procd: jail: fix segfault and add console feature

2e73848 jail: SIGSEGV must not be forwarded to the child process
 7e150f6 jail: unnamed jails can not have netns (fix segfault)
 1ab539b jail: add option to provide /dev/console to containers

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This commit is contained in:
Daniel Golle 2020-04-13 03:19:01 +01:00
parent 2f7118712e
commit 8097fd4d5f
2 changed files with 17 additions and 3 deletions

View File

@ -12,9 +12,9 @@ PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(PROJECT_GIT)/project/procd.git PKG_SOURCE_URL=$(PROJECT_GIT)/project/procd.git
PKG_SOURCE_DATE:=2020-04-25 PKG_SOURCE_DATE:=2020-05-15
PKG_SOURCE_VERSION:=17e7ae769a4739e4b41a93f588d52cfd216b8eb2 PKG_SOURCE_VERSION:=1ab539b3a8a0070b493112c8263ab380a689db66
PKG_MIRROR_HASH:=6763cb63a53222d44be3b1ef238f3b9198d31fd533534abbbdc02202d3ef88e0 PKG_MIRROR_HASH:=fcc9fb1a046dbbea776ab1ca616c885e73d6a0a35c2278b8fddcc7e42d6b8647
CMAKE_INSTALL:=1 CMAKE_INSTALL:=1
PKG_LICENSE:=GPL-2.0 PKG_LICENSE:=GPL-2.0
@ -56,6 +56,13 @@ define Package/procd-ujail
TITLE:=OpenWrt process jail helper TITLE:=OpenWrt process jail helper
endef endef
define Package/procd-ujail-console
SECTION:=base
CATEGORY:=Base system
DEPENDS:=+procd-ujail +libubus +libubox
TITLE:=OpenWrt process jail console
endef
define Package/procd-seccomp define Package/procd-seccomp
SECTION:=base SECTION:=base
CATEGORY:=Base system CATEGORY:=Base system
@ -110,6 +117,11 @@ define Package/procd-ujail/install
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ujail $(1)/sbin/ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ujail $(1)/sbin/
endef endef
define Package/procd-ujail-console/install
$(INSTALL_DIR) $(1)/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ujail-console $(1)/sbin/
endef
define Package/procd-seccomp/install define Package/procd-seccomp/install
$(INSTALL_DIR) $(1)/sbin $(1)/lib $(INSTALL_DIR) $(1)/sbin $(1)/lib
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libpreload-seccomp.so $(1)/lib $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libpreload-seccomp.so $(1)/lib
@ -120,4 +132,5 @@ endef
$(eval $(call BuildPackage,procd)) $(eval $(call BuildPackage,procd))
$(eval $(call BuildPackage,procd-ujail)) $(eval $(call BuildPackage,procd-ujail))
$(eval $(call BuildPackage,procd-ujail-console))
$(eval $(call BuildPackage,procd-seccomp)) $(eval $(call BuildPackage,procd-seccomp))

View File

@ -198,6 +198,7 @@ _procd_add_jail() {
netns) json_add_boolean "netns" "1";; netns) json_add_boolean "netns" "1";;
userns) json_add_boolean "userns" "1";; userns) json_add_boolean "userns" "1";;
cgroupsns) json_add_boolean "cgroupsns" "1";; cgroupsns) json_add_boolean "cgroupsns" "1";;
console) json_add_boolean "console" "1";;
esac esac
done done
json_add_object "mount" json_add_object "mount"