2e73848 jail: SIGSEGV must not be forwarded to the child process
7e150f6 jail: unnamed jails can not have netns (fix segfault)
1ab539b jail: add option to provide /dev/console to containers
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Program received signal SIGSEGV, Segmentation fault.
main_autofs (argv=<optimized out>, argc=<optimized out>)
at fstools-2020-05-06-eec16e2f/block.c:1193
1193: if (!m->autofs && (mp = find_mount_point(pr->dev))) {
Fixes: c3a43753b9 ("fstools: update to the latest version")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
e2ed964 jail: don't fail unless requirejail is set
17e7ae7 jail: don't load libpreload-seccomp.so if it doesn't exist
Fixesopenwrt/packages#11913
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
84965b92f635 blockd: print symlink error code and string message
62c578c22f9d blockd: report "target" path as "mount" for autofs available mounts
d1f1f2b38fa1 block: remove mount target file if it's a link
830441d790d6 blockd: remove symlink linkpath file if it's a dir or link
c80f7002114f libfstools/mtd: attempt to read from OOB data if empty space is found
Signed-off-by: Felix Fietkau <nbd@nbd.name>
32c717e jail: only mess with rootfs if CLONE_NEWNS was set
b275a62 instance: harmonize instance API
511fd97 jail: make /proc more secure
4953b7c jail: mount /sys read-only
a4d6442 jail: replace /etc/resolv.conf with symlink in extroot+overlay
a4cc165 jail: always mount /dev as additional tmpfs
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2188d81 jail: add support for launching extroot containers
6f3dbd2 jail: add support for userns and cgroupsns
28a06e5 jail: add support for (ram-)overlayfs
Add handling for extroot, overlaydir and tmpoverlaysize as well as
jail flags for userns and cgroupsns to OpenWrt's shell script to
allow their use in init scripts.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Commit 432ec292cc ("rpcd: add respawn param") has introduced infinite
restarting of the service which could be reached over network. This is
not recommended security practice as it might give potential adversary
infinite number of tries in case there might be some issue in the rpcd
or its surrounding stack.
So lets remove the currently bogus `respawn_retry` variable (it wasn't
possible to override it anyway), reverting to the previous default max.
of 5 service restarts which could be now overriden via system's UCI
settings if desired.
Cc: Jo-Philip Wich <jow@mein.io>
Cc: Florian Eckert <fe@dev.tdt.de>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Fixes: 432ec292cc ("rpcd: add respawn param")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
When support for network namespaces was added to procd, adding the
corresponding jail flag in procd.sh was ommitted. Add it now.
Fixes: 97a03a4760 ("procd: update to latest git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
> Avoid reuse of PKG_NAME in call, define and eval lines for consistency and
> readability. Write the full name instead.
Ref: https://openwrt.org/docs/guide-developer/packages
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
> Avoid reuse of PKG_NAME in call, define and eval lines for consistency and
> readability. Write the full name instead.
Ref: https://openwrt.org/docs/guide-developer/packages
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
This change makes the names of Broadcom targets consistent by using
the common notation based on SoC/CPU ID (which is used internally
anyway), bcmXXXX instead of brcmXXXX.
This is even used for target TITLE in make menuconfig already,
only the short target name used brcm so far.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This change makes the names of Broadcom targets consistent by using
the common notation based on SoC/CPU ID (which is used internally
anyway), bcmXXXX instead of brcmXXXX.
This is even used for target TITLE in make menuconfig already,
only the short target name used brcm so far.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Bump procd package to reduce log spam related to missing jail binaries
in a non-jail capable system.
bcb8655 instance: add 'requirejail' attribute
An additional jail attribute 'requirejail' can now be used to indicate
mandatory use of a jailed environment and hence prevent process startup
in the event that the jail subsystem is unavailable.
Procd will now only log errors if jail is unavailable and 1) is a mandatory
requirement or 2) a procd debug level of at least 2 is in use.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
58c12f7 jail: add basic support for network namespaces
ba69639 jail: create resolv.conf symlink for netns jails
81b88b1 jail: more strict mount options for /tmp/resolv.conf.d/
Add new 'netns' flag for procd_add_jail to make ujail setup a new
network namespace for the jailed service.
See previous netifd commit for example configuration for netns jailed
service.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
If zram-backed swap is added after an existing swap, it gets a lower
priority. Assiming that usually all other swaps are slower, there should
be a way to assign a higher priority to zram swap.
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
This activates PIE ASLR support by default when the regular option is
selected.
Size increase on x86/64:
procd Installed-Size: 44931 -> 47362
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This activates PIE ASLR support by default when the regular option is
selected.
Size increase on x86/64:
ubus Installed-Size: 5602 -> 5950
ubusd Installed-Size: 11643 -> 12119
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Setting user and group for a jailed process caused the jail not to
come up. Fix this by passing user and group to ujail and change
user only once the jail has been setup.
This allows jailing services which refuse to run as root user.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
b30e0df kmodloader: print an error when no kernel module dir can be found
17689b6 logread: add option to filter for facilities
c9ffeac kmodloader: added -v arg to modeprobe
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Contains following changes:
a1523d76b016 fix blob parsing vulnerability by using blob_parse_untrusted
c60583743ccf ubus_monitor: workaround possibly false positive uses of memory after it is freed
dac6c7c575ac ubusd_monitor: fix possible null pointer dereference
060dfbb26da3 ubus_common: remove duplicate ARRAY_SIZE and add missing include
c5f2053dfcfd workaround possibly false positive uses of memory after it is freed
72be8e93f07d lua: ubus_lua_do_subscribe: fix copy&paste error
a995b1e68129 lua: workaround false positive dereference of null pointer
08f17c87a000 add fuzzer and cram based unit tests
c413be9b376c refactor ubusd.c into reusable ubusd_library
afd47189e864 examples: remove dead increments
b2e544238672 add initial GitLab CI support
058f4e9526ed libubus: fix incompatible pointer types assigment
d2e026a33df8 iron out all extra compiler warnings
5d7ca8309d0a ubusd/libubus-io: fix variable sized struct position warning
d61282db5640 ubusd: fix comparison of integers of different signs
90fb16234c22 cmake: enable extra compiler checks
and bumps ABI_VERSION to 20191219.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
14a279411cff fix certificate blob parsing vulnerability by using blob_parse_untrusted
19a7225ac018 fix leaking memory in cert_dump_blob
9dba44ddd4f5 fix possibly garbage value returned in cert_process_revoker
4462ff9dedfa add cram based unit tests
5fe64b5606aa cmake: split usign bits into static library
5d7626a2b6d8 cmake: reindent the file
e284ed941972 cmake: enable hardening compiler flags and fix the reported issues
7e5390666347 add initial GitLab CI support
fa0bf4ef45b1 cmake: add proper include and library dependencies
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The rpcd service is an important service, but if the service stops
working for any reason, no one will ever respawn that service. With this
commit, the procd service will monitor if the rpcd service
is running. If the rpcd service has crashed, then
procd respawns the rpcd service.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
- both packages provide ca-certs
- make ca-bundle the default provider
This should allow easy transition between these two forms of CA certificates storage
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
Davide Fioravanti
Daniel Golle
Adrian Schmutzler
Jo-Philipp Wich
Rafał Miłecki
Hans Dedecker
Felix Fietkau
Petr Štetiar
Sungbo Eo
Kevin Darbyshire-Bryant
Maxim Storchak
Hauke Mehrtens
Florian Eckert