>
> John
>
> On 01/12/2015 00:09, Etienne CHAMPETIER wrote:
> > Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
> > ---
> > service/instance.c | 22 ++
> > service/instance.h | 1 +
> > 2 files changed, 23 in
Hi,
2015-12-11 12:03 GMT+01:00 John Crispin :
>
> Hi,
>
> with you adding lots of new features i am starting to not know what
> ujail can now do ;)
>
> how about if we start creating man page style docs and put them into the
> source tree and maintain them int he git. so
Hi
2015-12-02 12:14 GMT+01:00 Bastian Bittorf :
> * Petr Štetiar [30.11.2015 13:47]:
> > That sounds really great, can you please share more details? It's just
> your
> > guess or you've achieved such build times already?
>
> today tested PowerPC/mpc85xx
we can now launch multiple time the same
ujail command without conflict
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/jail.c| 64 +++---
service/instance.c | 13 ---
service/instance.h | 1 -
3
set PR_SET_NO_NEW_PRIVS to 1
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/jail.c | 12 +++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/jail/jail.c b/jail/jail.c
index 25ad4d7..97ddaab 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
service/instance.c | 11 +++
service/instance.h | 1 +
2 files changed, 12 insertions(+)
diff --git a/service/instance.c b/service/instance.c
index 586c0ee..ad0d284 100644
--- a/service/instance.c
+++ b/s
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/jail.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/jail/jail.c b/jail/jail.c
index 97ddaab..541363a 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -35,10 +35,11 @@
#include
#
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
package/base-files/Makefile | 2 +-
package/base-files/files/etc/init.d/boot | 1 -
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/package/base-files/Makefile b/package/base-files/Makefile
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
package/system/procd/files/procd.sh | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/system/procd/files/procd.sh
b/package/system/procd/files/procd.sh
index e83e75c..a2a63f8 100644
--- a/p
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
service/instance.c | 10 ++
service/instance.h | 1 +
2 files changed, 11 insertions(+)
diff --git a/service/instance.c b/service/instance.c
index 0f4e711..586c0ee 100644
--- a/service/instance.c
+++ b/s
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/jail.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/jail/jail.c b/jail/jail.c
index 4297f71..5c995e5 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -237,7 +237,7 @@ static int exec_jai
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
service/instance.c | 13 +
service/instance.h | 1 +
2 files changed, 14 insertions(+)
diff --git a/service/instance.c b/service/instance.c
index ad0d284..bca36e1 100644
--- a/service/instance.c
+++ b/s
headers must include all there dependencies, no more, no less
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/elf.c | 1 +
jail/elf.h | 2 --
jail/jail.c | 1 +
3 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index 6
headers must include all there dependencies, no more, no less
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/preload.c | 2 --
jail/seccomp.c | 2 --
jail/seccomp.h | 3 +++
3 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/jail/preload.c b/jail/pre
move all libraries search initialisation stuff
into elf.c / init_library_search()
for now we don't handle musl specific files
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/elf.c | 13 +++--
jail/elf.h | 3 +--
jail/jail.c | 6 +-
3 files chang
this code is present since first ujail commit (dfcfcca7)
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/elf.c | 7 +--
jail/jail.c | 8 ++--
2 files changed, 3 insertions(+), 12 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index c3a392c..7c52880
this is needed by musl (openwrt DD)
uClibc/glibc is working without this
this partly fixes
https://dev.openwrt.org/ticket/20785
we still don't handle DT_RPATH, DT_RUNPATH, nodeflib, ...
see http://man7.org/linux/man-pages/man8/ld.so.8.html
Signed-off-by: Etienne CHAMPETIER <champetier.e
see
https://docs.oracle.com/cd/E19683-01/817-3677/chapter6-42444/index.html
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/elf.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index 7c52880..46c19df 100644
---
same as v2 serie, just using include guard instead of pragma once
Etienne CHAMPETIER (17):
ujail: don't add non existant library_path
ujail: don't pass unused arg in clone call
ujail: stop using extern in elf.h
ujail: use more const in elf.*
ujail: put #include guard macro in all *.h
extern qualifiers for function definitions doesn't really make sense
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/elf.h | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/jail/elf.h b/jail/elf.h
index 3ae311e..19ceb3e 100644
--- a/jail
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/elf.c | 28 +++-
jail/elf.h | 4 ++--
jail/jail.c | 2 +-
3 files changed, 18 insertions(+), 16 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index 34a5aca..fb046b4 100644
--- a/jail
headers must include all there dependencies, no more, no less
(it uses fprintf)
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/elf.c | 1 -
jail/jail.c | 1 -
jail/log.h | 1 +
3 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/jail/elf.c b/jail
clone() call need a function with "void *" arg
(else we have a compilation error)
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/jail.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/jail.c b/jail/jail.c
index 56dc9ca
th_and_deps() function to handle file/lib openning and mmaping
Check if file is an elf (magic number) before passing it to elf_load_deps()
elf_load_deps() now only handle elf parsing part
next commit adds script (#!) handling
Use add_path_and_deps() with -r and -w args to automatically a
this make simple script work easily with ujail
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/fs.c | 28
1 file changed, 28 insertions(+)
diff --git a/jail/fs.c b/jail/fs.c
index aeab730..c848700 100644
--- a/jail/fs.c
+++ b/jai
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/elf.c | 9 +
jail/jail.c | 9 +
2 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index 5e22606..2acac71 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -22,6
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/jail.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/jail.c b/jail/jail.c
index 5b24f63..b7e6946 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -139,7 +139,7 @@ static int mount_bind(cons
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/elf.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index cbb3051..34a5aca 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -33,6 +33,10 @@ static LIST_HEAD(library
, not in /lib64 (/lib64 is also a symlink to /lib)
/lib64 is before /lib since the first commit, i don't know
if it was on purpose
this partly fixes
https://dev.openwrt.org/ticket/20785
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/jail.c | 2 +-
1 file chan
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/capabilities.h | 4
jail/elf.h | 3 ++-
jail/log.h | 3 +++
jail/seccomp.h | 4
4 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/jail/capabilities.h b/jail/capabilities.h
clone() call need a function with "void *" arg
(else we have a compilation error)
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/jail.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/jail.c b/jail/jail.c
index 56dc9ca
extern qualifiers for function definitions doesn't really make sense
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/elf.h | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/jail/elf.h b/jail/elf.h
index 3ae311e..19ceb3e 100644
--- a/jail
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/elf.c | 9 +
jail/jail.c | 9 +
2 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index 5e22606..2acac71 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -22,6
Hi,
2015-11-25 20:05 GMT+01:00 John Crispin <blo...@openwrt.org>:
> Hi,
>
> On 25/11/2015 18:54, Etienne CHAMPETIER wrote:
> > As requested, i've split up in smaller patches my work
> > I also follow the unwritten code style requirement :)
> >
> > "re
headers must include all there dependencies, no more, no less
(it uses fprintf)
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/elf.c | 1 -
jail/jail.c | 1 -
jail/log.h | 1 +
3 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/jail/elf.c b/jail
, not in /lib64 (/lib64 is also a symlink to /lib)
/lib64 is before /lib since the first commit, i don't know
if it was on purpose
this partly fixes
https://dev.openwrt.org/ticket/20785
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/jail.c | 2 +-
1 file chan
this is needed by musl (openwrt DD)
uClibc/glibc is working without this
this partly fixes
https://dev.openwrt.org/ticket/20785
we still don't handle DT_RPATH, DT_RUNPATH, nodeflib, ...
see http://man7.org/linux/man-pages/man8/ld.so.8.html
Signed-off-by: Etienne CHAMPETIER <champetier.e
As requested, i've split up in smaller patches my work
I also follow the unwritten code style requirement :)
"rework fs jail part" commit is still a bit big
but if i split it further i will edit the same line
in each commit (tell me if it too big)
Etienne CHAMPETIER (17):
ujail: don
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/elf.c | 28 +++-
jail/elf.h | 4 ++--
jail/jail.c | 2 +-
3 files changed, 18 insertions(+), 16 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index 34a5aca..fb046b4 100644
--- a/jail
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/capabilities.h | 1 +
jail/elf.h | 4 +---
jail/log.h | 1 +
jail/seccomp.h | 1 +
4 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/jail/capabilities.h b/jail/capabilities.h
headers must include all there dependencies, no more, no less
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/preload.c | 2 --
jail/seccomp.c | 2 --
jail/seccomp.h | 3 +++
3 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/jail/preload.c b/jail/pre
move all libraries search initialisation stuff
into elf.c / init_library_search()
for now we don't handle musl specific files
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/elf.c | 13 +++--
jail/elf.h | 3 +--
jail/jail.c | 6 +-
3 files chang
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/jail.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/jail.c b/jail/jail.c
index 5b24f63..b7e6946 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -139,7 +139,7 @@ static int mount_bind(cons
th_and_deps() function to handle file/lib openning and mmaping
Check if file is an elf (magic number) before passing it to elf_load_deps()
elf_load_deps() now only handle elf parsing part
next commit adds script (#!) handling
Use add_path_and_deps() with -r and -w args to automatically a
this code is present since first ujail commit (dfcfcca7)
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/elf.c | 7 +--
jail/jail.c | 8 ++--
2 files changed, 3 insertions(+), 12 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index c3a392c..7c52880
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/elf.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index cbb3051..34a5aca 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -33,6 +33,10 @@ static LIST_HEAD(library
headers must include all there dependencies, no more, no less
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/elf.c | 1 +
jail/elf.h | 2 --
jail/jail.c | 1 +
3 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index 6
see
https://docs.oracle.com/cd/E19683-01/817-3677/chapter6-42444/index.html
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/elf.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index 7c52880..46c19df 100644
---
e it in v2
> John
>
> On 23/11/2015 01:39, Etienne CHAMPETIER wrote:
> > extern for function declaration in '.h' doesn't make sense
> >
> > Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
> > ---
> > jail/elf.c | 28 +++
Hi,
Le 23 nov. 2015 08:18, "John Crispin" <blo...@openwrt.org> a écrit :
>
>
>
> On 23/11/2015 01:39, Etienne CHAMPETIER wrote:
> > spawn_jail(void) produce a compilation error,
> > so we use spawn_jail()
> >
> > Signed-off-by: Etienne CHAMPET
Hey,
2015-11-23 12:52 GMT+01:00 Paul Fertser <fercer...@gmail.com>:
> Hey Etienne,
>
> Etienne Champetier <champetier.etie...@gmail.com> writes:
> > i know that spawn_jail(void) is valid code, but then the clone call
> > refuses to compile
>
> That's typ
2015-11-23 9:11 GMT+01:00 John Crispin <blo...@openwrt.org>:
>
>
> On 23/11/2015 09:09, Etienne Champetier wrote:
> > Hi,
> >
> > Le 23 nov. 2015 08:18, "John Crispin" <blo...@openwrt.org
> > <mailto:blo...@openwrt.org>> a écrit :
>
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/elf.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index cbb3051..34a5aca 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -33,6 +33,10 @@ static LIST_HEAD(library
spawn_jail(void) produce a compilation error,
so we use spawn_jail()
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/jail.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/jail.c b/jail/jail.c
index 56dc9ca..08babde 100644
--- a/jail/
/20785
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
CMakeLists.txt | 2 +-
jail/elf.c | 132 +++---
jail/elf.h | 9 ++-
jail/fs.c | 179 +
jail/fs.h
extern for function declaration in '.h' doesn't make sense
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/elf.c | 28 +++-
jail/elf.h | 10 +-
2 files changed, 20 insertions(+), 18 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
t;j...@phrozen.org>:
>
>
> On 21/11/2015 00:05, Etienne CHAMPETIER wrote:
> > Using ldd (via popen()) is a hack, but it's simpler (and working)
>
> indeed
>
> > we have 3 libc and many archs, too many ways to resolve .so
> where does it break ?
>
>
>
on 64bits images)
-do not handle RPATH
This patch:
-use ldd to detect ELF dependencies
-add support for shell script
uClibc ldd doesn't work with shared lib, thus this patch break
seccomp with uClibc
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
CMakeLists.txt
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/jail.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/jail.c b/jail/jail.c
index 56dc9ca..08babde 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -272,7 +272,7 @@ static int exe
Hi
2015-10-29 22:04 GMT+01:00 Etienne CHAMPETIER <champetier.etie...@gmail.com>
:
> ujail doesn't depend on seccomp and some archs dont support seccomp
>
> Backport of r46936
> needed since last procd update (r47268)
>
friendly ping
this is run tested o
Hi all, John,
I'm a bit out of my game on this bug, ujail is not adding the interpretor
in the jail (/lib/ld-musl-x86_64.so.1) with musl DD
it's working with uclibc CC, on my ubuntu 14.04, but not with musl DD
https://dev.openwrt.org/ticket/20785
___
ujail doesn't depend on seccomp and some archs dont support seccomp
Backport of r46936
needed since last procd update (r47268)
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
package/system/procd/Makefile | 52 +--
1 file chang
Hi John,
since 47268, we need -DUTRACE_SUPPORT=1 to compile utrace
https://dev.openwrt.org/changeset/47268/
http://nbd.name/gitweb.cgi?p=luci2/procd.git;a=summary
can you (or anyone else) backport r46936 or should i resend?
https://dev.openwrt.org/changeset/46936/trunk/package/system/procd
Hi,
Le 18 oct. 2015 21:31, "Dirk Brenken" a écrit :
>
> Hi,
>
> I can't see the diff/patch below on patchwork, anything wrong with the
> submitted patch?
How did you generate it?
You should use git send-email, and resend.
Also add the size before/after in the commit message.
>
Hi Dirk,
2015-10-16 12:10 GMT+02:00 Dirk Brenken :
> busybox binary in openwrt neither supports stat nor find mtime. This patch
> adds find mtime support by default.
>
what's the size before/after (ipk size)
> Signed-off-by: Dirk Brenken
> ---
> ---
Hi again,
2015-10-12 23:49 GMT+02:00 Etienne Champetier <champetier.etie...@gmail.com>
:
> Hi All,
>
> Here are some commands to make a "full" git repo, from the "trunk" repo
> (the only complaint that everyone agrees on)
> We keep git commit sha's fo
Hi,
Le 5 oct. 2015 13:49, "Etienne Champetier" <champetier.etie...@gmail.com> a
écrit :
>
> Hi John,
>
> 2015-10-05 11:14 GMT+02:00 John Crispin <blo...@openwrt.org>:
>>
>>
>>
>> On 27/08/2015 01:26, Etienne CHAMPETIER wrote:
>> >
this completes fafbf7338ec8304f2a0ec0ba76048fba2c01c07e
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
jail/jail.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/jail.c b/jail/jail.c
index f459a5e..56dc9ca 100644
--- a/jail/jail.c
+++
Hi John,
2015-10-05 11:14 GMT+02:00 John Crispin <blo...@openwrt.org>:
>
>
> On 27/08/2015 01:26, Etienne CHAMPETIER wrote:
> > v3 of my (u)jail work, you can now use separately
> > namespaces jail, capabilities and seccomp
> >
> > Openwrt procd Makefile pa
Hi,
2015-10-04 22:47 GMT+02:00 Javier Domingo Cansino :
> Hello,
>
> I asked Friday on IRC how to write blobs, I was suggested using
> blob_raw_put from libubox/blob.h, but as I have to implement a binary
> protocol that uses different endianess, non aligned data etc., I
Hi,
2015-10-01 12:19 GMT+02:00 Kevin Darbyshire-Bryant <
ke...@darbyshire-bryant.me.uk>:
> This patch stops SIGHUP from enabling dnssec timechecks if disabled by
> use of --dnssec-no-timecheck option. --dnssec-timestamp continues to
> work correctly.
>
I haven't really followed the previous
2015-10-01 13:21 GMT+02:00 Kevin Darbyshire-Bryant <
ke...@darbyshire-bryant.me.uk>:
>
>
> On 01/10/15 11:37, Etienne Champetier wrote:
> > Hi,
> >
> > 2015-10-01 12:19 GMT+02:00 Kevin Darbyshire-Bryant
> > <ke...@darbyshire-bryant.m
Hi,
2015-09-21 17:26 GMT+02:00 Helmut Schaa :
> Extend /etc/config/system with a parameter to enable
> infinite respawn mode:
>
> config system
> option service_endless_respawn 1
>
why not "service_respawn_retry", which set "respawn_retry"
serie
Signed-off-by: Etienne CHAMPETIER <champetier.etie...@gmail.com>
---
initd/early.c | 12 ++--
plug/coldplug.c | 4 ++--
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/initd/early.c b/initd/early.c
index 89c8104..f410256 100644
--- a/initd/early.c
+++ b/initd/e
Hi,
2015-09-18 11:03 GMT+02:00 Helmut Schaa :
> Hi John,
>
> On Fri, Sep 18, 2015 at 10:18 AM, John Crispin wrote:
> > Hi
> >
> > On 18/09/2015 09:59, Helmut Schaa wrote:
> >> Allow to pass RESPAWN_THESHOLD_DEFAULT, DRESPAWN_TIMEOUT_DEFAULT
> >>
Hi,
Le 15 sept. 2015 01:40, "Felix Fietkau" <n...@openwrt.org> a écrit :
>
> On 2015-09-15 00:22, Etienne Champetier wrote:
> > Hi Felix,
> >
> > Maybe we should keep sha512 and switch to it? md5 is not best security
> > practice these days.
&g
Hi Felix,
Maybe we should keep sha512 and switch to it? md5 is not best security
practice these days.
I've checked, ubuntu 14.04 and fedora 22 both use sha512 in /etc/shadow
I wonder if AF_ALG can be of any interest here (integrate needed algo by
default into the kernel, then patch core software
hi,
2015-08-27 13:38 GMT+02:00 John Crispin <blo...@openwrt.org>:
>
>
> On 27/08/2015 13:25, Etienne Champetier wrote:
> >
> >
> > 2015-08-27 12:18 GMT+02:00 John Crispin <blo...@openwrt.org
> > <mailto:blo...@openwrt.org>>:
> >
>
Hi,
Le 14 sept. 2015 06:36, "Daniel Dickinson" <open...@daniel.thecshore.com> a
écrit :
>
> On 2015-09-14 12:30 AM, Daniel Dickinson wrote:
>>
>> On 2015-09-13 11:39 PM, Florian Fainelli wrote:
>>>
>>> On Sep 13, 2015 2:00 PM, &q
Hi,
Le 13 sept. 2015 16:34, "Daniel Dickinson" a
écrit :
>
> Actually two far more useful solutions:
>
> 1) By default only answer requests from 'lan' network in
/etc/config/uhttp instead of 0.0.0.0/32
> 2) Some useful alert if what appears to be a firewally
Hi again,
Le 13 sept. 2015 22:50, "Daniel Dickinson" a
écrit :
>
> On 2015-09-13 4:41 PM, Luiz Angelo Daros de Luca wrote:
>>
>> While openwrt doesn't offer security release, hiding version in banner
>> is not very effective. If the attacker can detect it is OpenWRT
Hi Daniel,
Le 13 sept. 2015 22:04, "Daniel Dickinson" a
écrit :
>
> I do think allowing to choose to disable the banner is a minor benefit,
however, as I've said, there are much more effective means of preventing
accidential exposure, and quite frankly if the user
2015-09-11 8:46 GMT+02:00 John Crispin :
>
>
> On 11/09/2015 08:39, Rafał Miłecki wrote:
> > On 11 September 2015 at 07:51, John Crispin wrote:
> >> On 11/09/2015 07:18, Rafał Miłecki wrote:
> >>> On 9 September 2015 at 17:24, Tobias Welz
2015-09-11 8:59 GMT+02:00 John Crispin <blo...@openwrt.org>:
>
>
> On 11/09/2015 08:53, Etienne Champetier wrote:
> >
> >
> > 2015-09-11 8:46 GMT+02:00 John Crispin <blo...@openwrt.org
> > <mailto:blo...@openwrt.org>>:
> >
> >
> &
2015-09-09 15:20 GMT+02:00 Hannu Nyman :
> I repeat my earlier wish that trunk should be renamed as soon as possible.
>
> There has been several changes during the summer that have made trunk to
> significantly deviate from the CC branch. Some of the changes are under the
>
2015-08-27 12:18 GMT+02:00 John Crispin blo...@openwrt.org:
On 26/08/2015 18:20, Etienne Champetier wrote:
2015-08-26 15:48 GMT+02:00 John Crispin blo...@openwrt.org
mailto:blo...@openwrt.org:
On 26/08/2015 01:00, Etienne CHAMPETIER wrote:
This patch series rework a bit
2015-08-26 15:48 GMT+02:00 John Crispin blo...@openwrt.org:
On 26/08/2015 01:00, Etienne CHAMPETIER wrote:
This patch series rework a bit ujail,
and add capabilities support to it
nice
Seccomp filter are very powerful but not totally generic,
each arch can have different set
If there is one or more capabilities in cap.keep,
drop all capabilities not in cap.keep.
Always drop all capabalities in cap.drop
exemple json syntax:
{
cap.keep: [
cap_net_raw
],
cap.drop: []
}
Signed-off-by: Etienne CHAMPETIER champetier.etie...@gmail.com
---
CMakeLists.txt
Signed-off-by: Etienne CHAMPETIER champetier.etie...@gmail.com
---
jail/elf.c | 14 --
jail/jail.c | 10 --
jail/log.h | 1 +
3 files changed, 1 insertion(+), 24 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index c198599..cbb3051 100644
--- a/jail/elf.c
+++ b/jail
prctl(PR_SET_NO_NEW_PRIVS, 1) is enough, we don't require CAP_SYS_ADMIN
see
https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt
https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt
Signed-off-by: Etienne CHAMPETIER champetier.etie...@gmail.com
---
jail/preload.c | 6
we can now build preload-seccomp, ujail, utrace separately
Signed-off-by: Etienne CHAMPETIER champetier.etie...@gmail.com
---
CMakeLists.txt | 2 ++
1 file changed, 2 insertions(+)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6af17a3..805e2ed 100644
--- a/CMakeLists.txt
+++ b
v3 of my (u)jail work, you can now use separately
namespaces jail, capabilities and seccomp
Openwrt procd Makefile patch v2 is still ok
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
and add it's dependencies
Signed-off-by: Etienne CHAMPETIER champetier.etie...@gmail.com
---
jail/jail.c | 393
1 file changed, 157 insertions(+), 236 deletions(-)
diff --git a/jail/jail.c b/jail/jail.c
index 2bba292..f8139b8 100644
(perload-jail - preload-seccomp)
Signed-off-by: Etienne CHAMPETIER champetier.etie...@gmail.com
---
jail/seccomp.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/seccomp.h b/jail/seccomp.h
index 6c585ad..c44a607 100644
--- a/jail/seccomp.h
+++ b/jail/seccomp.h
building a generic jail can be hard,
choosing to drop some capabilities can be easier.
This commit permit to use namespaces, capabilities
and seccomp combined as you like.
Signed-off-by: Etienne CHAMPETIER champetier.etie...@gmail.com
---
jail/jail.c | 76
prctl(PR_SET_NO_NEW_PRIVS, 1) is enough, we don't require CAP_SYS_ADMIN
see
https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt
https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt
Signed-off-by: Etienne CHAMPETIER champetier.etie...@gmail.com
---
jail/preload.c | 6
(perload-jail - preload-seccomp)
Signed-off-by: Etienne CHAMPETIER champetier.etie...@gmail.com
---
jail/seccomp.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/seccomp.h b/jail/seccomp.h
index 6c585ad..c44a607 100644
--- a/jail/seccomp.h
+++ b/jail/seccomp.h
If there is one or more capabilities in cap.keep,
drop all capabilities not in cap.keep.
Always drop all capabalities in cap.drop
exemple json syntax:
{
cap.keep: [
cap_net_raw
],
cap.drop: []
}
Signed-off-by: Etienne CHAMPETIER champetier.etie...@gmail.com
---
CMakeLists.txt
this need to be applied after my work on ujail (procd git)
ujail doesn't depend on seccomp and some archs dont support seccomp
Signed-off-by: Etienne CHAMPETIER champetier.etie...@gmail.com
---
package/system/procd/Makefile | 50 +--
1 file changed, 25
we can now build preload-seccomp, ujail, utrace separately
Signed-off-by: Etienne CHAMPETIER champetier.etie...@gmail.com
---
CMakeLists.txt | 2 ++
1 file changed, 2 insertions(+)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6af17a3..805e2ed 100644
--- a/CMakeLists.txt
+++ b
101 - 200 of 414 matches
Mail list logo