From: Michal Sojka Date: Mon, 30 Jul 2018 07:32:19 +0000 (+0200) Subject: Allow disabling seccomp or changing the whitelist X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=e29966f04cdf549a01f721f93634672055da8af4;p=oweals%2Fprocd.git Allow disabling seccomp or changing the whitelist Without this change, once a service is started with seccomp, it is impossible to restart it without seccomp or change the whitelist file name. This commit fixes that. Disabling seccomp is as easy as commenting out the "procd_set_param seccomp" line in init.d script. Signed-off-by: Michal Sojka --- diff --git a/service/instance.c b/service/instance.c index 27e35b1..a5742b7 100644 --- a/service/instance.c +++ b/service/instance.c @@ -639,6 +639,11 @@ instance_config_changed(struct service_instance *in, struct service_instance *in if (in->respawn_timeout != in_new->respawn_timeout) return true; + if ((!in->seccomp && in_new->seccomp) || + (in->seccomp && !in_new->seccomp) || + (in->seccomp && in_new->seccomp && strcmp(in->seccomp, in_new->seccomp))) + return true; + if (!blobmsg_list_equal(&in->limits, &in_new->limits)) return true; @@ -959,6 +964,7 @@ instance_config_move(struct service_instance *in, struct service_instance *in_sr in->respawn_timeout = in_src->respawn_timeout; in->name = in_src->name; in->trace = in_src->trace; + in->seccomp = in_src->seccomp; in->node.avl.key = in_src->node.avl.key; free(in->config);