Commit Graph

1073 Commits

Author SHA1 Message Date
Felix Fietkau
d7843fd7ef ubus: update to the latest version
b743a331421d ubusd: log ACL init errors
2099bb3ad997 libubus: use list_empty/list_first_entry in ubus_process_pending_msg
ef038488edc3 libubus: process pending messages in data handler if stack depth is 0
a72457b61df0 libubus: increase stack depth for processing obj msgs

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-01 12:00:21 +01:00
Dominick Grift
04c5bcd074 selinux-policy: update to version 1.0
wifi: writes to terminal
hotplugcall and sqm read class sysfile symlinks
unbound and sqm related loose ends
support/example: policycoreutils host-compile is required
TODO: this was wrong and it is actually needed
linguist detectable does not work this way
linguist-detectable
updates README
adds workflows
adds a note about persistent /var option

project moved to https://github.com/DefenSec/selinux-policy

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-10-28 22:15:02 +01:00
Hauke Mehrtens
eeeb9b7496 uci: update to git HEAD
cmake: Allow override of install directories

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-10-22 23:51:51 +02:00
Hauke Mehrtens
0ca81ff047 procd: update to git HEAD
jail: Fix build with glibc

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-10-22 23:51:50 +02:00
Daniel Golle
333f93333e
procd: update to git HEAD
9b1e035 jail: netifd: code cosmetics
 d2a2ecc jail: netifd: fix error handling issue reported by coverity
 e1d7cee jail: netifd: check target netns fd before using it
 59f7699 uxc: add missing 'break' statement

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-10-17 21:58:47 +01:00
Florian Eckert
b118efa0d2
buildsystem: add CONFIG_SECCOMP
Until now, this feature was switched on via the kernel configuration
option KERNEL_SECCOMP.

The follwing change a7f794cd2a now requires that
the package procd-seccomp must also enabled for buildinmg.

However, this is not the case we have no dependency and the imagebuilder
cannot build the image, because of the implicit package selection.

This change adds a new configuration option CONFIG_SECCOMP.
The new option  has the same behaviour as the configuration
option CONFIG_SELINUX.

If the CONFIG_SECCOMP is selected then the package procd-seccomp and
KERNEL_SECCOMP is enabled for this build.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-10-16 02:00:47 +01:00
Daniel Golle
213ce1d837
procd: update to git HEAD
97bcdcf uxc: fix segfault caused by use-after-free
 6398e05 uxc: don't free the stack
 324ebd0 jail: fs: add support for asymmetric mount bind
 c44ab7f jail: netifd: generate netifd uci config and mount it
 82dd390 jail: make use of per-container netifd via ubus

The new per-jail netifd is now configured by filtering the host
network configuration. As libuci is used for that, procd-ujail now
depends on libuci.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-10-13 00:40:29 +01:00
Christian Lamparter
80b7a8a7f5 Revert "gpio-cdev: add nu801 userspace driver"
This reverts commit f536f5ebdd.

As Hauke commented, this causes builder failures on 5.4 kernels.
This revert includes changes to the mx100 kernel modules
dependency as well as the uci led definitions.

Tested-by: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-10-10 23:15:05 +02:00
Chris Blake
f536f5ebdd gpio-cdev: add nu801 userspace driver
This adds a userspace interpretation of the nu801 driver used by Meraki
hardware. Previously this was a driver that was added per target, but as
multiple targets now have this driver, we should move to something that
can be shared by all targets since no driver exists upstream.

Co-developed-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-10-10 16:47:41 +02:00
Timo Sigurdsson
f83e927b87 fstools: ensure filesystems are mounted before log service starts
Currently, the fstab service starts after the log service which breaks
the ability to write a persistent log file to a filesystem mounted by
the fstab service. Thus, change the start order of the fstab service so
it starts right before the log service.

Fixes: b131853 ("ubox: update to latest git revision")
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[set to 11 to be explicitly before log, not only alphabetically, SPDX]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-09-22 16:49:10 -10:00
Daniel Golle
10df8ffcdf
procd: update to git HEAD
8a60e7e trace: don't leak file descriptor in error path
 68df9ac procd: fix container deletion
 f16abe0 uxc: add JSON output option for 'list' command
 a23c888 jail: prepare for adding process to existing namespace
 50da8a4 instance: allow jailed service to join namespace(s)
 482d1ab Revert "jail: do not hack /etc/resolv.conf on container rootfs"
 1eb4371 jail: start ubus and netifd instances for container with netns

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-09-15 21:47:32 +01:00
Daniel Golle
bf94c2da3e
procd: fix issue mounting overlay fs
The previous procd update broke mounting overlayfs in an attempt to
fix an off-by-one error. Revert that broken fix and apply fix from
Nick Hainke <vincent@systemli.org> instead to bring things back to
life.

 20adf53 Revert "initd: fix off-by-one error in mkdev.c"
 773e8da initd: fix off-by-one error in mkdev.c

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-31 12:31:15 +01:00
Daniel Golle
3e16866f39
procd: update to git HEAD
96d8bf2 trace: fix potential use-after-free occurence
 8eb1d78 initd: fix off-by-one error in mkdev.c
 86f82f3 utils: don't ignore open() return value
 f5fe04b jail: actually check calloc return value
 269c9e4 trace: preload: avoid NULL-dereference here as well

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-31 00:52:47 +01:00
Daniel Golle
25cb37bc00
procd: update to git HEAD
df251c2 uxc: move mountpoint of persistent config to /var/run/uxc
 e5b38fd trace: free memory allocated by blobmsg_format_json_indent()

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-30 20:36:11 +01:00
Daniel Golle
364bd887a1
fstools: update to git HEAD
50e6b20 libfstools: handle open() return value properly in F2FS check
 e1b6811 blockd: include missing libubox/utils.h

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-25 22:49:00 +01:00
Daniel Golle
76f46f4105
procd: update to git HEAD
8a8306d uxc.c: fix coverity resource leak warning
 7f2398e jail: devices: create parent folder when creating devices
 0603c8d jail: return to hook callback instead of just calling it
 3edb7eb jail: check return value when opening console
 af048a3 jail: use portable sizeof(void *)
 6010bd3 utils: make sure read() string is 0 terminated
 f6daca3 uxc: free string returned by blobmsg_format_json_indent()
 51f1cd2 trace: free string returned by blobmsg_format_json_indent()
 d716cb5 trace: handle open() return value and make sure string is terminated
 b824a89 jail: preload: avoid NULL-dereference in case things go wrong
 167dc24 jail: protect against strcat buffer overflows

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-24 18:49:46 +01:00
Daniel Golle
cc0112d9d7
selinux-policy: update to version 0.9
592ac0f add a note
 4bacd14 sslcertfile: list /etc/ssl
 7bdefa4 example: indicate that skip is an option
 d1e9a85 wifi: sys pipe usage
 eb903e1 README: add note about policycoreutils-setfiles weak dependency
 762e011 ttyd: signull all subjects
 fbfc079 acme: add basic support for acme_cleanup.sh and acme_setup.sh
 9ac7592 acme: transition to sys.subj on generic initscript execution
 f3dd1ba acme: missing rules related to sys.subj trans on file.initscriptfile
 ae273fa odhcp6c/netifd: support drop-in directories
 5fa9b41 subj: do not encourage misconfiguration
 44722b6 blockd, logd, odhcpc6, ubiutil, mtdstordev
 a775d93 21.02 related
 a473691 rcboot runs rcuhttpd which creates /tmp/etc for /tmp/etc/uhttpd
 290e9fb rcuhttpd: related to rcboot and uci-defaults
 3fc0d8b rcuhttpd: lists /etc/uci-defaults
 1f5ef48 removes ubvol.lock policy and adds move mtd/ubi partitions

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-20 01:48:13 +01:00
Daniel Golle
5c13177c55
procd: add missing dependency and fix empty mount triggers
procd.sh:
 Instead of triggering on every mount.add event, there should be no
 mount trigger at all in case none of the directories passed to
 procd_add_*_mount_trigger() are located on a mountpoint configured in
 /etc/config/fstab.

uxc:
 add missing dependency on rpcd.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-15 18:08:37 +01:00
Daniel Golle
09fccdb99e
procd: update to git HEAD
040fecc system: fix issues reported by Coverity
 48f481b service: make sure string read is null terminated
 16dbc2a uxc: fix a bunch of issues discovered by Coverity
 ff9002f uxc: fix help output
 104b49d uxc: support config in uvol

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-15 15:44:05 +01:00
Daniel Golle
1235e2ee3b
procd: update to git HEAD
48638ad hotplug-dispatch: yet another rare memory leak disovered by Coverity
 459b3e8 jail: fix several issues discovered by Coverity
 2562e2b ujail-console: add missing error handling discovered by coverity

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-14 19:20:05 +01:00
Daniel Golle
9126c0a59f
fstools: update to git HEAD
629726d blockd: fix resource leak discovered by coverity scan
 68ae639 libubi: fix several issues discovered by Coverity
 a77c4fa ubi: fix resource leak in legacy codepath
 2e3aca2 block: fix two resources leaks discovered by Coverity

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-14 19:19:58 +01:00
Daniel Golle
5181af5585
procd: update to git HEAD
9f233f5 system: make rootfs type accessible through board call

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-13 04:46:29 +01:00
Daniel Golle
80be893d2b
procd: change procd_add_start_mount_trigger to do restart
Change procd_add_start_mount_trigger to procd_add_restart_mount_trigger
and make it call 'restart' instead of 'start'.
This is more useful as it allows to handle both cases, intial start of
a services as well as restarting services. Calling 'restart' on a
service which has not yet been started has the same result as calling
'start'.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-08 15:26:28 +01:00
Daniel Golle
46a65f927c
procd: update to git HEAD and add new script helpers
e10de28 jail: cgroups-bpf: fix compile with musl 1.2
 f5d9b14 hotplug-dispatch: fix rare memory leaks in error paths

Add new init script helpers:
 procd_add_start_mount_trigger
 procd_add_reload_mount_trigger
 procd_get_mountpoints

Both trigger helpers expect a list of paths which are checked against
the mount targets configured in /etc/config/fstab and a trigger for all
mountpoints covered by the list of paths is setup.

procd_get_mountpoints is useful to find out if and which mountpoints
are covered by a list of paths.

Example:
  DATADIRS="/mnt/data/foo /mnt/data/bar /etc/foo/baz /var/lib/doe"

  start_service() {
    [ "$_BOOT" = "1" ] &&
      [ "$(procd_get_mountpoints $DATADIRS)" ] && return 0

    procd_open_instance
    # ...
    procd_close_instance
  }

  boot() {
    _BOOT=1 start
  }

  service_triggers() {
    procd_add_start_mount_trigger $DATADIRS
  }

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-05 03:46:21 +01:00
Daniel Golle
aa21110e44
fstools: update to git HEAD
d4f0129 blockd: also report target in notifications

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-05 03:46:11 +01:00
Daniel Golle
edb6bc1990
procd: update to git HEAD
Fix build on glibc targets and address a bunch of compiler warnings.

 93fc089 jail: cgroups-bpf: don't use sys/reg.h when building with glibc
 548d057 jail: don't ignore return value of seteuid()
 220b716 jail: ignore return value when creating default /dev symlinks
 78d5baa hotplug-dispatch: don't ignore asprintf() return value
 736aee5 uxc: always handle asprintf() return value
 2b20456 hotplug-dispatch: replace wrongly used assert()
 bfc86a2 jail: cgroups: replace wrongly used assert()
 516bdf2 jail: don't ignore return value of write()

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-04 19:12:44 +01:00
Daniel Golle
080a2d4bdf
fstools: update to git HEAD
141ac85 libblkid-tiny: fix invalid open syscall return check
 9e26563 libblkid-tiny: install header file to include dir

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-04 00:13:50 +01:00
Daniel Golle
0f5e8c8614
ubox: update to git HEAD
1f4f72b logd: fix privilege dropping order
 205defb logread: fix erroneous message "Logread connected to" with udp

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-08-04 00:13:45 +01:00
Daniel Golle
3404af774d
fstools: update to git HEAD
b7bf185 blockd: make most calls to 'block' asynchronous

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-07-30 02:12:40 +01:00
Daniel Golle
57ece63cd8
fstools: update to git HEAD
46d02c2 block: don't add non-ubifs ubi devices
 cc63933 blockd: send mount.ready when startup has completed

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-07-28 20:26:13 +01:00
Hauke Mehrtens
e11be055f1 procd: update to git HEAD
f26233e watchdog: Add an info message if the watchdog reset the system

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-07-25 14:51:43 +02:00
Daniel Golle
1ed9fc663e
procd: update to git HEAD
772292e uxc: don't restart containers when mount shows up
 3a9d910 uxc: resolve volume UUIDs by name of UCI fstab section

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-07-25 00:58:40 +01:00
Daniel Golle
ca31755af9 fstools: update to git HEAD (again)
a846c6b blockd: fix length of timeout int passed to ioctl
 1d681ca block: support umount device basename

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-07-24 01:14:09 +01:00
Daniel Golle
5bc898b43e fstools: update to git HEAD
59f7c11 blockd: create mountpoint parent folder if needed
9cc96af Revert "block: resolve /dev/mapper/* name for /dev/dm-0 when hotplugging"
06334ac Revert "blockd: detect mountpoint of /dev/mapper/*"
9ab3551 block: use /dev/dm-* instead of /dev/mapper/*
5114595 block: allow remove hotplug event to arrive at blockd

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-07-24 00:01:51 +01:00
Daniel Golle
cda668e046
procd: update to git HEAD
9bd1b7f jail: refactor directory handling for rootfs and overlaydir

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-07-18 19:12:08 +01:00
Daniel Golle
c1a3eff3ac
procd: update to git HEAD
0545905 jail: make use of realpath() for rootfs and overlaydir

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-07-17 22:11:50 +01:00
Daniel Golle
b1b16bddb0
procd: update to git HEAD
0ee73b2 uxc: implement support for rootfs overlay in containers
 b0a8ea1 jail: do not hack /etc/resolv.conf on container rootfs
 92aba53 jail: increase max additional env records to 64
 15997e6 jail: allow rootfs to be a symbolic link
 0114c6f jail: open() extroot folder before mounting
 ed96eda uxc: check for required blockd mounts

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-07-15 18:22:24 +01:00
Daniel Golle
6bcc8e9d97
fstools: update to git HEAD
3386b6b blockd: fix trigger name
 cdc9939 blockd: move to its own POSIX process group

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-07-15 18:22:17 +01:00
Daniel Golle
6721c20629
fstools: update to git HEAD
4d4dcfb blockd: detect mountpoint of /dev/mapper/*
 2f42515 block: resolve /dev/mapper/* name for /dev/dm-0 when hotplugging
 39558a1 blockd: also send ubus notification on mount hotplug

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-07-14 05:38:37 +01:00
Jo-Philipp Wich
324e3fb64f rpcd: update to latest Git HEAD
1fa3576 session: unload rpcd configuration before checking login

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-07-13 20:43:02 +02:00
Daniel Golle
f46a38a1ac
procd: update to git HEAD
2dcefbd jail: add support for cgroup devices as in OCI run-time spec

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-07-10 23:01:05 +01:00
Petr Štetiar
8307da3dbd treewide: unmark selected packages nonshared
This partially reverts changes done in commit 72cc44958e ("treewide:
mark selected packages nonshared") as it removes the nonshared flag, but
keeps the PKG_RELEASE as the PKG_RELEASE bump while adding nonshared
flag was incorrect.

Unmark uci, ubus, libubox, lua, libnl-tiny and libjson-c as nonshared
packages as this fix attempt didn't worked out. Currently the
imagebuilder is broken again:

 openwrt-imagebuilder-21.02.0-rc3-ipq40xx-generic.Linux-x86_64$ make image PROFILE=avm_fritzbox-7530 PACKAGES=luci-ssl-openssl
 ...
 Collected errors:
  * pkg_hash_check_unresolved: cannot find dependency libiwinfo20210430 for luci-mod-status
  * pkg_hash_fetch_best_installation_candidate: Packages for luci-mod-status found, but incompatible with the architectures configured
  * pkg_hash_check_unresolved: cannot find dependency libiwinfo20210430 for rpcd-mod-iwinfo
  * pkg_hash_fetch_best_installation_candidate: Packages for rpcd-mod-iwinfo found, but incompatible with the architectures configured
  * satisfy_dependencies_for: Cannot satisfy the following dependencies for luci-ssl-openssl:
  * 	libiwinfo20210430
  * opkg_install_cmd: Cannot install package luci-ssl-openssl.

Everything because iwinfo's ABI was changed two times since rc3 release:

 +IWINFO_ABI_VERSION:=20210430
 +IWINFO_ABI_VERSION:=20210420

Since iwinfo is marked as nonshared, it wasn't built by phase2 builders, but
luci-mod-status was already updated 2 times since rc3 and was thus rebuilt by
phase2 builders:

 d1d452ed2fb3 luci-mod-status: don't set '-' hostname when creating static lease
 95b3633055c1 luci-mod-status: switch to html table for wlan channel analysis

So now luci-mod-status depends on libiwinfo20210430 but only
libiwinfo20210106 can be downloaded. This is first part of the fix, in
the upcoming commit Jo is going to remove nonshared flag from iwinfo
package as well.

References: https://lists.infradead.org/pipermail/openwrt-devel/2021-July/035736.html
References: https://lists.infradead.org/pipermail/openwrt-devel/2021-July/035741.html
Acked-by: Jo-Philipp Wich <jo@mein.io>
Reported-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2021-07-02 18:12:15 +02:00
Felix Fietkau
3c57475085 ubus: update to the latest version
4fc532c8a55b ubusd: fix tx_queue linked list usage

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-06-30 21:58:51 +02:00
Rui Salvaterra
d31783329b zram-swap: clean up the log messages
Remove redundant tags and name things more consistently.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[removed superflous dash]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-06-27 14:49:14 -10:00
Rui Salvaterra
7720de4194 zram-swap: set the zram swap priority to 100 by default
New swap devices are added in decreasing priority order, starting at -1. Make
sure the zram swap device has the highest priority, by default.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-06-27 14:44:28 -10:00
Rui Salvaterra
18c24a29f9 zram-swap: robustify mkswap/swapon/swapoff invocation
Instead of assuming /sbin contains the correct BusyBox symlinks, directly invoke
the busybox executable. The required utilities are guaranteed to be present,
since the zram-swap package selects them. Additionally, don't assume busybox
resides in /bin, rely on PATH to find it.

While at it, update the copyright year, use SPDX and switch to AUTORELEASE.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-06-24 15:24:52 -10:00
Florian Eckert
92ac2a20eb uci: add uci_revert function
Add missing uci_revert shell function wrapper.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2021-06-21 08:36:03 -10:00
Rosen Penev
3dabb62581 treewide: remove PKG_INSTALL from CMake packages
It's already default with cmake.mk

Found with:

git grep PKG_INSTALL\: | cut -d ':' -f 1 | sort -u > ins
git grep cmake.mk | cut -d ':' -f 1 > cmake
comm -1 -2 ins cmake

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-06-19 20:44:59 -10:00
Rosen Penev
2e745e9be6 treewide: remove BUILD_PARALLEL from CMake packages
It's already default. The only exception is mt76 which has Ninja
disabled.

Found with:

git grep BUILD_PARALLEL | cut -d ':' -f 1 | sort -u > par
git grep cmake.mk | cut -d ':' -f 1 > cmake
comm -1 -2 par cmake

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-06-19 20:44:59 -10:00
Hauke Mehrtens
da86064611 opkg: update to git HEAD
1bf042d libopkg: pkg_hash: print unresolved dependencies

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-06-13 23:58:15 +02:00