2015-12-11 12:03 GMT+01:00 John Crispin <blo...@openwrt.org>:
> Hi,
> with you adding lots of new features i am starting to not know what
> ujail can now do ;)
> how about if we start creating man page style docs and put them into the
> source tree and maintain them int he git. so whenever we add a new
> option we add some docs to explain how it works.
> we could use standard asciidoc syntax

I totally agree, my TODO (wish) list for ujail:

- small patch to not use CLONE_NEWUTS when -h isn't present, so when we
change "host" hostname, jail hostname also changes

- doc doc doc / jail some openwrt daemon (ntpd, ...)

- merge ujail into procd:
some feature like changing user are already in procd, but not in ujail, and
we need to apply/drop everything in the right order.
jail should be the default, so i prefer to merge ujail functionality into
procd than to duplicate procd into ujail
(i will discuss it more before starting)

- options for read only /sys or /proc

- use uci instead of json?

- add PR_SET_KEEPCAPS support,
so we can launch a http server as user nobody but with CAP_NET_BIND_SERVICE
(to bind on port 80)
(and without file capabilities)

- take a look at ambient capabilities (kernel 4.3+)

- ...

Can you put on your todo list:
- write code-style guidelines (no c++ style comments, no function() but
function(void), ...)

>         John
openwrt-devel mailing list

Reply via email to