This allows to build jails with more than a single binary. May be used to run main program with a wrapper, f.e. ionice, or to add helper binaries for the main one (like gzip for tar with no build-in compression support).
Usage: directly: ujail ... -b /usr/bin/main ... -- /bin/wrapper ... /usr/bin/main ujail ... -b /usr/bin/helper1 -b /bin/helper2 ... -- /usr/bin/main in init scripts: procd_add_jail_mount_bin /usr/bin/something /bin/helper Signed-off-by: Maxim Storchak <[email protected]> --- package/system/procd/files/procd.sh | 18 +++++++ .../procd/patches/100-ujail-helper-binary.patch | 58 ++++++++++++++++++++++ .../procd/patches/101-service-helper-binary.patch | 15 ++++++ 3 files changed, 91 insertions(+) create mode 100644 package/system/procd/patches/100-ujail-helper-binary.patch create mode 100644 package/system/procd/patches/101-service-helper-binary.patch diff --git a/package/system/procd/files/procd.sh b/package/system/procd/files/procd.sh index e83e75c..bc9f78d 100644 --- a/package/system/procd/files/procd.sh +++ b/package/system/procd/files/procd.sh @@ -177,6 +177,23 @@ _procd_add_jail_mount_rw() { json_select .. } +_procd_add_jail_mount_bin() { + local _json_no_warning=1 + + json_select "jail" + [ $? = 0 ] || return + json_select "mount" + [ $? = 0 ] || { + json_select .. + return + } + for a in $@; do + json_add_string "$a" "2" + done + json_select .. + json_select .. +} + _procd_set_param() { local type="$1"; shift @@ -423,6 +440,7 @@ _procd_wrapper \ procd_add_jail \ procd_add_jail_mount \ procd_add_jail_mount_rw \ + procd_add_jail_mount_bin \ procd_set_param \ procd_append_param \ procd_add_validation \ diff --git a/package/system/procd/patches/100-ujail-helper-binary.patch b/package/system/procd/patches/100-ujail-helper-binary.patch new file mode 100644 index 0000000..dd7ab64 --- /dev/null +++ b/package/system/procd/patches/100-ujail-helper-binary.patch @@ -0,0 +1,58 @@ +diff --git a/jail/jail.c b/jail/jail.c +index 2bba292..22fda87 100644 +--- a/jail/jail.c ++++ b/jail/jail.c +@@ -43,7 +43,7 @@ + #include <libubox/uloop.h> + + #define STACK_SIZE (1024 * 1024) +-#define OPT_ARGS "P:S:n:r:w:psuldo" ++#define OPT_ARGS "P:S:n:r:w:b:psuldo" + + struct extra { + struct list_head list; +@@ -260,6 +260,7 @@ static int usage(void) + fprintf(stderr, " -n <name>\tthe name of the jail\n"); + fprintf(stderr, " -r <file>\treadonly files that should be staged\n"); + fprintf(stderr, " -w <file>\twriteable files that should be staged\n"); ++ fprintf(stderr, " -b <file>\tadditional binaries that should be staged\n"); + fprintf(stderr, " -p\t\tjail has /proc\t\n"); + fprintf(stderr, " -s\t\tjail has /sys\t\n"); + fprintf(stderr, " -l\t\tjail has /dev/log\t\n"); +@@ -433,6 +434,12 @@ int main(int argc, char **argv) + + umask(022); + ++ avl_init(&libraries, avl_strcmp, false, NULL); ++ alloc_library_path("/lib64"); ++ alloc_library_path("/lib"); ++ alloc_library_path("/usr/lib"); ++ load_ldso_conf("/etc/ld.so.conf"); ++ + while ((ch = getopt(argc, argv, OPT_ARGS)) != -1) { + switch (ch) { + case 'd': +@@ -457,6 +464,11 @@ int main(int argc, char **argv) + case 'l': + add_extra(log, 0); + break; ++ case 'b': ++ if (elf_load_deps(optarg)) { ++ ERROR("failed to load dependencies for %s\n", optarg); ++ return -1; ++ } + } + } + +@@ -476,11 +488,6 @@ int main(int argc, char **argv) + if (name) + prctl(PR_SET_NAME, name, NULL, NULL, NULL); + +- avl_init(&libraries, avl_strcmp, false, NULL); +- alloc_library_path("/lib64"); +- alloc_library_path("/lib"); +- alloc_library_path("/usr/lib"); +- load_ldso_conf("/etc/ld.so.conf"); + + if (elf_load_deps(argv[optind])) { + ERROR("failed to load dependencies\n"); diff --git a/package/system/procd/patches/101-service-helper-binary.patch b/package/system/procd/patches/101-service-helper-binary.patch new file mode 100644 index 0000000..0b4a274 --- /dev/null +++ b/package/system/procd/patches/101-service-helper-binary.patch @@ -0,0 +1,15 @@ +diff --git a/service/instance.c b/service/instance.c +index 40ff021..9fec647 100644 +--- a/service/instance.c ++++ b/service/instance.c +@@ -208,7 +208,9 @@ jail_run(struct service_instance *in, char **argv) + blobmsg_list_for_each(&jail->mount, var) { + const char *type = blobmsg_data(var->data); + +- if (*type == '1') ++ if (*type == '2') ++ argv[argc++] = "-b"; ++ else if (*type == '1') + argv[argc++] = "-w"; + else + argv[argc++] = "-r"; -- 2.1.4 _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
