Felix Fietkau [Sat, 11 Feb 2017 14:43:36 +0000 (15:43 +0100)]
add missing includes
Including sys/sysmacros.h is now necessary for makedev() on glibc 2.25.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
John Crispin [Wed, 8 Feb 2017 11:02:10 +0000 (12:02 +0100)]
ujail: fix signal forwarding
Signed-off-by: John Crispin <john@phrozen.org>
Matthias Schiffer [Thu, 26 Jan 2017 11:56:24 +0000 (12:56 +0100)]
init: fix /tmp permissions on zram
mkfs.ext4 will create the filesystem with 755, we need to chmod to 1777
explicitly.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Etienne CHAMPETIER [Fri, 30 Dec 2016 02:08:58 +0000 (18:08 -0800)]
ujail: add basic /dev files
This adds
/dev/full
/dev/null
/dev/urandom
/dev/zero
in every jail (not having them only allow subtle bugs)
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Jo-Philipp Wich [Tue, 13 Dec 2016 16:27:13 +0000 (17:27 +0100)]
service: add reload_signal property
Introduce a new optional property "reload_signal" which - if set - instructs
procd to not terminate and restart supervised processes upon changes, but to
send them a kill() signal instead.
This is useful for services which fully support native config reload upon
receipt of a signal.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 13 Dec 2016 15:26:03 +0000 (16:26 +0100)]
hotplug: fix uninitialized variable
Commit
e999ab7 (hotplug: Check chown return value) introduced a new variable
"ret" which is not explicitely initialized, leading to the following compile
error:
hotplug.c:155:18: error: 'ret' may be used uninitialized in this function [-Werror=maybe-uninitialized]
if (!g || ret < 0)
^
cc1: all warnings being treated as errors
Explicitely initialize it to zero to avoid that problem.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 13 Dec 2016 15:21:29 +0000 (16:21 +0100)]
service: add service.signal ubus call
Add a service.signal call to allow sending kill() signals to a service.
The default signal sent to services is SIGHUP and may be overridden by a
numerical signal value using the signal parameter.
The optional instance argument allows restricting the signal delivery to one
specific instance. If omitted, the signal is sent to all instances.
Acked-by: John Crispin <john@phrozen.org>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Felix Fietkau [Mon, 5 Dec 2016 17:16:47 +0000 (18:16 +0100)]
trace: use the cloned environment pointer
Fixes an issue where it would overwrite the first environment variable
with the preload one
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Rosen Penev [Sun, 4 Dec 2016 04:39:42 +0000 (20:39 -0800)]
procd: Fix memory leaks found by cppcheck
Signed-off by: Rosen Penev <rosenp@gmail.com>
Florian Fainelli [Sat, 3 Dec 2016 17:32:21 +0000 (09:32 -0800)]
hotplug: Check chown return value
Fixes:
plug/hotplug.c:152:10: error: ignoring return value of 'chown', declared with attribute warn_unused_result [-Werror=unused-result]
chown(blobmsg_get_string(tb[0]), 0, g->gr_gid);
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Felix Fietkau [Fri, 2 Dec 2016 12:52:57 +0000 (13:52 +0100)]
ujail: send SIGKILL to jail process if SIGTERM fails
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 19 Oct 2016 12:09:10 +0000 (14:09 +0200)]
service: do not restart instances if data changes
Drop in->data from instance_config_changed() checks.
So far, procd_open_data is always used in places for passing data to
other services, not for triggering restarts on specific changes.
With this change it is possible to use this behavior more explicitly
while avoiding unnecessary restarts
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 19 Oct 2016 12:08:03 +0000 (14:08 +0200)]
service: make instance_update() void and unconditionally replace config on update
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Wed, 19 Oct 2016 11:54:51 +0000 (13:54 +0200)]
service: add support for instances without command
This can be useful for maintaining active procd data for use in other
services, even when no helper process is active.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Zefir Kurtisi [Thu, 13 Oct 2016 15:40:38 +0000 (17:40 +0200)]
procd: fix build when DEBUG is set
There is a collision between the DEBUG set in the CMake file as
flag and the macro defined in log.h, resulting in build error:
In file included from ./procd/initd/init.h:19:0,
from ./procd/initd/init.c:33:
./procd/initd/../log.h:20:0: error: "DEBUG" redefined [-Werror]
#define DEBUG(level, fmt, ...) do { \
^
<command-line>:0:0: note: this is the location of the previous definition
cc1: all warnings being treated as errors
This patch fixes the issue by renaming the build flag to
UDEV_DEBUG (since it is only used in udevtrigger).
Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
Zefir Kurtisi [Thu, 13 Oct 2016 14:50:56 +0000 (16:50 +0200)]
procd: fire events at instance respawn and failure
In addition to the existing 'start' and 'stop',
this commit adds 'respawn' and 'fail' events
to allow system monitors to detect and handle
unstable processes.
Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
John Crispin [Tue, 27 Sep 2016 16:09:52 +0000 (18:09 +0200)]
add late variant of respawn and askconsole
Signed-off-by: John Crispin <john@phrozen.org>
John Crispin [Tue, 27 Sep 2016 15:19:55 +0000 (17:19 +0200)]
fixes a copy paste error in the service ubus binding
Signed-off-by: John Crispin <john@phrozen.org>
Hans Dedecker [Fri, 12 Aug 2016 08:27:54 +0000 (10:27 +0200)]
procd: uClibc O_PATH backwards compatibility fixes
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Felix Fietkau [Fri, 29 Jul 2016 11:52:38 +0000 (13:52 +0200)]
trigger: rework timeout handling and command queueing
Instead of queueing the full json_script, only queue actual script calls
issued by it. This fixes a long standing issue where trigger events were
dropped, triggered by the following scenario:
- Set up a trigger with timeout and condition check in the script.
- Fire an event that matches the condition.
- Fire another event that does not match the condition.
This series of events will fire the delay timer of the trigger, but the
second event will replace the trigger event data. When the timer
expires, the json_script is run, but no script call is issued
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 29 Jul 2016 10:03:50 +0000 (12:03 +0200)]
trigger: replace trigger_init() with static runqueue initialization
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 29 Jul 2016 09:55:01 +0000 (11:55 +0200)]
trigger: remove unnecessary runqueue empty callback
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Fri, 29 Jul 2016 09:04:30 +0000 (11:04 +0200)]
trigger: reduce indentation level in trigger_event()
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Jurgen Van Ham [Fri, 15 Jul 2016 10:34:52 +0000 (12:34 +0200)]
procd: remove instance_removepid call from instance_stop
It is already called from instance_exit when the instance is stopped
Signed-off-by: Jurgen Van Ham <juvanham.tc@gmail.com>
Rafał Miłecki [Wed, 6 Jul 2016 11:55:48 +0000 (13:55 +0200)]
system: add reboot method to system ubus object
Sometimes, for various reasons, user may want to reboot a device. This
is a common task and it makes sense to support it with something common
like a procd.
Right now both: LuCI and LuCI2 implement this feature on their own with
luci-rpc-luci2-system reboot and luci-rpc-sys reboot. This leads to code
duplication and situation may become even worse with more software
controlling system with ubus.
Othen than that procd already has support for rebooting so one may
consider this ubus method even cleaner.
Once we get this patch in place we may consider switching LuCI and LuCI2
to this new method.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Rafał Miłecki [Tue, 5 Jul 2016 13:40:56 +0000 (15:40 +0200)]
system: fix localtime value in ubus info method output
Function mktime respects current time zone and calling it results in
converting time back to the UTC. It means we were never returning a
time for local zone but GMT one.
The easiest solution is to use tm_gmtoff from struct tm. Unfortunately
this isn't part of POSIX but it seems to be the best idea anyway.
Alternative (worse?) solutions:
1) Use timegm that is nonstandard GNU extension
2) Work with TZ env (getenv & (un)setenv) that is not thread-safe
3) Use timegm (next to localtime) and implement function comparing two
struct tm. This is what glibc does internally (tm_diff) when compiled
without HAVE_TM_GMTOFF.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Jurgen Van Ham [Tue, 5 Jul 2016 07:57:18 +0000 (09:57 +0200)]
procd: remove pidfile after unexpected termination without respawn
When procd detects a daemon halts and it is not configured to
be respawned, the pidfile has to be removed.
Signed-off-by: Jurgen Van Ham <juvanham.tc@gmail.com>
Florian Fainelli [Fri, 1 Jul 2016 23:05:52 +0000 (16:05 -0700)]
cmake: Find libubox/uloop.h
Add a CMake FIND_PATH and INCLUDE_DIRECTORIES searching for
libubox/uloop.h. Some external toolchains which do not include standard
locations would fail to find the header otherwise.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
John Crispin [Thu, 16 Jun 2016 09:49:04 +0000 (11:49 +0200)]
hotplug: makedev should be able to set the group of a device node
Signed-off-by: John Crispin <john@phrozen.org>
Etienne CHAMPETIER [Thu, 16 Jun 2016 08:09:15 +0000 (08:09 +0000)]
make /var/{run, lock, state} not world writable (0755)
since commit
be950c5e56b86509e1e237931d0ac8203372be82 (09/03/2013)
/var/{run,lock,state} are world writable (0777) which is a security issue
before that they were created by /etc/init.d/boot with normal
permissions (0755), so revert to that state
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Wed, 1 Jun 2016 20:54:06 +0000 (20:54 +0000)]
jail: don't always CLONE_NEWUTS
no -h => no CLONE_NEWUTS
-h "" => CLONE_NEWUTS
-h "newjailhostname" => CLONE_NEWUTS + sethostname
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Sun, 29 May 2016 23:39:17 +0000 (23:39 +0000)]
jail: ensure mounts are not MS_SHARED to avoid pivot_root() failure
By default mounts are MS_PRIVATE (kernel default) but systemd
decided to make it MS_SHARED by default since v188
https://github.com/systemd/systemd/commit/
b3ac5f8cb98757416d8660023d6564a7c411f0a0
This patch fixes ujail on systemd distro (useful for development at least).
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Sun, 29 May 2016 23:39:16 +0000 (23:39 +0000)]
jail: improve some logs
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Sun, 29 May 2016 23:39:15 +0000 (23:39 +0000)]
jail: don't include capabilities config (-C) inside the jail
Removing capabilities from the capability bounding set doesn't change
the capability effective set, so we can "drop capabilities" before we
build the jail fs, so we don't need to include the capabilities config
file into the jail.
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Sun, 29 May 2016 23:39:14 +0000 (23:39 +0000)]
jail: call build_envp() just before execve()
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Sun, 29 May 2016 23:39:13 +0000 (23:39 +0000)]
jail: regroup add_path_and_deps() calls
we are already calling add_path_and_deps() while parsing -r/-w options,
so move the 2 remaining calls into main()
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Sun, 29 May 2016 23:39:12 +0000 (23:39 +0000)]
jail: call chdir(/) after pivot_root()
pivot_root(2) man page recommend calling chdir(/), so do it
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Alexey Brodkin [Mon, 23 May 2016 17:57:28 +0000 (20:57 +0300)]
_GNU_SOURCE should be defined for building vs uClibc
In uClibc-ng O_PATH and O_DIRECTORY are only defined if _GNU_SOURCE is
defined.
So explicitly define _GNU_SOURCE in sources that use O_PATH and
O_DIRECTORY.
Without that extra definition that's what happens when building procd.
utils/utils.c:
------------------------->8----------------------
.../openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/utils/utils.c:
In function 'patch_fd':
.../openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/utils/utils.c:168:22:
error: 'O_PATH' undeclared (first use in this function)
dfd = open("/dev", O_PATH|O_DIRECTORY);
^
.../openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/utils/utils.c:168:22:
note: each undeclared identifier is reported only once for each function
it appears in
.../openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/utils/utils.c:168:29:
error: 'O_DIRECTORY' undeclared (first use in this function)
dfd = open("/dev", O_PATH|O_DIRECTORY);
^
CMakeFiles/init.dir/build.make:182: recipe for target
'CMakeFiles/init.dir/utils/utils.c.o' failed
------------------------->8----------------------
inittab.c:
------------------------->8----------------------
.../openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/inittab.c:
In function 'dev_exist':
.../openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/inittab.c:72:21:
error: 'O_PATH' undeclared (first use in this function)
dfd = open("/dev", O_PATH|O_DIRECTORY);
^
.../git/openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/inittab.c:72:21:
note: each undeclared identifier is reported only once for each function
it appears in
.../git/openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/inittab.c:72:28:
error: 'O_DIRECTORY' undeclared (first use in this function)
dfd = open("/dev", O_PATH|O_DIRECTORY);
^
CMakeFiles/procd.dir/build.make:134: recipe for target
'CMakeFiles/procd.dir/inittab.c.o' failed
make[6]: *** [CMakeFiles/procd.dir/inittab.c.o] Error 1
------------------------->8----------------------
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Waldemar Brodkorb <wbx@openadk.org>
Cc: John Crispin <john@phrozen.org>
Cc: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 17 May 2016 15:42:11 +0000 (17:42 +0200)]
utils: use O_PATH when opening /dev
Use the O_PATH and O_DIRECTORY flags when opening the "/dev" path for the
subsequent openat() call to ensure that it is indeed a directory.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 17 May 2016 15:42:10 +0000 (17:42 +0200)]
inittab: use more robust dev_exist() implementation
Rework the dev_exist() function to use openat() in order to resolve the device
file relative to the "/dev" directory. Drop the now unused dev_open() function.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 17 May 2016 15:00:47 +0000 (17:00 +0200)]
initd: fix descriptor leak
Close the descriptor to /tmp/.preinit returned by creat() in order to avoid
an fd leak in the init process.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 17 May 2016 15:00:46 +0000 (17:00 +0200)]
inittab: use patch_stdio() for stdio redirection
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 17 May 2016 15:00:45 +0000 (17:00 +0200)]
initd: use patch_stdio() for kmodloader stdio redirection
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 17 May 2016 15:00:44 +0000 (17:00 +0200)]
initd: use patch_stdio() for early console setup
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 17 May 2016 15:00:43 +0000 (17:00 +0200)]
utils: add patch_fd() and patch_stdio() helpers
Introduce two new helper functions to deal with stdio redirecation in a
uniform, reliable manner:
The patch_fd() function will attempt to redirect the given fd number to the
specified file, using the supplied flags for the open() syscall. When the
device is NULL, "/dev/null" is asumed, when the device is a relative path,
openat() is used to open it relative to the "/dev" directory. When the device
cannot be openend, a fallback to "/dev/null" is attempted.
The patch_stdio() function is essentially a wrapper around patch_fd(),
providing an easy interface to redirect stdin, stdout and stderr to the same
given device.
Both function return 0 on success and -1 on error. The errno variable will
be set accordingly.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
John Crispin [Sun, 15 May 2016 14:18:41 +0000 (16:18 +0200)]
preinit: create a sentinel file during preinit
Signed-off-by: John Crispin <john@phrozen.org>
Karl Palsson [Wed, 2 Mar 2016 14:47:06 +0000 (14:47 +0000)]
procd: service: Support writing pidfiles
Use the "pidfile" attribute of a service to decide whether to write a
pidfile or not.
Files are removed on stop/restart, and correctly created if the config
has changed.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Felix Fietkau [Sat, 5 Mar 2016 19:08:56 +0000 (20:08 +0100)]
init: reduce delay after starting kmodloader
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Sat, 5 Mar 2016 14:40:36 +0000 (15:40 +0100)]
make initial ubus connect delay small, use exponential backoff
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Sat, 5 Mar 2016 13:08:59 +0000 (14:08 +0100)]
service: get rid of service_init and service_validate_init, use static avl tree initialization
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Sat, 5 Mar 2016 12:14:19 +0000 (13:14 +0100)]
procd: add an option to log to stdout
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Sat, 5 Mar 2016 11:16:13 +0000 (12:16 +0100)]
add a build-time option to disable init related code
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Sat, 5 Mar 2016 11:15:38 +0000 (12:15 +0100)]
add ifdefs to make service/instance.c compile on non-linux systems
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Sat, 5 Mar 2016 11:15:11 +0000 (12:15 +0100)]
utils.c: remove an unnecessary include
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Sat, 5 Mar 2016 11:07:04 +0000 (12:07 +0100)]
add ifdefs to make system.c compile on non-linux systems
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Sat, 5 Mar 2016 10:54:55 +0000 (11:54 +0100)]
add option to disable build of the init binary
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Jo-Philipp Wich [Mon, 8 Feb 2016 12:21:37 +0000 (13:21 +0100)]
Expose EARLY_PATH as cmake flag
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Jo-Philipp Wich [Mon, 8 Feb 2016 11:13:49 +0000 (12:13 +0100)]
initd: allow overriding early PATH through build time define
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Felix Fietkau [Thu, 4 Feb 2016 19:37:07 +0000 (20:37 +0100)]
trigger: fix memory leak in script calls
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Jo-Philipp Wich [Thu, 14 Jan 2016 12:51:36 +0000 (13:51 +0100)]
Align early init PATH with system wide OpenWrt path value
Changeset r47080 globally unified the executable search path in OpenWrt,
now update procd to use the same path value.
This fixes diverging path values observed in programs launched by netifd
which inherits the early path value from procd.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:27 +0000 (23:09 +0000)]
instance, ujail: wire hostname (-h) option
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:26 +0000 (23:09 +0000)]
ujail: split name (-n) and hostname (-h) options
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
John Crispin [Fri, 11 Dec 2015 11:04:52 +0000 (12:04 +0100)]
instance, ujail: wire no_new_privs (-c) option
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:24 +0000 (23:09 +0000)]
ujail: add no_new_privs (-c) option
set PR_SET_NO_NEW_PRIVS to 1
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:23 +0000 (23:09 +0000)]
instance, ujail: wire remount / read only option (-o)
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:21 +0000 (23:09 +0000)]
instance, ujail: remove "-P <path>" option
we can now launch multiple time the same
ujail command without conflict
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:20 +0000 (23:09 +0000)]
ujail: add O_CLOEXEC flag to open() call
if we forget to close() in the future,
this prevent fd leak
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:19 +0000 (23:09 +0000)]
ujail: fixup code style // -> /* */
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:16 +0000 (16:27 +0000)]
ujail: add ELF interpreter (DT_INTERP) to the jail
this is needed by musl (openwrt DD)
uClibc/glibc is working without this
this partly fixes
https://dev.openwrt.org/ticket/20785
we still don't handle DT_RPATH, DT_RUNPATH, nodeflib, ...
see http://man7.org/linux/man-pages/man8/ld.so.8.html
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:15 +0000 (16:27 +0000)]
ujail: automatically add script (#!) interpreter
this make simple script work easily with ujail
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:14 +0000 (16:27 +0000)]
ujail: rework fs jail part
Change functions to work with full paths (do less split and concat of path)
Store "soname" as key and the fullpath as path in "libraries"
Remove "extras" list and replace it with "mounts" avl_tree
("mounts" also store fullpath)
Add add_path_and_deps() function to handle file/lib openning and mmaping
Check if file is an elf (magic number) before passing it to elf_load_deps()
elf_load_deps() now only handle elf parsing part
next commit adds script (#!) handling
Use add_path_and_deps() with -r and -w args to automatically add dependencies
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:13 +0000 (16:27 +0000)]
ujail: DT_STRTAB uses d_ptr in d_un union (not d_val)
see
https://docs.oracle.com/cd/E19683-01/817-3677/chapter6-42444/index.html
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:12 +0000 (16:27 +0000)]
ujail: remove some debug/dev hack
this code is present since first ujail commit (
dfcfcca7)
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:11 +0000 (16:27 +0000)]
ujail: fixup code style: "func()" -> "func(void)"
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:10 +0000 (16:27 +0000)]
ujail: add init_library_search()
move all libraries search initialisation stuff
into elf.c / init_library_search()
for now we don't handle musl specific files
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:09 +0000 (16:27 +0000)]
ujail: use PATH_MAX for path related buffers
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:08 +0000 (16:27 +0000)]
ujail: search libs in /lib before /lib64
musl (openwrt DD r47603 x86-64) looks for lib only in /lib,
not in /lib64, and /lib64 is a symlink to /lib, so ujail find
all the libs in /lib64, add them in the jail (only under /lib64)
and then musl fails to find the libs.
uClibc (openwrt CC r47608 x86-64) looks for lib in /lib and
/usr/lib, not in /lib64 (/lib64 is also a symlink to /lib)
/lib64 is before /lib since the first commit, i don't know
if it was on purpose
this partly fixes
https://dev.openwrt.org/ticket/20785
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:07 +0000 (16:27 +0000)]
ujail: remove "#include log.h" from elf.h
headers must include all there dependencies, no more, no less
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:06 +0000 (16:27 +0000)]
ujail: add <stdio.h> and <syslog.h> to seccomp.h
headers must include all there dependencies, no more, no less
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:05 +0000 (16:27 +0000)]
ujail: add <stdio.h> to log.h
headers must include all there dependencies, no more, no less
(it uses fprintf)
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:04 +0000 (16:27 +0000)]
ujail: put #include guard macro in all *.h
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:03 +0000 (16:27 +0000)]
ujail: use more const in elf.*
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:02 +0000 (16:27 +0000)]
ujail: stop using extern in elf.h
extern qualifiers for function definitions doesn't really make sense
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:01 +0000 (16:27 +0000)]
ujail: don't pass unused arg in clone call
clone() call need a function with "void *" arg
(else we have a compilation error)
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:00 +0000 (16:27 +0000)]
ujail: don't add non existant library_path
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
John Crispin [Mon, 23 Nov 2015 09:31:23 +0000 (10:31 +0100)]
fix a potential off-by-on eerror inside udevtrigegr
coverity found this:
1330086
Signed-off-by: John Crispin <blogic@openwrt.org>
Ulrich Weber [Wed, 4 Nov 2015 15:33:11 +0000 (16:33 +0100)]
syslog: set sane priority values
otherwise LOG_USER/LOG_EMERG is used
Signed-off-by: Ulrich Weber <uw@ocedo.com>
Sergiy Kibrik [Tue, 13 Oct 2015 20:30:42 +0000 (23:30 +0300)]
cmake: use CMAKE_INSTALL_* variables
Replace hard-coded installation directories with cmake-provided
variables, which gives more flexibility on where to install
final binaries. Great simplification for usage with e.g. BitBake recipes.
Signed-off-by: Sergiy Kibrik <sakib@meta.ua>
Daniel Golle [Thu, 22 Oct 2015 21:15:58 +0000 (23:15 +0200)]
explicitely ignore return value of symlink(3) call
glibc sets __attribute_warn_unused_result__ on symlink(3) if
FORTIFY_SOURCE is set. This breaks procd which deliberately ignores
the result of the symlink(3) call early during init as there wouldn't
be anything better to do in that case other than ignoring the error and
trying to survive.
Introduce libc-compat.h to work-around libc anomalities.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Etienne CHAMPETIER [Thu, 8 Oct 2015 20:01:44 +0000 (20:01 +0000)]
jail: Add MS_NODEV MS_NOEXEC MS_NOSUID mount options where needed
this completes
fafbf7338ec8304f2a0ec0ba76048fba2c01c07e
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Wed, 26 Aug 2015 23:26:47 +0000 (23:26 +0000)]
jail: allow to not use namespaces
building a generic jail can be hard,
choosing to drop some capabilities can be easier.
This commit permit to use namespaces, capabilities
and seccomp combined as you like.
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Wed, 26 Aug 2015 23:26:46 +0000 (23:26 +0000)]
jail: cleanup include
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Wed, 26 Aug 2015 23:26:45 +0000 (23:26 +0000)]
jail: add capabilities support
If there is one or more capabilities in cap.keep,
drop all capabilities not in cap.keep.
Always drop all capabalities in cap.drop
exemple json syntax:
{
"cap.keep": [
"cap_net_raw"
],
"cap.drop": []
}
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Sat, 19 Sep 2015 19:20:45 +0000 (19:20 +0000)]
Add MS_NODEV MS_NOEXEC MS_NOSUID mount options where needed
These options aren't mandatory, but can prevent some future
bugs from being exploited. Good reading:
http://lwn.net/Articles/647757/
Value chosen by looking at fedora 22 / ubuntu 14.04
Not tested yet (away from my tests routers)
Not touching jail/jail.c as this conflict with
my pending patch serie
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Alexander Couzens [Wed, 23 Sep 2015 13:04:18 +0000 (15:04 +0200)]
system: fix undefined behavior in wdt offline check
watchdog_fd() is returning a char* and not a int. checking against < 0 could
lead in undefined behaviour.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Etienne CHAMPETIER [Wed, 26 Aug 2015 23:26:44 +0000 (23:26 +0000)]
jail: reworks & cleanups
-use EXIT_SUCCESS/EXIT_FAILURE (not -1)
-parse every option in main, put them in opts struct
-add CLONE_NEWIPC to the clone() call (it's already compiled in openwrt kernel)
-return the exit status of the jailed process, or the num of the signal that killed it
-add missing options to usage()
-add a warning in usage() about ujail security
-debug option can now take an int as parameter (~debug level),
with -d2 you now activate "LD_DEBUG=all" for exemple
-do not depend on libpreload-seccomp.so if -S is not present
-there is now only one ujail process instead of two
jail creation is now as follow:
1) create jail root dir (mkdir)
2) create new namespace (clone)
(in the parent wait for the child with uloop)
3) build the jail root fs (mount bind all the libs/bins ...),
pivot_root and mount special fs (procfs, sysfs) (build_jail_fs())
4) build envp (LD_PRELOAD the seccomp helper or ...)
5) drop capabilities (next patch)
6) execve the jailed bin
7) remove jail root dir (once child is dead)
there is no need to umount anything because we are already in a namespace
Todo:
-allow signals from the parent to the child
Feature request:
-when we add a file or dir, detect if it's an exec and add it's dependencies
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Wed, 26 Aug 2015 23:26:43 +0000 (23:26 +0000)]
jail, seccomp: remove useless root check
prctl(PR_SET_NO_NEW_PRIVS, 1) is enough, we don't require CAP_SYS_ADMIN
see
https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt
https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Wed, 26 Aug 2015 23:26:42 +0000 (23:26 +0000)]
jail, seccomp: fix typo/improve log prefix
(perload-jail -> preload-seccomp)
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Etienne CHAMPETIER [Wed, 26 Aug 2015 23:26:41 +0000 (23:26 +0000)]
add UTRACE_SUPPORT build option
we can now build preload-seccomp, ujail, utrace separately
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Daniel Gimpelevich [Sat, 11 Jul 2015 01:58:38 +0000 (18:58 -0700)]
move /dev/shm to /tmp/shm
Since the /dev filesystem is tiny, /dev/shm needs to live somewhere
else.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>