ocserv: added option to use seccomp

author Nikos Mavrogiannopoulos <nmav@gnutls.org>

Sat, 14 Feb 2015 12:40:29 +0000 (13:40 +0100)

committer Nikos Mavrogiannopoulos <nmav@gnutls.org>

Sat, 14 Feb 2015 12:40:29 +0000 (13:40 +0100)
author Nikos Mavrogiannopoulos <nmav@gnutls.org>
Sat, 14 Feb 2015 12:40:29 +0000 (13:40 +0100)
committer Nikos Mavrogiannopoulos <nmav@gnutls.org>
Sat, 14 Feb 2015 12:40:29 +0000 (13:40 +0100)
diff --git a/net/ocserv/Config.in b/net/ocserv/Config.in

index 81075fd81329d489f9838b5a379b26ed5b0af1f5..88c5f5091421a461a88cbf9a3c5806a5d0cdfde7 100644 (file)
--- a/net/ocserv/Config.in
+++ b/net/ocserv/Config.in
@@ -7,6 +7,10 @@ config OCSERV_PAM
         bool "enable PAM"
         default n
  
+config OCSERV_SECCOMP
+       bool "enable seccomp"
+       default n
+
  config OCSERV_PROTOBUF
         bool "use external libprotobuf"
         default y
diff --git a/net/ocserv/Makefile b/net/ocserv/Makefile

index 3ddc5be7dce18aff9ecf5de90bdfd94009188754..6c23672ab7bb955d1ad3e24de546188f7a5b4566 100644 (file)
--- a/net/ocserv/Makefile
+++ b/net/ocserv/Makefile
@@ -22,6 +22,7 @@ PKG_FIXUP:=autoreconf
  
  PKG_CONFIG_DEPENDS:= \
         CONFIG_OCSERV_PAM \
+       CONFIG_OCSERV_SECCOMP \
         CONFIG_OCSERV_PROTOBUF \
  
  include $(INCLUDE_DIR)/package.mk
@@ -37,7 +38,7 @@ define Package/ocserv
    TITLE:=OpenConnect VPN server
    URL:=http://www.infradead.org/ocserv/
    MAINTAINER:=Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
-  DEPENDS:= +OCSERV_HTTP_PARSER:libhttp-parser +libgnutls +certtool +libncurses +libreadline +OCSERV_PAM:libpam +OCSERV_PROTOBUF:libprotobuf-c +kmod-tun
+  DEPENDS:= +OCSERV_HTTP_PARSER:libhttp-parser +OCSERV_SECCOMP:libseccomp +libgnutls +certtool +libncurses +libreadline +OCSERV_PAM:libpam +OCSERV_PROTOBUF:libprotobuf-c +kmod-tun
    USERID:=ocserv=72:ocserv=72
  endef
  
@@ -62,6 +63,10 @@ ifneq ($(CONFIG_OCSERV_PAM),y)
  CONFIGURE_ARGS += --without-pam
  endif
  
+ifneq ($(CONFIG_OCSERV_SECCOMP),y)
+CONFIGURE_ARGS += --disable-seccomp
+endif
+
  ifneq ($(CONFIG_OCSERV_PROTOBUF),y)
  CONFIGURE_ARGS += --without-protobuf
  endif
diff --git a/net/ocserv/files/ocserv.conf.template b/net/ocserv/files/ocserv.conf.template

index 8307bf6507540c35ef40c18ba926ae7cc24b1edb..1694fd782a76941dfcf13367e177d0a4ee0c7ffa 100644 (file)
--- a/net/ocserv/files/ocserv.conf.template
+++ b/net/ocserv/files/ocserv.conf.template
@@ -18,6 +18,8 @@ auth = "|AUTH|"
  # A banner to be displayed on clients
  banner = "Welcome to OpenWRT"
  
+isolate-workers = true
+
  # When the server has a dynamic DNS address (that may change),
  # should set that to true to ask the client to resolve again on
  # reconnects.
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>
	Sat, 14 Feb 2015 12:40:29 +0000 (13:40 +0100)
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>
	Sat, 14 Feb 2015 12:40:29 +0000 (13:40 +0100)
net/ocserv/Config.in		patch \| blob \| history
net/ocserv/Makefile		patch \| blob \| history
net/ocserv/files/ocserv.conf.template		patch \| blob \| history