Hi,
here is an updated patch.
Regards,
Martin
2015-08-24 11:53 GMT+02:00 Jonas Gorski j...@openwrt.org:
Hi,
On Sun, Aug 23, 2015 at 5:21 PM, Martin Tesar tesar...@gmail.com wrote:
A few words about the device would be nice. Please try to avoid an
empty commit message.
Signed-off-by:
On 2015-08-23 17:19, Linus Lüssing wrote:
A call to pskb_may_pull() might reallocate skb-data. Therefore we
should only assign the src-pointer after any potential reallocations.
Signed-off-by: Linus Lüssing linus.luess...@c0d3.blue
Applied both patches with modifications:
- Ported to Linux
On 2015-08-21 16:23, Rich Felker wrote:
2. patch patch-kernel.sh
---
--- a/scripts/patch-kernel.sh
+++ b/scripts/patch-kernel.sh
@@ -37,7 +37,7 @@ for i in ${patchdir}/${patchpattern} ; do
[ -d ${i} ] echo Ignoring subdirectory ${i} continue
echo
echo Applying ${i}
On 2015-08-23 17:19, Linus Lüssing wrote:
The multicast_router option of a bridge allows to control the forwarding
behaviour of multicast packets independant of the listener state:
* 0: Only forward if specific listener is present
* 1 (default): Forward if specific listener or a multicast
Hi,
The lawyers of company I work for, Qualcomm, finally agreed to let me post
our project to github:
https://github.com/qca/boardfarm
Long story short, our team needed an automated way to flash/sysupgrade new
daily builds of openwrt-based software onto various devices, run tests, and
prctl(PR_SET_NO_NEW_PRIVS, 1) is enough, we don't require CAP_SYS_ADMIN
see
https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt
https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt
Signed-off-by: Etienne CHAMPETIER champetier.etie...@gmail.com
---
jail/preload.c | 6
(perload-jail - preload-seccomp)
Signed-off-by: Etienne CHAMPETIER champetier.etie...@gmail.com
---
jail/seccomp.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/seccomp.h b/jail/seccomp.h
index 6c585ad..c44a607 100644
--- a/jail/seccomp.h
+++ b/jail/seccomp.h
@@
If there is one or more capabilities in cap.keep,
drop all capabilities not in cap.keep.
Always drop all capabalities in cap.drop
exemple json syntax:
{
cap.keep: [
cap_net_raw
],
cap.drop: []
}
Signed-off-by: Etienne CHAMPETIER champetier.etie...@gmail.com
---
CMakeLists.txt |
this need to be applied after my work on ujail (procd git)
ujail doesn't depend on seccomp and some archs dont support seccomp
Signed-off-by: Etienne CHAMPETIER champetier.etie...@gmail.com
---
package/system/procd/Makefile | 50 +--
1 file changed, 25
we can now build preload-seccomp, ujail, utrace separately
Signed-off-by: Etienne CHAMPETIER champetier.etie...@gmail.com
---
CMakeLists.txt | 2 ++
1 file changed, 2 insertions(+)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6af17a3..805e2ed 100644
--- a/CMakeLists.txt
+++
-use EXIT_SUCCESS/EXIT_FAILURE (not -1)
-parse every option in main, put them in opts struct
-add CLONE_NEWIPC to the clone() call (it's already compiled in openwrt kernel)
-return the exit status of the jailed process, or the num of the signal that
killed it
-add missing options to usage()
-add
11 matches
Mail list logo