oweals/procd.git
7 years agoadd missing includes
Felix Fietkau [Sat, 11 Feb 2017 14:43:36 +0000 (15:43 +0100)]
add missing includes

Including sys/sysmacros.h is now necessary for makedev() on glibc 2.25.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agoujail: fix signal forwarding
John Crispin [Wed, 8 Feb 2017 11:02:10 +0000 (12:02 +0100)]
ujail: fix signal forwarding

Signed-off-by: John Crispin <john@phrozen.org>
7 years agoinit: fix /tmp permissions on zram
Matthias Schiffer [Thu, 26 Jan 2017 11:56:24 +0000 (12:56 +0100)]
init: fix /tmp permissions on zram

mkfs.ext4 will create the filesystem with 755, we need to chmod to 1777
explicitly.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
7 years agoujail: add basic /dev files
Etienne CHAMPETIER [Fri, 30 Dec 2016 02:08:58 +0000 (18:08 -0800)]
ujail: add basic /dev files

This adds
/dev/full
/dev/null
/dev/urandom
/dev/zero
in every jail (not having them only allow subtle bugs)

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
7 years agoservice: add reload_signal property
Jo-Philipp Wich [Tue, 13 Dec 2016 16:27:13 +0000 (17:27 +0100)]
service: add reload_signal property

Introduce a new optional property "reload_signal" which - if set - instructs
procd to not terminate and restart supervised processes upon changes, but to
send them a kill() signal instead.

This is useful for services which fully support native config reload upon
receipt of a signal.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agohotplug: fix uninitialized variable
Jo-Philipp Wich [Tue, 13 Dec 2016 15:26:03 +0000 (16:26 +0100)]
hotplug: fix uninitialized variable

Commit e999ab7 (hotplug: Check chown return value) introduced a new variable
"ret" which is not explicitely initialized, leading to the following compile
error:

    hotplug.c:155:18: error: 'ret' may be used uninitialized in this function [-Werror=maybe-uninitialized]
        if (!g || ret < 0)
                      ^
    cc1: all warnings being treated as errors

Explicitely initialize it to zero to avoid that problem.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agoservice: add service.signal ubus call
Jo-Philipp Wich [Tue, 13 Dec 2016 15:21:29 +0000 (16:21 +0100)]
service: add service.signal ubus call

Add a service.signal call to allow sending kill() signals to a service.

The default signal sent to services is SIGHUP and may be overridden by a
numerical signal value using the signal parameter.

The optional instance argument allows restricting the signal delivery to one
specific instance. If omitted, the signal is sent to all instances.

Acked-by: John Crispin <john@phrozen.org>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agotrace: use the cloned environment pointer
Felix Fietkau [Mon, 5 Dec 2016 17:16:47 +0000 (18:16 +0100)]
trace: use the cloned environment pointer

Fixes an issue where it would overwrite the first environment variable
with the preload one

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agoprocd: Fix memory leaks found by cppcheck
Rosen Penev [Sun, 4 Dec 2016 04:39:42 +0000 (20:39 -0800)]
procd: Fix memory leaks found by cppcheck

Signed-off by: Rosen Penev <rosenp@gmail.com>

7 years agohotplug: Check chown return value
Florian Fainelli [Sat, 3 Dec 2016 17:32:21 +0000 (09:32 -0800)]
hotplug: Check chown return value

Fixes:

plug/hotplug.c:152:10: error: ignoring return value of 'chown', declared with attribute warn_unused_result [-Werror=unused-result]
     chown(blobmsg_get_string(tb[0]), 0, g->gr_gid);

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
7 years agoujail: send SIGKILL to jail process if SIGTERM fails
Felix Fietkau [Fri, 2 Dec 2016 12:52:57 +0000 (13:52 +0100)]
ujail: send SIGKILL to jail process if SIGTERM fails

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agoservice: do not restart instances if data changes
Felix Fietkau [Wed, 19 Oct 2016 12:09:10 +0000 (14:09 +0200)]
service: do not restart instances if data changes

Drop in->data from instance_config_changed() checks.

So far, procd_open_data is always used in places for passing data to
other services, not for triggering restarts on specific changes.
With this change it is possible to use this behavior more explicitly
while avoiding unnecessary restarts

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agoservice: make instance_update() void and unconditionally replace config on update
Felix Fietkau [Wed, 19 Oct 2016 12:08:03 +0000 (14:08 +0200)]
service: make instance_update() void and unconditionally replace config on update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agoservice: add support for instances without command
Felix Fietkau [Wed, 19 Oct 2016 11:54:51 +0000 (13:54 +0200)]
service: add support for instances without command

This can be useful for maintaining active procd data for use in other
services, even when no helper process is active.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agoprocd: fix build when DEBUG is set
Zefir Kurtisi [Thu, 13 Oct 2016 15:40:38 +0000 (17:40 +0200)]
procd: fix build when DEBUG is set

There is a collision between the DEBUG set in the CMake file as
flag and the macro defined in log.h, resulting in build error:

In file included from ./procd/initd/init.h:19:0,
                 from ./procd/initd/init.c:33:
./procd/initd/../log.h:20:0: error: "DEBUG" redefined [-Werror]
 #define DEBUG(level, fmt, ...) do { \
 ^
<command-line>:0:0: note: this is the location of the previous definition
cc1: all warnings being treated as errors

This patch fixes the issue by renaming the build flag to
UDEV_DEBUG (since it is only used in udevtrigger).

Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
8 years agoprocd: fire events at instance respawn and failure
Zefir Kurtisi [Thu, 13 Oct 2016 14:50:56 +0000 (16:50 +0200)]
procd: fire events at instance respawn and failure

In addition to the existing 'start' and 'stop',
this commit adds 'respawn' and 'fail' events
to allow system monitors to detect and handle
unstable processes.

Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
8 years agoadd late variant of respawn and askconsole
John Crispin [Tue, 27 Sep 2016 16:09:52 +0000 (18:09 +0200)]
add late variant of respawn and askconsole

Signed-off-by: John Crispin <john@phrozen.org>
8 years agofixes a copy paste error in the service ubus binding
John Crispin [Tue, 27 Sep 2016 15:19:55 +0000 (17:19 +0200)]
fixes a copy paste error in the service ubus binding

Signed-off-by: John Crispin <john@phrozen.org>
8 years agoprocd: uClibc O_PATH backwards compatibility fixes
Hans Dedecker [Fri, 12 Aug 2016 08:27:54 +0000 (10:27 +0200)]
procd: uClibc O_PATH backwards compatibility fixes

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
8 years agotrigger: rework timeout handling and command queueing
Felix Fietkau [Fri, 29 Jul 2016 11:52:38 +0000 (13:52 +0200)]
trigger: rework timeout handling and command queueing

Instead of queueing the full json_script, only queue actual script calls
issued by it. This fixes a long standing issue where trigger events were
dropped, triggered by the following scenario:

- Set up a trigger with timeout and condition check in the script.
- Fire an event that matches the condition.
- Fire another event that does not match the condition.

This series of events will fire the delay timer of the trigger, but the
second event will replace the trigger event data. When the timer
expires, the json_script is run, but no script call is issued

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agotrigger: replace trigger_init() with static runqueue initialization
Felix Fietkau [Fri, 29 Jul 2016 10:03:50 +0000 (12:03 +0200)]
trigger: replace trigger_init() with static runqueue initialization

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agotrigger: remove unnecessary runqueue empty callback
Felix Fietkau [Fri, 29 Jul 2016 09:55:01 +0000 (11:55 +0200)]
trigger: remove unnecessary runqueue empty callback

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agotrigger: reduce indentation level in trigger_event()
Felix Fietkau [Fri, 29 Jul 2016 09:04:30 +0000 (11:04 +0200)]
trigger: reduce indentation level in trigger_event()

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agoprocd: remove instance_removepid call from instance_stop
Jurgen Van Ham [Fri, 15 Jul 2016 10:34:52 +0000 (12:34 +0200)]
procd: remove instance_removepid call from instance_stop

It is already called from instance_exit when the instance is stopped

Signed-off-by: Jurgen Van Ham <juvanham.tc@gmail.com>
8 years agosystem: add reboot method to system ubus object
Rafał Miłecki [Wed, 6 Jul 2016 11:55:48 +0000 (13:55 +0200)]
system: add reboot method to system ubus object

Sometimes, for various reasons, user may want to reboot a device. This
is a common task and it makes sense to support it with something common
like a procd.

Right now both: LuCI and LuCI2 implement this feature on their own with
luci-rpc-luci2-system reboot and luci-rpc-sys reboot. This leads to code
duplication and situation may become even worse with more software
controlling system with ubus.

Othen than that procd already has support for rebooting so one may
consider this ubus method even cleaner.

Once we get this patch in place we may consider switching LuCI and LuCI2
to this new method.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
8 years agosystem: fix localtime value in ubus info method output
Rafał Miłecki [Tue, 5 Jul 2016 13:40:56 +0000 (15:40 +0200)]
system: fix localtime value in ubus info method output

Function mktime respects current time zone and calling it results in
converting time back to the UTC. It means we were never returning a
time for local zone but GMT one.

The easiest solution is to use tm_gmtoff from struct tm. Unfortunately
this isn't part of POSIX but it seems to be the best idea anyway.

Alternative (worse?) solutions:
1) Use timegm that is nonstandard GNU extension
2) Work with TZ env (getenv & (un)setenv) that is not thread-safe
3) Use timegm (next to localtime) and implement function comparing two
   struct tm. This is what glibc does internally (tm_diff) when compiled
   without HAVE_TM_GMTOFF.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
8 years agoprocd: remove pidfile after unexpected termination without respawn
Jurgen Van Ham [Tue, 5 Jul 2016 07:57:18 +0000 (09:57 +0200)]
procd: remove pidfile after unexpected termination without respawn

When procd detects a daemon halts and it is not configured to
be respawned, the pidfile has to be removed.

Signed-off-by: Jurgen Van Ham <juvanham.tc@gmail.com>
8 years agocmake: Find libubox/uloop.h
Florian Fainelli [Fri, 1 Jul 2016 23:05:52 +0000 (16:05 -0700)]
cmake: Find libubox/uloop.h

Add a CMake FIND_PATH and INCLUDE_DIRECTORIES searching for
libubox/uloop.h. Some external toolchains which do not include standard
locations would fail to find the header otherwise.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
8 years agohotplug: makedev should be able to set the group of a device node
John Crispin [Thu, 16 Jun 2016 09:49:04 +0000 (11:49 +0200)]
hotplug: makedev should be able to set the group of a device node

Signed-off-by: John Crispin <john@phrozen.org>
8 years agomake /var/{run, lock, state} not world writable (0755)
Etienne CHAMPETIER [Thu, 16 Jun 2016 08:09:15 +0000 (08:09 +0000)]
make /var/{run, lock, state} not world writable (0755)

since commit be950c5e56b86509e1e237931d0ac8203372be82 (09/03/2013)
/var/{run,lock,state} are world writable (0777) which is a security issue
before that they were created by /etc/init.d/boot with normal
permissions (0755), so revert to that state

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agojail: don't always CLONE_NEWUTS
Etienne CHAMPETIER [Wed, 1 Jun 2016 20:54:06 +0000 (20:54 +0000)]
jail: don't always CLONE_NEWUTS

no -h => no CLONE_NEWUTS
-h "" => CLONE_NEWUTS
-h "newjailhostname" => CLONE_NEWUTS + sethostname

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agojail: ensure mounts are not MS_SHARED to avoid pivot_root() failure
Etienne CHAMPETIER [Sun, 29 May 2016 23:39:17 +0000 (23:39 +0000)]
jail: ensure mounts are not MS_SHARED to avoid pivot_root() failure

By default mounts are MS_PRIVATE (kernel default) but systemd
decided to make it MS_SHARED by default since v188
https://github.com/systemd/systemd/commit/b3ac5f8cb98757416d8660023d6564a7c411f0a0

This patch fixes ujail on systemd distro (useful for development at least).

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agojail: improve some logs
Etienne CHAMPETIER [Sun, 29 May 2016 23:39:16 +0000 (23:39 +0000)]
jail: improve some logs

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agojail: don't include capabilities config (-C) inside the jail
Etienne CHAMPETIER [Sun, 29 May 2016 23:39:15 +0000 (23:39 +0000)]
jail: don't include capabilities config (-C) inside the jail

Removing capabilities from the capability bounding set doesn't change
the capability effective set, so we can "drop capabilities" before we
build the jail fs, so we don't need to include the capabilities config
file into the jail.

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agojail: call build_envp() just before execve()
Etienne CHAMPETIER [Sun, 29 May 2016 23:39:14 +0000 (23:39 +0000)]
jail: call build_envp() just before execve()

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agojail: regroup add_path_and_deps() calls
Etienne CHAMPETIER [Sun, 29 May 2016 23:39:13 +0000 (23:39 +0000)]
jail: regroup add_path_and_deps() calls

we are already calling add_path_and_deps() while parsing -r/-w options,
so move the 2 remaining calls into main()

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agojail: call chdir(/) after pivot_root()
Etienne CHAMPETIER [Sun, 29 May 2016 23:39:12 +0000 (23:39 +0000)]
jail: call chdir(/) after pivot_root()

pivot_root(2) man page recommend calling chdir(/), so do it

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years ago_GNU_SOURCE should be defined for building vs uClibc
Alexey Brodkin [Mon, 23 May 2016 17:57:28 +0000 (20:57 +0300)]
_GNU_SOURCE should be defined for building vs uClibc

In uClibc-ng O_PATH and O_DIRECTORY are only defined if _GNU_SOURCE is
defined.

So explicitly define _GNU_SOURCE in sources that use O_PATH and
O_DIRECTORY.

Without that extra definition that's what happens when building procd.

utils/utils.c:
------------------------->8----------------------
.../openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/utils/utils.c:
In function 'patch_fd':
.../openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/utils/utils.c:168:22:
error: 'O_PATH' undeclared (first use in this function)
   dfd = open("/dev", O_PATH|O_DIRECTORY);
                      ^
.../openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/utils/utils.c:168:22:
note: each undeclared identifier is reported only once for each function
it appears in
.../openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/utils/utils.c:168:29:
error: 'O_DIRECTORY' undeclared (first use in this function)
   dfd = open("/dev", O_PATH|O_DIRECTORY);
                             ^
CMakeFiles/init.dir/build.make:182: recipe for target
'CMakeFiles/init.dir/utils/utils.c.o' failed
------------------------->8----------------------

inittab.c:
------------------------->8----------------------
.../openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/inittab.c:
In function 'dev_exist':
.../openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/inittab.c:72:21:
error: 'O_PATH' undeclared (first use in this function)
  dfd = open("/dev", O_PATH|O_DIRECTORY);
                     ^
.../git/openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/inittab.c:72:21:
note: each undeclared identifier is reported only once for each function
it appears in
.../git/openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/inittab.c:72:28:
error: 'O_DIRECTORY' undeclared (first use in this function)
  dfd = open("/dev", O_PATH|O_DIRECTORY);
                            ^
CMakeFiles/procd.dir/build.make:134: recipe for target
'CMakeFiles/procd.dir/inittab.c.o' failed
make[6]: *** [CMakeFiles/procd.dir/inittab.c.o] Error 1
------------------------->8----------------------

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Waldemar Brodkorb <wbx@openadk.org>
Cc: John Crispin <john@phrozen.org>
Cc: Jo-Philipp Wich <jo@mein.io>
8 years agoutils: use O_PATH when opening /dev
Jo-Philipp Wich [Tue, 17 May 2016 15:42:11 +0000 (17:42 +0200)]
utils: use O_PATH when opening /dev

Use the O_PATH and O_DIRECTORY flags when opening the "/dev" path for the
subsequent openat() call to ensure that it is indeed a directory.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
8 years agoinittab: use more robust dev_exist() implementation
Jo-Philipp Wich [Tue, 17 May 2016 15:42:10 +0000 (17:42 +0200)]
inittab: use more robust dev_exist() implementation

Rework the dev_exist() function to use openat() in order to resolve the device
file relative to the "/dev" directory. Drop the now unused dev_open() function.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
8 years agoinitd: fix descriptor leak
Jo-Philipp Wich [Tue, 17 May 2016 15:00:47 +0000 (17:00 +0200)]
initd: fix descriptor leak

Close the descriptor to /tmp/.preinit returned by creat() in order to avoid
an fd leak in the init process.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
8 years agoinittab: use patch_stdio() for stdio redirection
Jo-Philipp Wich [Tue, 17 May 2016 15:00:46 +0000 (17:00 +0200)]
inittab: use patch_stdio() for stdio redirection

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
8 years agoinitd: use patch_stdio() for kmodloader stdio redirection
Jo-Philipp Wich [Tue, 17 May 2016 15:00:45 +0000 (17:00 +0200)]
initd: use patch_stdio() for kmodloader stdio redirection

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
8 years agoinitd: use patch_stdio() for early console setup
Jo-Philipp Wich [Tue, 17 May 2016 15:00:44 +0000 (17:00 +0200)]
initd: use patch_stdio() for early console setup

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
8 years agoutils: add patch_fd() and patch_stdio() helpers
Jo-Philipp Wich [Tue, 17 May 2016 15:00:43 +0000 (17:00 +0200)]
utils: add patch_fd() and patch_stdio() helpers

Introduce two new helper functions to deal with stdio redirecation in a
uniform, reliable manner:

The patch_fd() function will attempt to redirect the given fd number to the
specified file, using the supplied flags for the open() syscall. When the
device is NULL, "/dev/null" is asumed, when the device is a relative path,
openat() is used to open it relative to the "/dev" directory. When the device
cannot be openend, a fallback to "/dev/null" is attempted.

The patch_stdio() function is essentially a wrapper around patch_fd(),
providing an easy interface to redirect stdin, stdout and stderr to the same
given device.

Both function return 0 on success and -1 on error. The errno variable will
be set accordingly.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
8 years agopreinit: create a sentinel file during preinit
John Crispin [Sun, 15 May 2016 14:18:41 +0000 (16:18 +0200)]
preinit: create a sentinel file during preinit

Signed-off-by: John Crispin <john@phrozen.org>
8 years agoprocd: service: Support writing pidfiles
Karl Palsson [Wed, 2 Mar 2016 14:47:06 +0000 (14:47 +0000)]
procd: service: Support writing pidfiles

Use the "pidfile" attribute of a service to decide whether to write a
pidfile or not.

Files are removed on stop/restart, and correctly created if the config
has changed.

Signed-off-by: Karl Palsson <karlp@etactica.com>
8 years agoinit: reduce delay after starting kmodloader
Felix Fietkau [Sat, 5 Mar 2016 19:08:56 +0000 (20:08 +0100)]
init: reduce delay after starting kmodloader

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agomake initial ubus connect delay small, use exponential backoff
Felix Fietkau [Sat, 5 Mar 2016 14:40:36 +0000 (15:40 +0100)]
make initial ubus connect delay small, use exponential backoff

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agoservice: get rid of service_init and service_validate_init, use static avl tree initi...
Felix Fietkau [Sat, 5 Mar 2016 13:08:59 +0000 (14:08 +0100)]
service: get rid of service_init and service_validate_init, use static avl tree initialization

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agoprocd: add an option to log to stdout
Felix Fietkau [Sat, 5 Mar 2016 12:14:19 +0000 (13:14 +0100)]
procd: add an option to log to stdout

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agoadd a build-time option to disable init related code
Felix Fietkau [Sat, 5 Mar 2016 11:16:13 +0000 (12:16 +0100)]
add a build-time option to disable init related code

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agoadd ifdefs to make service/instance.c compile on non-linux systems
Felix Fietkau [Sat, 5 Mar 2016 11:15:38 +0000 (12:15 +0100)]
add ifdefs to make service/instance.c compile on non-linux systems

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agoutils.c: remove an unnecessary include
Felix Fietkau [Sat, 5 Mar 2016 11:15:11 +0000 (12:15 +0100)]
utils.c: remove an unnecessary include

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agoadd ifdefs to make system.c compile on non-linux systems
Felix Fietkau [Sat, 5 Mar 2016 11:07:04 +0000 (12:07 +0100)]
add ifdefs to make system.c compile on non-linux systems

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agoadd option to disable build of the init binary
Felix Fietkau [Sat, 5 Mar 2016 10:54:55 +0000 (11:54 +0100)]
add option to disable build of the init binary

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agoExpose EARLY_PATH as cmake flag
Jo-Philipp Wich [Mon, 8 Feb 2016 12:21:37 +0000 (13:21 +0100)]
Expose EARLY_PATH as cmake flag

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
8 years agoinitd: allow overriding early PATH through build time define
Jo-Philipp Wich [Mon, 8 Feb 2016 11:13:49 +0000 (12:13 +0100)]
initd: allow overriding early PATH through build time define

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
8 years agotrigger: fix memory leak in script calls
Felix Fietkau [Thu, 4 Feb 2016 19:37:07 +0000 (20:37 +0100)]
trigger: fix memory leak in script calls

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agoAlign early init PATH with system wide OpenWrt path value
Jo-Philipp Wich [Thu, 14 Jan 2016 12:51:36 +0000 (13:51 +0100)]
Align early init PATH with system wide OpenWrt path value

Changeset r47080 globally unified the executable search path in OpenWrt,
now update procd to use the same path value.

This fixes diverging path values observed in programs launched by netifd
which inherits the early path value from procd.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
8 years agoinstance, ujail: wire hostname (-h) option
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:27 +0000 (23:09 +0000)]
instance, ujail: wire hostname (-h) option

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: split name (-n) and hostname (-h) options
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:26 +0000 (23:09 +0000)]
ujail: split name (-n) and hostname (-h) options

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoinstance, ujail: wire no_new_privs (-c) option
John Crispin [Fri, 11 Dec 2015 11:04:52 +0000 (12:04 +0100)]
instance, ujail: wire no_new_privs (-c) option

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: add no_new_privs (-c) option
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:24 +0000 (23:09 +0000)]
ujail: add no_new_privs (-c) option

set PR_SET_NO_NEW_PRIVS to 1

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoinstance, ujail: wire remount / read only option (-o)
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:23 +0000 (23:09 +0000)]
instance, ujail: wire remount / read only option (-o)

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoinstance, ujail: remove "-P <path>" option
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:21 +0000 (23:09 +0000)]
instance, ujail: remove "-P <path>" option

we can now launch multiple time the same
ujail command without conflict

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: add O_CLOEXEC flag to open() call
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:20 +0000 (23:09 +0000)]
ujail: add O_CLOEXEC flag to open() call

if we forget to close() in the future,
this prevent fd leak

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: fixup code style // -> /* */
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:19 +0000 (23:09 +0000)]
ujail: fixup code style // -> /* */

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: add ELF interpreter (DT_INTERP) to the jail
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:16 +0000 (16:27 +0000)]
ujail: add ELF interpreter (DT_INTERP) to the jail

this is needed by musl (openwrt DD)
uClibc/glibc is working without this

this partly fixes
https://dev.openwrt.org/ticket/20785

we still don't handle DT_RPATH, DT_RUNPATH, nodeflib, ...
see http://man7.org/linux/man-pages/man8/ld.so.8.html

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: automatically add script (#!) interpreter
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:15 +0000 (16:27 +0000)]
ujail: automatically add script (#!) interpreter

this make simple script work easily with ujail

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: rework fs jail part
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:14 +0000 (16:27 +0000)]
ujail: rework fs jail part

Change functions to work with full paths (do less split and concat of path)
  Store "soname" as key and the fullpath as path in "libraries"
  Remove "extras" list and replace it with "mounts" avl_tree
  ("mounts" also store fullpath)

Add add_path_and_deps() function to handle file/lib openning and mmaping
  Check if file is an elf (magic number) before passing it to elf_load_deps()
  elf_load_deps() now only handle elf parsing part
  next commit adds script (#!) handling

Use add_path_and_deps() with -r and -w args to automatically add dependencies

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: DT_STRTAB uses d_ptr in d_un union (not d_val)
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:13 +0000 (16:27 +0000)]
ujail: DT_STRTAB uses d_ptr in d_un union (not d_val)

see
https://docs.oracle.com/cd/E19683-01/817-3677/chapter6-42444/index.html

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: remove some debug/dev hack
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:12 +0000 (16:27 +0000)]
ujail: remove some debug/dev hack

this code is present since first ujail commit (dfcfcca7)

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: fixup code style: "func()" -> "func(void)"
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:11 +0000 (16:27 +0000)]
ujail: fixup code style: "func()" -> "func(void)"

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: add init_library_search()
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:10 +0000 (16:27 +0000)]
ujail: add init_library_search()

move all libraries search initialisation stuff
into elf.c / init_library_search()

for now we don't handle musl specific files

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: use PATH_MAX for path related buffers
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:09 +0000 (16:27 +0000)]
ujail: use PATH_MAX for path related buffers

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: search libs in /lib before /lib64
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:08 +0000 (16:27 +0000)]
ujail: search libs in /lib before /lib64

musl (openwrt DD r47603 x86-64) looks for lib only in /lib,
not in /lib64, and /lib64 is a symlink to /lib, so ujail find
all the libs in /lib64, add them in the jail (only under /lib64)
and then musl fails to find the libs.

uClibc (openwrt CC r47608 x86-64) looks for lib in /lib and
/usr/lib, not in /lib64 (/lib64 is also a symlink to /lib)

/lib64 is before /lib since the first commit, i don't know
if it was on purpose

this partly fixes
https://dev.openwrt.org/ticket/20785

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: remove "#include log.h" from elf.h
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:07 +0000 (16:27 +0000)]
ujail: remove "#include log.h" from elf.h

headers must include all there dependencies, no more, no less

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: add <stdio.h> and <syslog.h> to seccomp.h
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:06 +0000 (16:27 +0000)]
ujail: add <stdio.h> and <syslog.h> to seccomp.h

headers must include all there dependencies, no more, no less

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: add <stdio.h> to log.h
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:05 +0000 (16:27 +0000)]
ujail: add <stdio.h> to log.h

headers must include all there dependencies, no more, no less
(it uses fprintf)

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: put #include guard macro in all *.h
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:04 +0000 (16:27 +0000)]
ujail: put #include guard macro in all *.h

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: use more const in elf.*
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:03 +0000 (16:27 +0000)]
ujail: use more const in elf.*

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: stop using extern in elf.h
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:02 +0000 (16:27 +0000)]
ujail: stop using extern in elf.h

extern qualifiers for function definitions doesn't really make sense

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: don't pass unused arg in clone call
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:01 +0000 (16:27 +0000)]
ujail: don't pass unused arg in clone call

clone() call need a function with "void *" arg
(else we have a compilation error)

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: don't add non existant library_path
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:00 +0000 (16:27 +0000)]
ujail: don't add non existant library_path

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agofix a potential off-by-on eerror inside udevtrigegr
John Crispin [Mon, 23 Nov 2015 09:31:23 +0000 (10:31 +0100)]
fix a potential off-by-on eerror inside udevtrigegr

coverity found this: 1330086

Signed-off-by: John Crispin <blogic@openwrt.org>
9 years agosyslog: set sane priority values
Ulrich Weber [Wed, 4 Nov 2015 15:33:11 +0000 (16:33 +0100)]
syslog: set sane priority values

otherwise LOG_USER/LOG_EMERG is used

Signed-off-by: Ulrich Weber <uw@ocedo.com>
9 years agocmake: use CMAKE_INSTALL_* variables
Sergiy Kibrik [Tue, 13 Oct 2015 20:30:42 +0000 (23:30 +0300)]
cmake: use CMAKE_INSTALL_* variables

Replace hard-coded installation directories with cmake-provided
variables, which gives more flexibility on where to install
final binaries. Great simplification for usage with e.g. BitBake recipes.

Signed-off-by: Sergiy Kibrik <sakib@meta.ua>
9 years agoexplicitely ignore return value of symlink(3) call
Daniel Golle [Thu, 22 Oct 2015 21:15:58 +0000 (23:15 +0200)]
explicitely ignore return value of symlink(3) call

glibc sets __attribute_warn_unused_result__ on symlink(3) if
FORTIFY_SOURCE is set. This breaks procd which deliberately ignores
the result of the symlink(3) call early during init as there wouldn't
be anything better to do in that case other than ignoring the error and
trying to survive.

Introduce libc-compat.h to work-around libc anomalities.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
9 years agojail: Add MS_NODEV MS_NOEXEC MS_NOSUID mount options where needed
Etienne CHAMPETIER [Thu, 8 Oct 2015 20:01:44 +0000 (20:01 +0000)]
jail: Add MS_NODEV MS_NOEXEC MS_NOSUID mount options where needed

this completes fafbf7338ec8304f2a0ec0ba76048fba2c01c07e

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agojail: allow to not use namespaces
Etienne CHAMPETIER [Wed, 26 Aug 2015 23:26:47 +0000 (23:26 +0000)]
jail: allow to not use namespaces

building a generic jail can be hard,
choosing to drop some capabilities can be easier.

This commit permit to use namespaces, capabilities
and seccomp combined as you like.

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agojail: cleanup include
Etienne CHAMPETIER [Wed, 26 Aug 2015 23:26:46 +0000 (23:26 +0000)]
jail: cleanup include

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agojail: add capabilities support
Etienne CHAMPETIER [Wed, 26 Aug 2015 23:26:45 +0000 (23:26 +0000)]
jail: add capabilities support

If there is one or more capabilities in cap.keep,
drop all capabilities not in cap.keep.
Always drop all capabalities in cap.drop

exemple json syntax:
{
"cap.keep": [
        "cap_net_raw"
],
"cap.drop": []
}

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoAdd MS_NODEV MS_NOEXEC MS_NOSUID mount options where needed
Etienne CHAMPETIER [Sat, 19 Sep 2015 19:20:45 +0000 (19:20 +0000)]
Add MS_NODEV MS_NOEXEC MS_NOSUID mount options where needed

These options aren't mandatory, but can prevent some future
bugs from being exploited. Good reading:
http://lwn.net/Articles/647757/

Value chosen by looking at fedora 22 / ubuntu 14.04

Not tested yet (away from my tests routers)

Not touching jail/jail.c as this conflict with
my pending patch serie

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agosystem: fix undefined behavior in wdt offline check
Alexander Couzens [Wed, 23 Sep 2015 13:04:18 +0000 (15:04 +0200)]
system: fix undefined behavior in wdt offline check

watchdog_fd() is returning a char* and not a int. checking against < 0 could
lead in undefined behaviour.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
9 years agojail: reworks & cleanups
Etienne CHAMPETIER [Wed, 26 Aug 2015 23:26:44 +0000 (23:26 +0000)]
jail: reworks & cleanups

-use EXIT_SUCCESS/EXIT_FAILURE (not -1)
-parse every option in main, put them in opts struct
-add CLONE_NEWIPC to the clone() call (it's already compiled in openwrt kernel)
-return the exit status of the jailed process, or the num of the signal that killed it
-add missing options to usage()
-add a warning in usage() about ujail security
-debug option can now take an int as parameter (~debug level),
  with -d2 you now activate "LD_DEBUG=all" for exemple
-do not depend on libpreload-seccomp.so if -S is not present
-there is now only one ujail process instead of two

jail creation is now as follow:
1) create jail root dir (mkdir)
2) create new namespace (clone)
(in the parent wait for the child with uloop)
3) build the jail root fs (mount bind all the libs/bins ...),
pivot_root and mount special fs (procfs, sysfs) (build_jail_fs())
4) build envp (LD_PRELOAD the seccomp helper or ...)
5) drop capabilities (next patch)
6) execve the jailed bin
7) remove jail root dir (once child is dead)

there is no need to umount anything because we are already in a namespace

Todo:
-allow signals from the parent to the child

Feature request:
-when we add a file or dir, detect if it's an exec and add it's dependencies

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agojail, seccomp: remove useless root check
Etienne CHAMPETIER [Wed, 26 Aug 2015 23:26:43 +0000 (23:26 +0000)]
jail, seccomp: remove useless root check

prctl(PR_SET_NO_NEW_PRIVS, 1) is enough, we don't require CAP_SYS_ADMIN
see
https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt
https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agojail, seccomp: fix typo/improve log prefix
Etienne CHAMPETIER [Wed, 26 Aug 2015 23:26:42 +0000 (23:26 +0000)]
jail, seccomp: fix typo/improve log prefix

(perload-jail -> preload-seccomp)

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoadd UTRACE_SUPPORT build option
Etienne CHAMPETIER [Wed, 26 Aug 2015 23:26:41 +0000 (23:26 +0000)]
add UTRACE_SUPPORT build option

we can now build preload-seccomp, ujail, utrace separately

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agomove /dev/shm to /tmp/shm
Daniel Gimpelevich [Sat, 11 Jul 2015 01:58:38 +0000 (18:58 -0700)]
move /dev/shm to /tmp/shm

Since the /dev filesystem is tiny, /dev/shm needs to live somewhere
else.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>