64e9f3a procd: fix compilation with newer musl
945d0d7 utils: fix C style in header file
2cfc26f inittab: detect active console from kernel if no console= specified
3e88c6f jail/seccomp: add support for aarch64
c23d8bf trace: fix build on aarch64
7ee4563 procd: Adding support to detect Pantavisor Container Platform
021ece8 procd: Use /dev/console for serial console if exists
2dcefbd jail: add support for cgroup devices as in OCI run-time spec
0ee73b2 uxc: implement support for rootfs overlay in containers
b0a8ea1 jail: do not hack /etc/resolv.conf on container rootfs
92aba53 jail: increase max additional env records to 64
15997e6 jail: allow rootfs to be a symbolic link
0114c6f jail: open() extroot folder before mounting
ed96eda uxc: check for required blockd mounts
0545905 jail: make use of realpath() for rootfs and overlaydir
9bd1b7f jail: refactor directory handling for rootfs and overlaydir
772292e uxc: don't restart containers when mount shows up
3a9d910 uxc: resolve volume UUIDs by name of UCI fstab section
f26233e watchdog: Add an info message if the watchdog reset the system
93fc089 jail: cgroups-bpf: don't use sys/reg.h when building with glibc
548d057 jail: don't ignore return value of seteuid()
220b716 jail: ignore return value when creating default /dev symlinks
78d5baa hotplug-dispatch: don't ignore asprintf() return value
736aee5 uxc: always handle asprintf() return value
2b20456 hotplug-dispatch: replace wrongly used assert()
bfc86a2 jail: cgroups: replace wrongly used assert()
516bdf2 jail: don't ignore return value of write()
e10de28 jail: cgroups-bpf: fix compile with musl 1.2
f5d9b14 hotplug-dispatch: fix rare memory leaks in error paths
9f233f5 system: make rootfs type accessible through board call
48638ad hotplug-dispatch: yet another rare memory leak disovered by Coverity
459b3e8 jail: fix several issues discovered by Coverity
2562e2b ujail-console: add missing error handling discovered by coverity
040fecc system: fix issues reported by Coverity
48f481b service: make sure string read is null terminated
16dbc2a uxc: fix a bunch of issues discovered by Coverity
ff9002f uxc: fix help output
104b49d uxc: support config in uvol
8a8306d uxc.c: fix coverity resource leak warning
7f2398e jail: devices: create parent folder when creating devices
0603c8d jail: return to hook callback instead of just calling it
3edb7eb jail: check return value when opening console
af048a3 jail: use portable sizeof(void *)
6010bd3 utils: make sure read() string is 0 terminated
f6daca3 uxc: free string returned by blobmsg_format_json_indent()
51f1cd2 trace: free string returned by blobmsg_format_json_indent()
d716cb5 trace: handle open() return value and make sure string is terminated
b824a89 jail: preload: avoid NULL-dereference in case things go wrong
167dc24 jail: protect against strcat buffer overflows
df251c2 uxc: move mountpoint of persistent config to /var/run/uxc
e5b38fd trace: free memory allocated by blobmsg_format_json_indent()
96d8bf2 trace: fix potential use-after-free occurence
8eb1d78 initd: fix off-by-one error in mkdev.c
86f82f3 utils: don't ignore open() return value
f5fe04b jail: actually check calloc return value
269c9e4 trace: preload: avoid NULL-dereference here as well
20adf53 Revert "initd: fix off-by-one error in mkdev.c"
773e8da initd: fix off-by-one error in mkdev.c
8a60e7e trace: don't leak file descriptor in error path
68df9ac procd: fix container deletion
f16abe0 uxc: add JSON output option for 'list' command
a23c888 jail: prepare for adding process to existing namespace
50da8a4 instance: allow jailed service to join namespace(s)
482d1ab Revert "jail: do not hack /etc/resolv.conf on container rootfs"
1eb4371 jail: start ubus and netifd instances for container with netns
97bcdcf uxc: fix segfault caused by use-after-free
6398e05 uxc: don't free the stack
324ebd0 jail: fs: add support for asymmetric mount bind
c44ab7f jail: netifd: generate netifd uci config and mount it
82dd390 jail: make use of per-container netifd via ubus
9b1e035 jail: netifd: code cosmetics
d2a2ecc jail: netifd: fix error handling issue reported by coverity
e1d7cee jail: netifd: check target netns fd before using it
59f7699 uxc: add missing 'break' statement
The new per-jail netifd is now configured by filtering the host
network configuration. As libuci is used for that, procd-ujail now
depends on libuci.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(PROJECT_GIT)/project/procd.git
-PKG_SOURCE_DATE:=2021-02-23
-PKG_SOURCE_VERSION:=37eed131e9967a35f47bacb3437a9d3c8a57b3f4
-PKG_MIRROR_HASH:=2b0131ff9055ccf987cbeb5f36c2c2585dc780999df6be312fbbbcd61ce676d4
+PKG_SOURCE_DATE:=2021-10-17
+PKG_SOURCE_VERSION:=59f769920276229a3ee2dcbe75ea54095cf14ffe
+PKG_MIRROR_HASH:=2514d914bf317c5965ef90440e2c6bd8c409805db02348af4ed4aa58a0496fcf
CMAKE_INSTALL:=1
PKG_LICENSE:=GPL-2.0
include $(INCLUDE_DIR)/cmake.mk
ifeq ($(DUMP),)
- STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell echo $(CONFIG_TARGET_INIT_PATH) | mkhash md5)
+ STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell echo $(CONFIG_TARGET_INIT_PATH) | $(MKHASH) md5)
endif
CMAKE_OPTIONS += -DEARLY_PATH="$(TARGET_INIT_PATH)"
SECTION:=base
CATEGORY:=Base system
DEPENDS:=@KERNEL_NAMESPACES +@KERNEL_UTS_NS +@KERNEL_IPC_NS +@KERNEL_PID_NS \
- +libubox +libubus +libblobmsg-json
+ +libubox +libubus +libuci +libblobmsg-json
TITLE:=OpenWrt process jail helper
endef
define Package/procd-seccomp
SECTION:=base
CATEGORY:=Base system
- DEPENDS:=@(arm||armeb||mips||mipsel||i386||powerpc||x86_64) @!TARGET_uml \
+ DEPENDS:=@(aarch64||arm||armeb||mips||mipsel||i386||powerpc||x86_64) @!TARGET_uml \
@KERNEL_SECCOMP +libubox +libblobmsg-json
TITLE:=OpenWrt process seccomp helper + utrace
endef
define Package/uxc
SECTION:=base
CATEGORY:=Base system
- DEPENDS:=+procd-ujail +libubus +libubox +libblobmsg-json
+ DEPENDS:=+procd-ujail +libubus +libubox +libblobmsg-json +blockd +rpcd
TITLE:=OpenWrt container management
MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
endef
json_close_array
}
+_procd_add_mount_trigger() {
+ json_add_array
+ _procd_add_array_data "$1"
+ local action="$2"
+ local multi=0
+ shift ; shift
+
+ json_add_array
+ _procd_add_array_data "if"
+
+ if [ "$2" ]; then
+ json_add_array
+ _procd_add_array_data "or"
+ multi=1
+ fi
+
+ while [ "$1" ]; do
+ json_add_array
+ _procd_add_array_data "eq" "target" "$1"
+ shift
+ json_close_array
+ done
+
+ [ $multi = 1 ] && json_close_array
+
+ json_add_array
+ _procd_add_array_data "run_script" /etc/init.d/$name $action
+ json_close_array
+
+ json_close_array
+ _procd_add_timeout
+ json_close_array
+}
+
+_procd_add_action_mount_trigger() {
+ local script=$(readlink "$initscript")
+ local name=$(basename ${script:-$initscript})
+ local action="$1"
+ local mpath
+ shift
+
+ _procd_open_trigger
+ _procd_add_mount_trigger mount.add $action "$@"
+ _procd_close_trigger
+}
+
+procd_get_mountpoints() {
+ (
+ __procd_check_mount() {
+ local cfg="$1"
+ local path="${2%%/}/"
+ local target
+ config_get target "$cfg" target
+ target="${target%%/}/"
+ [ "$path" != "${path##$target}" ] && echo "${target%%/}"
+ }
+
+ config_load fstab
+ for mpath in "$@"; do
+ config_foreach __procd_check_mount mount "$mpath"
+ done
+ ) | sort -u
+}
+
+_procd_add_restart_mount_trigger() {
+ local mountpoints="$(procd_get_mountpoints "$@")"
+ [ "${mountpoints//[[:space:]]}" ] &&
+ _procd_add_action_mount_trigger restart $mountpoints
+}
+
+_procd_add_reload_mount_trigger() {
+ local mountpoints="$(procd_get_mountpoints "$@")"
+ [ "${mountpoints//[[:space:]]}" ] &&
+ _procd_add_action_mount_trigger reload $mountpoints
+}
+
_procd_add_raw_trigger() {
json_add_array
_procd_add_array_data "$1"
procd_add_raw_trigger \
procd_add_config_trigger \
procd_add_interface_trigger \
+ procd_add_mount_trigger \
procd_add_reload_trigger \
procd_add_reload_interface_trigger \
+ procd_add_reload_mount_trigger \
+ procd_add_restart_mount_trigger \
procd_open_trigger \
procd_close_trigger \
procd_open_instance \
__BOOT_UXC=1
start
}
+
+service_triggers() {
+ procd_add_raw_trigger "mount.add" 3000 /etc/init.d/uxc boot
+}