e2ed964 jail: don't fail unless requirejail is set
17e7ae7 jail: don't load libpreload-seccomp.so if it doesn't exist
Fixesopenwrt/packages#11913
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
32c717e jail: only mess with rootfs if CLONE_NEWNS was set
b275a62 instance: harmonize instance API
511fd97 jail: make /proc more secure
4953b7c jail: mount /sys read-only
a4d6442 jail: replace /etc/resolv.conf with symlink in extroot+overlay
a4cc165 jail: always mount /dev as additional tmpfs
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2188d81 jail: add support for launching extroot containers
6f3dbd2 jail: add support for userns and cgroupsns
28a06e5 jail: add support for (ram-)overlayfs
Add handling for extroot, overlaydir and tmpoverlaysize as well as
jail flags for userns and cgroupsns to OpenWrt's shell script to
allow their use in init scripts.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When support for network namespaces was added to procd, adding the
corresponding jail flag in procd.sh was ommitted. Add it now.
Fixes: 97a03a4760 ("procd: update to latest git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Bump procd package to reduce log spam related to missing jail binaries
in a non-jail capable system.
bcb8655 instance: add 'requirejail' attribute
An additional jail attribute 'requirejail' can now be used to indicate
mandatory use of a jailed environment and hence prevent process startup
in the event that the jail subsystem is unavailable.
Procd will now only log errors if jail is unavailable and 1) is a mandatory
requirement or 2) a procd debug level of at least 2 is in use.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
58c12f7 jail: add basic support for network namespaces
ba69639 jail: create resolv.conf symlink for netns jails
81b88b1 jail: more strict mount options for /tmp/resolv.conf.d/
Add new 'netns' flag for procd_add_jail to make ujail setup a new
network namespace for the jailed service.
See previous netifd commit for example configuration for netns jailed
service.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This activates PIE ASLR support by default when the regular option is
selected.
Size increase on x86/64:
procd Installed-Size: 44931 -> 47362
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Setting user and group for a jailed process caused the jail not to
come up. Fix this by passing user and group to ujail and change
user only once the jail has been setup.
This allows jailing services which refuse to run as root user.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Now that 'start-console' procd command has reached the main repo,
we can add a rule to start consoles on serial devices which are
created when USB gadget driver reports creation with hotplugging.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
service_running() implementation in /etc/rc.common use it.
It is preferable to use wildcard than assuming the instance
name is the default one.
jsonfilter returns all matches when wildcards are used, hence
the -l 1 argument used to limit output to only one value.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Since service and instance names may contain characters which are not allowed
in JSON path labels, such as dashes or spaces, change the filter expression
to array square bracket notation to properly match these cases as well.
Fixes: 2c3dd70741 ("procd: add procd_running() helper for checking running state")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
b8238df sysupgrade: support "backup" attribute
This update requires "sysupgrade" method callers to pass "backup"
attribute if $UPGRADE_BACKUP is used in the project.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
0f3c136 sysupgrade: set UPGRADE_BACKUP env variable
0bcbbbf system: fix uninitialized variables in firmware validation code
This update includes a fix for uninitialized variable usage.
Fixes: 7290963d09 ("procd: update to the latest git HEAD")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
After commit e82a4d9cfb ("config: regenerate *_shipped sources") the mconf
parser became more strict as a side effect and started to spew a series of
warnings when evaluating our generated kconfig sources:
tmp/.config-package.in:705:warning: ignoring unsupported character '@'
The root cause of these warnings is a wrong use of the @SYMBOL dependency
syntax in various Makefile. Fix the corresponding Makefiles by turning
`@SYM||@SYM2` expressions into the proper `@(SYM||SYM2)` form.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The OpenWrt buildroot ABI version rebuild tracker does not handle
transient dependencies, therefor add all libraries linked by procd
as direct dependencies to the corresponding binary package definition.
This ensures that procd is automatically rebuilt and relinked
if any of these libraries has its ABI_VERSION updated in the
future.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
ade00ca585a4 container: fix .dockerenv stat check
385b904b2f0a hotplug: improve error message during group ownership change
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This should be helpful for implementing service_running() in procd init
scripts.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: John Crispin <john@phrozen.org>
Sometimes is desirable to run a process with a specific group id
instead of the default one which is derived from passwd entry.
This can be achived now by using procd_set_param group $mygroup.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_SOURCE_VERSION update]
Optional syslog facility can be set by adding procd_set_param facility
$myfacility.
While at, also add stdout/stderr documentation.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_SOURCE_VERSION update]
Commit 6e060bd62c introduced a dependency to the dialout group.
Adding this group to the "group" file in the base-files package is not
enough to handle this dependency, because after a sysupgrade this entry
will be missing in the "group" file.
To address this problem the dependencies to the required groups needs to
be set in the Makefile of the procd package.
Then, the uci-default script "13_fix_group_user" will add the groups
on first boot-up after a sysupgrade.
Fixes: 6e060bd62c ("base-files/hotplug: fix dedicated group for tty devices")
Tested-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
e29966f Allow disabling seccomp or changing the whitelist
5f57223 trace: Use properly sized type for PTRACE_GETEVENTMSG
747efb6 procd: fix ustream deadlock when there are 0 bytes or no newlines
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Changes since last version
dfb68f8 service: initialize supplementary group ids
3db4e6d service: add func for string config change check
c3faabe procd: get rid of putenv usage.
The supplementary group id change fixes FS#988
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This fixes the following errors when doing "make package/install"
/home/yousong/git-repo/lede-project/lede/build_dir/target-mips_24kc_musl/root-malta/lib/functions/procd.sh: line 47: /home/yousong/git-repo/l
ede-project/lede/build_dir/target-mips_24kc_musl/root-malta/var/lock/procd_urandom_seed.lock: No such file or directory
flock: 1000: Bad file descriptor
Fixes FS#1260
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Usage documentation for 'procd_send_signal' states "The signal is SIGHUP
by default, and must be specified by NAME." Make actual behaviour match
the stated documented behaviour.
https://wiki.openwrt.org/inbox/procd-init-scripts
Suggested-by: Jo-Philip Wich <jow@mein.io>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
a5954cf procd: Add %m to several functions that return errno.
810d7a5 procd: Remove redundant errno variable in several printf functions.
fa5ce1c procd: Replace strerror(errno) with %m.
Signed-off-by: John Crispin <john@phrozen.org>
Without this change, when a user disables seccomp support in .config,
procd does not get recompiled unless the package is cleaned manually.
It is because when -D option is missing from cmake command line, cmake
uses cached value from the previous run where seccomp was enabled.
Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
ee582d1 instance: properly compare and reload respawn config
260a4cd utrace: Start the tracee only after uloop initialization
520ad3c utrace: Switch all logging to ulog
1c48104 utrace: Support non-contiguous syscall numbers
582cf97 utrace: Forward SIGTERM to the traced process
32534f7 utrace: Report ptrace errors
ccde3fb seccomp: Improve error message
7f9b174 preload-seccomp: Use proper log level for error messages
e3c4302 Start seccomp-enabled services via seccomp-trace
5e4ad02 seccomp: Log seccomp violations with utrace
2661b2f utrace: Use PTHREAD_SEIZE instead of PTHREAD_TRACEME
b5d53c6 utrace: Deliver signals to traced processes
b416ed9 utrace: Support tracing multi-threaded processes and vfork
8b7d47a utrace: Trace processes across forks
c6b6ec6 utrace: Sort syscalls by number of invocations
592c532 Update trace attribute
c8faedc Do not disable seccomp when configuration is not found
017f3a1 utrace: Fix off-by-one errors
5acaf15 utrace: Fix environment initialization
Signed-off-by: John Crispin <john@phrozen.org>
Expose "term_timeout" parameter in procd.sh to allow init scripts to
request a longer termination timeout.
This is required to fix FS#859 in a later commit.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Adjust default permissions and ownership of /dev/tty* nodes from
0600/root:root to 0660/root:tty in order to support granting
unprivileged user access when needed.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
453116e system: introduce new attribute board_name
e5b963a preinit: define _GNU_SOURCE
e5ff8ca upgraded: cmake: Find and include uloop.h
f367ec6 hotplug: fix a memory leak in handle_button_complete()
796ba3b service/service_stopped(): fix a use-after-free
79bbe6d system: return legacy board name
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
We always want to support staged upgrades now, so it's better to include
upgraded into the main package. /lib/upgrade/nand.sh is moved to
base-files.
The procd-nand-firstboot package is removed for now, it may return later
as a separate package.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
992b796 rcS: add missing fcntl.h include
63789e5 init: add support for sysupgrades triggered from preinit
5b1fb35 Remove code that has become unnecessary after sysupgrade changes
5918b6d upgraded: add support for passing a "command" argument to stage2
056d8dd upgraded: link dynamically, chroot during exec
7c6cf55 system: always support staged sysupgrade
d42b21e procd/rcS: Use /dev/null as stdin
e0098d4 service/instance: add an auto start option
1247db1 procd: Log initscript output prefixed with script name
8d720b2 procd: Don't use syslog before its initialization
2555474 procd: Add missing \n in debug message
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
8f218f5 procd: service gets deleted when its last instance is freed
35209a0 procd: update modprobe path
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5f91241 procd: add cancel_timeout on rc scripts when a runtime_timeout is specified
961dc69 procd: stop service using SIGKILL if SIGTERM failed to do so
Signed-off-by: John Crispin <john@phrozen.org>
Update procd to latest HEAD in order to introduce support for services signals:
- Adds a new service.signal ubus call to send a kill() signal to one or all
running instances of a given service
- Adds a new "reload_signal" property which allows service init scripts to
request procd to send a specific kill() signal on reload, instead of
stopping and restarting running processes
Also fixes some potential memory leaks reported by cppcheck and an environment
variable corruption in the trace command.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Commit f5c741b5e0 updated procd to a more recent version, but did not
change the hash of the tar. Update it to the one matching the file on
the download servers.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* Change git packages to xz
* Update mirror checksums in packages where they are used
* Change a few source tarballs to xz if available upstream
* Remove unused lines in packages we're touching, requested by jow- and blogic
* We're relying more on xz-utils so add official mirror as primary source, master site as secondary.
* Add SHA256 checksums to multiple git tarball packages
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
This fixes diverging executable search paths observed in programs
launched throughn etifd which in turn inherited the search path from
procd early on boot.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 48235
this need to be applied after my work on ujail (procd git)
ujail doesn't depend on seccomp and some archs dont support seccomp
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
SVN-Revision: 46936
fix generating syscall-names.h
Sometimes the syscall number is not defined with a number but with an
offset to an other syscall and then make_syscall_h.sh created some
broken header file.
For example the bit/syscall.h from musl for i386 has this:
#define __NR_timer_create 259
#define __NR_timer_settime (__NR_timer_create+1)
With this patch the resulting array looks like this:
[259] = "timer_create",
[(__NR_timer_create+1)] = "timer_settime",
This closes#20195.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 46612
there is a conceptual design flaw in our interface events. workaround this by
disabling duplicate message supression in procd. we need to fix this properly
for the next release
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 45883
Procd enabled init scripts can now specify:
procd_set_param stdout 1
procd_set_param stderr 1
... to relay their respective standard IO streams to the system log.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44547
Update to git head in order to switch the procd logging to the common ulog()
api for putting early boot messages into dmesg.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44543
Update to latest git head in order to support disabling the build
of upgraded which causes linker errors on avr32.
This also adds some fixes to the ubus system.info and system.board
methods.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44134
fixes a bug where wdt write happened with no valid fd available
--> procd: WDT failed to write: Bad file descriptor
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 43711
it is now possible to flash a initramfs kernel and a sysupgrade tar file inside the ubi partition. on first boot, the takeover script will find the tar file, extract and finally sysupgrade it. this allows us to flash owrt/ubi images in a 2 phase setup using ODM webuis that are not ubi aware. this is needed by some mediatek and brokencom devices.
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 43505
