equals destination size [-Werror=stringop-truncation] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In function ‘strncpy’, inlined from ‘rpc_sys_packagelist’ at /opt/devel/openwrt/c-projects/rpcd/sys.c:227:4: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 128 equals destination size [-Werror=stringop-truncation] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Since it is not possible to avoid truncation by strncpy, it is necessary to make sure the result of strncpy is properly NUL-terminated and the NUL must be inserted explicitly, after strncpy has returned. References: #10442 Reported-by: Alexey Smirnov <s.alexey@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 34ddd2e545f068e4684ecce98c1da3a6c7c9b04a)
* rpcd: update to latest Git HEADJo-Philipp Wich2022-08-251-3/+3
| | | | | | | ae5afea ucode: parse ucode plugin scripts in raw mode, init search path Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit 66a360206e341abdd1e5560e9cb522d8e453b095)
* fstools: add uci fstab section to conffiles for package block-mountFlorian Eckert2022-08-121-0/+4
| | | | | | | | | | | The command 'opkg search /etc/config/fstab' does not return a package name for this config file. In order to know to which package this config file belongs to, a 'conffiles' entry was made for this file to package 'block-mount'. Signed-off-by: Florian Eckert <fe@dev.tdt.de> (cherry picked from commit 885f04b30556edddb9378c5e9eb561334e44ac7a) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* opkg: update to 2022-02-24Josef Schlehofer2022-07-171-3/+3
| | | | | | | | | | | Changes: 9c44557 opkg_remove: avoid remove pkg repeatly with option --force-removal-of-dependent-packages 2edcfad libopkg: set 'const' attribute for argv This should fix the CI error in the packages repository, which happens with perl. Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit e21fea92891fbdfb4eb14e9fe836530b6225cb1f)
* fstools: update to git HEADDaniel Golle2022-06-051-3/+3
| | | | | | | 93369be Revert "fstools: remove SELinux restorecon hack" Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit b641dadc1386146c4213ff6c5c443bad053a85d6)
* ubus: update to git HEADDaniel Golle2022-06-051-4/+4
| | | | | | | | 2f793a4 lua: add optional path filter to objects() method 2bebf93 ubusd: handle invoke on event object without data Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 1521d5f453683ca1aae87d025d2892901369ce0c)
* procd: update to git HEADDaniel Golle2022-06-051-3/+3
| | | | | | | | 557c98e init: selinux: don't relabel virtual filesystems 7a00968 init: only relabel rootfs if started from initramfs Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 4cbc26b212836973b22ae2a426de43325f893ee3)
* fstools: update to git HEADDaniel Golle2022-05-031-3/+3
| | | | | | | 9e11b37 fstools: remove SELinux restorecon hack Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 4509b790f09183b2ac757371f6d79052f232e4cd)
* procd: update to git HEADDaniel Golle2022-05-031-3/+3
| | | | | | | 652e6df init: restore SELinux labels after policy is loaded Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit fb011118664756ee33bf16a39bf6e73d02cc2d3f)
* selinux-policy: update to version 1.1Dominick Grift2022-05-031-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | try to clean up some labeling inconsistencies iwinfo loose ends ucode loose ends Makefile: adjust mintesttgt (adds blockmount/blockd) nftables: reads inherited netifd pipe ucode: reads inherited netifd pipes mountroot: fowner sandbox: writes inherited dropbear pipes unbound related to /tmp/etc/ssl unbound loose ends adds a sslconftmpfile for /tmp/etc/ssl README: maintain a wish list in the README iwinfo: netifd forgot write gptfdisk loose ends iwinfo: netifd wpad reads/writes inherited netifd fifo files netifd (mac80211.sh) executes iwinfo luci: executes wireguard luci-cgi: audits xtables execute access rcuhttpd: lists ssl certfile dirs iwinfo, wifi,nftables usage of ttyd pty if available urandomseed: seedrng needs cap_sys_admin iwinfo iwinfo, nftables and some chronyd rules related to ntp nts server nftables, wifi and adds iwinfo skel nftables, rpcd, ucode nftables, ucode and seedrng ucode, fw3/nftables, luci adds ucode skel and some fw3/nftables related urandomseed: some seedrng rules fw3 adds some support for fw4 urandomseed: /etc/seedrng is for seed.credit hotplugcal: runs ucode which is interpreter like adds a nftables skeleton and makes xtables optional agent: allow all agents to write inherited dropbear pipes urandomseed: this seems to be replaced by seedrng kmodloader: label /etc/modules.conf kmodloader.conffile Revert "shelexecfile: remove auditallow rule" Makefile: sort the modules to process by secilc Moves back to git.defensec.nl unbound odhcpd (ip) reads net proc tcp dump shelexecfile: remove auditallow rule rrd.cil: fixes indent Target rddtool from cgi-io instead of runnit it without transition rrd.cil related rrd, rpcd, cgiio clean ups related to luci-app-statistics Rules for rrd files and luci-statistics unboundcontrol ordering Several missing permissions blockmount, dnsmasq, hotplugcall, rpcd, unbound adds mctp_socket (linux 5.15) ip: forgot tc-tiny type transition to go along with the fc spec ip: adds a fc spec for tc-tiny (called by sqm) adds ttyACM fc spec and various assorted loose ends .gitattributes: do not export the github workflows workflow use selinux 3.3 project moved back to https://git.defensec.nl/selinux-policy.git Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry picked from commit 43794570986e33770d9039399d16a665f6c7c495)
* fstools: update to git HEADDaniel Golle2022-05-031-3/+3
| | | | | | | | | | | | | | f0fc66a libfstools: check for overlay mounting errors 128ecaf Update / fix extroot comments 8a0ba3b libfstools: get rid of "extroot_prefix" global variable 649cd3f libfstools: use variable for overlay mount-point 922f1b3 libfstools: avoid segfault in find_mount_point ce5eacb libfstools: mtd: improve error handling 898b328 blockd: restore device_move semantics 0917d22 block: don't probe mtdblock on NAND (with legacy exceptions) Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 4e8d095013fb822eaa4fd6b4512a434fc17ac901)
* procd: update to git HEADDaniel Golle2022-04-151-3/+3
| | | | | | | | | 6343c3a procd: completely remove tmp-on-zram support 5c5e63f uxc: fix potential NULL-pointer dereference eb03f03 jail: include necessary files for per-netns netifd instance Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 2c8873033e3c0b5a5e8f6080ea3a73fde6a55f39)
* openwrt-keyring: fix broken install stepPetr Štetiar2022-03-271-0/+1
| | | | | | | | | | In commit 2d03f27f0f07 ("openwrt-keyring: make opkg use 22.03 usign key") I've accidentally removed the `endef` keyword, so fix it by adding it back. Fixes: 2d03f27f0f07 ("openwrt-keyring: make opkg use 22.03 usign key") Reported-by: Hannu Nyman <hannu.nyman@iki.fi> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* openwrt-keyring: make opkg use 22.03 usign keyPetr Štetiar2022-03-271-4/+3
| | | | | | | | | | | | In order to make opkg usable with artifacts produced by project's buildbot: Downloading https://downloads.openwrt.org/releases/22.03-SNAPSHOT/packages/x86_64/luci/Packages.sig Signature check failed. Remove wrong Signature file. References: https://gitlab.com/openwrt/docker/-/jobs/2255191689 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* openwrt-keyring: add OpenWrt 22.03 GPG/usign keysPetr Štetiar2022-03-251-3/+3
| | | | | | | | 62471e693b4f usign: add 22.03 release build public key 70817cffc905 gpg: add OpenWrt 22.03 signing key Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 759886345d900139f38bd9200a32ce12868d3343)
* procd: move service command to procdFlorian Eckert2022-03-192-0/+31
| | | | | | | | The service command belongs to the procd and does not belong in the shinit. In the course of the move, the script was also checked with shellcheck and cleaned up. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* procd: remove support for mounting /tmp in zramRui Salvaterra2022-03-031-10/+1
| | | | | | | | | | | | | | | | | The /tmp directory is mounted as tmpfs. The tmpfs filesystem is backed by anonymous memory, which means it can be swapped out at any time, if there is memory pressure [1]. For this reason, a zram swap device is a much better choice than mounting /tmp on zram, since it's able to compress all anonymous memory, and not just the memory assigned to /tmp. We already have the zram-swap package for this specific purpose, which means procd's tmp-on-zram is both redundant and more limited. A follow-up patch will remove support for mounting /tmp in zram from procd itself. [1] https://www.kernel.org/doc/Documentation/filesystems/tmpfs.txt Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* ubus: bump to git HEADStijn Tintel2022-02-281-3/+3
| | | | | | | | 66baa44 libubus: introduce new status messages b3cd5ab cli: use UBUS_STATUS_PARSE_ERROR 584f56a cli: improve error logging for call command Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* iucode-tool: fix host-compile on macos and non-x86 linuxSergey V. Lobanov2022-02-262-1/+45
| | | | | | | | | | | | | | | | | | | | | | | iucode-tool/host is used by intel-microcode to manipulate with microcode.bin file. iucode-tool requires cpuid.h at compile time for autodection feature, but non-x86 build hosts does not have this header file (e.g. ubuntu 20.04 aarch64) or this header generates compile time error (#error macro) (e.g. macos arm64). This patch provides compat cpuid.h to build iucode-tool/host on non-x86 linux hosts and macos. CPU autodectection is not required for intel-microcode package build so compat cpuid.h is ok for OpenWrt purposes. glibc and argp lib are not present in macos so iucode-tool/host build fails. This patch adds argp-standalone/host as build dependency if host os is macos. Generated ucode (intel-microcode package) is exactly the same on Linux x86_64 (Ubuntu 20.04), Linux aarch64 (Ubuntu 20.04) and Darwin arm64 (MacOS 11.6) build hosts. Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
* procd: update to git HEADDaniel Golle2022-02-191-3/+3
| | | | | | | | | | a87d010 uxc: remove unused printf parameter ad65249 instance: exit in case asprintf() fails Build with glibc should again work after this commit. Fixes: e9e61d76fd ("procd: update to git HEAD") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2022-02-181-3/+3
| | | | | | | | df1123e uxc: add support for user-defined settings 0272c7c uxc: allow editing settings using 'create' a839518 uxc: clean up error handling Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: simplify uxc init scriptDaniel Golle2022-02-131-7/+1
| | | | | | | | 'uxc boot' is inteded to be called multiple times, so there is not need to guard the first call on boot -- the actual code anyway didn't do that, so just remove it. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* rpcd: update to latest Git HEADJo-Philipp Wich2022-02-071-5/+6
| | | | | | | | | 909f2a0 ucode: adjust to latest ucode api 4c532bf ucode: add ucode interpreter plugin 9c6ba38 treewide: adjust ubus object type names 75a96dc build: honour CMake install prefix in hardcoded paths Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ubox: fix broken deferred start of logfile writerDaniel Golle2022-01-311-9/+1
| | | | | | | | | Just use 'start' action which will have the desired effect instead of trying to introduce a 'start_file' action which didn't work that way because procd jshn magic would have to wrap around it. Fixes: 88baf6ce2c ("ubox: only start log to file when filesystem has been mounted") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: seccomp/jail: Fix build error on arm with glibcDaniel Golle2022-01-311-3/+3
| | | | | | | | | | | | | | | | | | From: Peter Lundkvist <peter.lundkvist@gmail.com> This fixes the make_syscall_h.sh script to recognize both __NR_Linux, used by mips, and __NR_SYSCALL_BASE and __ARM_NR_BASE used by arm. Run-tested on arm (ipq806x) and mips (ath79), both with glibc. Compile-tested and checked resulting syscall_names.h file wuth glibc: aarch64, powerpc, x86_64, i486 musl: arm, mips Fixes: FS#4194, FS#4195 Signed-off-by: Peter Lundkvist <peter.lundkvist@gmail.com> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ubox: only start log to file when filesystem has been mountedDaniel Golle2022-01-301-3/+25
| | | | | | | | | If log_file is on an filesystem mounted using /etc/config/fstab we have to wait for that to happen before starting the logread process. Inhibit the start of the file-writer process and use a mount trigger to fire it up once the filesystem actually becomes available. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: support generic mount triggers and clean upDaniel Golle2022-01-301-11/+9
| | | | | | | | Allow init scripts to trigger free-form actions by exposing procd_add_action_mount_trigger. Clean up mount trigger wrappers while at it to reduce code duplication. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2022-01-121-3/+3
| | | | | | | | | | ca6c35c uxc: usage message cosmetics e083dd4 uxc: fix two minor issues reported by Coverity 35dfbff procd: jail/cgroups: correctly enable "rdma" when requested 3b3ac64 procd: mount /dev with noexec ac2b8b3 procd: clean up /dev/pts mounts Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* opkg: update to git HEAD of 2022-01-09Daniel Golle2022-01-091-3/+3
| | | | | | | | | | db7fb64 libopkg: pkg_hash: prefer to-be-installed packages 2edcfad libopkg: set 'const' attribute for argv This should fix the ImageBuilder problems people are having since we introduced the 'uci-firewall' providers. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-12-202-17/+3
| | | | | | | | eb522fc uxc: consider uvol and etc location for configurations 16a6ee9 uxc: integrate console into uxc 129d050 remove ujail-console Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-12-111-3/+3
| | | | | | bb95fe8 jail: make sure jailed process is terminated Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ca-certificates: fix python3-cryptography woes in certdata2pem.pyChristian Lamparter2021-12-011-0/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch is a revert of the upstream patch to Debian's ca-certificate commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.") The reason is, that this change broke builds with the popular Ubuntu 20.04 LTS (focal) releases which are shipping with an older version of the python3-cryptography package that is not compatible. |Traceback (most recent call last): | File "certdata2pem.py", line 125, in <module> | cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) |TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend' |make[5]: *** [Makefile:6: all] Error 1 ...or if the python3-cryptography was missing all together: |Traceback (most recent call last): | File "/certdata2pem.py", line 31, in <module> | from cryptography import x509 |ModuleNotFoundError: No module named 'cryptography' More concerns were raised by Jo-Philipp Wich: "We don't want the build to depend on the local system time anyway. Right now it seems to be just a warning but I could imagine that eventually certs are simply omitted of found to be expired at build time which would break reproducibility." Link: <https://github.com/openwrt/openwrt/commit/7c99085bd697> Reported-by: Chen Minqiang <ptpt52@gmail.com> Reported-by: Shane Synan <digitalcircuit36939@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ca-certicficates: Update to version 20211016Christian Lamparter2021-11-301-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the ca-certificates and ca-bundle package from version 20210119 to version 20211016. Debian change-log entry [1]: |[...] |[ Julien Cristau ] |* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority | bundle to version 2.50 | The following certificate authorities were added (+): | + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS" | + "GlobalSign Root R46" | + "GlobalSign Root E46" | + "GLOBALTRUST 2020" | + "ANF Secure Server Root CA" | + "Certum EC-384 CA" | + "Certum Trusted Root CA" | The following certificate authorities were removed (-): | - "QuoVadis Root CA" | - "Sonera Class 2 Root CA" | - "GeoTrust Primary Certification Authority - G2" | - "VeriSign Universal Root Certification Authority" | - "Chambers of Commerce Root - 2008" | - "Global Chambersign Root - 2008" | - "Trustis FPS Root CA" | - "Staat der Nederlanden Root CA - G3" | * Blacklist expired root certificate "DST Root CA X3" (closes: #995432) |[...] [1] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20211016_changelog> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* procd: setup /dev/stdin, /dev/stdout and /dev/stderr symlinksJo-Philipp Wich2021-11-231-1/+11
| | | | | | | | Extend the hotplug.json ruleset to setup the common /dev/std{in,out,err} symbolic links which are needed by some applications, e.g. nftables when applying rulesets from stdin. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: update to git HEADDaniel Golle2021-11-231-3/+3
| | | | | | | | | 8de12de system: add diskfree infos to ubus bf3fe0e service: move jail parsing to end of instance parser 87b5836 procd: add full service shutdown prior to sysupgrade 01ac2c4 procd: service_stop_all: also kill inittab actions Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: update to git HEADDaniel Golle2021-11-201-3/+3
| | | | | | 77c0288 fstools: fix a couple of minor code problems Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-11-111-3/+3
| | | | | | | | | | 9d1431e jail: allow passing environment variable to procd jailed process Fixes dnsmasq in ujail which needs USER_SCRIPT env variable to be passed to jailed process. Reported-by: Bastian Bittorf <bb@npl.de> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* rpcd: reload rpcd on installation of rpcd-mod-*Daniel Golle2021-11-081-1/+6
| | | | | | | | | | When installing additional rpcd modules, a restart of rpcd is required. This often confuses users as even after installing rpcd-mod-rpcsys the relevant ubus objects are still missing until rpcd has been reloaded (or the system has been rebooted, obviously). Let rpcd-mod-* reload rpcd as post-install action. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: make rpcd dependency conditionalFelix Fietkau2021-11-041-1/+1
| | | | | | Avoids building rpcd when not needed Signed-off-by: Felix Fietkau <nbd@nbd.name>
* procd: bump to git HEADStijn Tintel2021-11-041-3/+3
| | | | | | 0ee8e73 trigger: use uloop_timeout_remaining64 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* rpcd: bump to git HEADStijn Tintel2021-11-041-3/+3
| | | | | | | 20bf958 session: use uloop_timeout_remaining64 d11ffe9 session: use blobmsg_get_u64 for RPC_DUMP_EXPIRES Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* procd: update to git HEADDaniel Golle2021-11-011-3/+3
| | | | | | | 1056fc4 jail: elf: Use 64 bit variables for elf offsets c1976e5 jail: elf: Remove MIPS 64 warning Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: update to git HEADDaniel Golle2021-11-011-3/+3
| | | | | | | 19fd7fc libfstools: make sure file is closed on error d390744 libfstools: use uevent instead of relying on custom kernel patch Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ubus: update to the latest versionFelix Fietkau2021-11-011-3/+3
| | | | | | | | | b743a331421d ubusd: log ACL init errors 2099bb3ad997 libubus: use list_empty/list_first_entry in ubus_process_pending_msg ef038488edc3 libubus: process pending messages in data handler if stack depth is 0 a72457b61df0 libubus: increase stack depth for processing obj msgs Signed-off-by: Felix Fietkau <nbd@nbd.name>
* selinux-policy: update to version 1.0Dominick Grift2021-10-281-3/+3
| | | | | | | | | | | | | | | | | wifi: writes to terminal hotplugcall and sqm read class sysfile symlinks unbound and sqm related loose ends support/example: policycoreutils host-compile is required TODO: this was wrong and it is actually needed linguist detectable does not work this way linguist-detectable updates README adds workflows adds a note about persistent /var option project moved to https://github.com/DefenSec/selinux-policy Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* uci: update to git HEADHauke Mehrtens2021-10-221-3/+3
| | | | | | cmake: Allow override of install directories Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* procd: update to git HEADHauke Mehrtens2021-10-221-3/+3
| | | | | | jail: Fix build with glibc Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* procd: update to git HEADDaniel Golle2021-10-171-3/+3
| | | | | | | | | 9b1e035 jail: netifd: code cosmetics d2a2ecc jail: netifd: fix error handling issue reported by coverity e1d7cee jail: netifd: check target netns fd before using it 59f7699 uxc: add missing 'break' statement Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* buildsystem: add CONFIG_SECCOMPFlorian Eckert2021-10-161-2/+1
| | | | | | | | | | | | | | | | | | | | | Until now, this feature was switched on via the kernel configuration option KERNEL_SECCOMP. The follwing change a7f794cd2aa104fdbd4c6e38f9b76373bf9b96e1 now requires that the package procd-seccomp must also enabled for buildinmg. However, this is not the case we have no dependency and the imagebuilder cannot build the image, because of the implicit package selection. This change adds a new configuration option CONFIG_SECCOMP. The new option has the same behaviour as the configuration option CONFIG_SELINUX. If the CONFIG_SECCOMP is selected then the package procd-seccomp and KERNEL_SECCOMP is enabled for this build. Signed-off-by: Florian Eckert <fe@dev.tdt.de> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2021-10-131-4/+4
| | | | | | | | | | | | | | 97bcdcf uxc: fix segfault caused by use-after-free 6398e05 uxc: don't free the stack 324ebd0 jail: fs: add support for asymmetric mount bind c44ab7f jail: netifd: generate netifd uci config and mount it 82dd390 jail: make use of per-container netifd via ubus The new per-jail netifd is now configured by filtering the host network configuration. As libuci is used for that, procd-ujail now depends on libuci. Signed-off-by: Daniel Golle <daniel@makrotopia.org>