Hi Petr, Daniel,
Le jeu. 26 nov. 2020 à 11:45, Petr Štetiar a écrit :
>
> Daniel Golle [2020-11-07 14:17:12]:
>
> Hi,
>
> > Please report back
>
> testing now the latest master on rtl8382 booted from initramfs and seeing
> following:
>
> Thu Nov 26 14:45:35 2020 user.notice dnsmasq: DNS rebind
Le mer. 16 déc. 2020 à 07:33, Yousong Zhou a écrit :
>
> On Wed, 16 Dec 2020 at 13:11, Petr Štetiar wrote:
> >
> > Paul Spooren [2020-12-15 16:26:14]:
> >
> > Hi,
> >
> > > I've seen two patches for version raises of build requirements and would
> > > like to know if we should merge them before
Hi All,
Le sam. 23 janv. 2021 à 18:09, Sam Kuper a écrit :
>
> On Sat, Jan 23, 2021 at 02:55:05PM +, Ted Hess wrote:
> > [T]here must be some sort of criteria (contributions, legitimate
> > business site or references) to get your name/outfit listed. And, as
> > Daniel said, we don't want to
Hi All,
There are currently 65 members in OpenWrt org, 58 of them with 2FA enabled.
Requiring 2FA would kick out the 7 users without 2FA, 6 of them have
no OpenWrt related activity for more than 2 or 3 years, I've emailed
the 7th one privately.
Anyone see any problem enforcing 2FA ?
Best
Etienne
it access and no 2FA, it was added
> afterwards.
I saw that,
I just convinced one more to enable 2FA and only one "almost active"
is still a member (but without access)
Once this person answers (or not) I just want to make sure we don't "regress"
Best
Etienne
> --
>
2015-06-03 18:08 GMT+02:00 Etienne Champetier
:
> Hi Toke,
>
> 2015-06-03 14:15 GMT+02:00 Toke Høiland-Jørgensen :
>
>>
>> These are two new packet schedulers introduced in Linux 3.12 and 3.14
>> respectively. sch_fq is a perfect fairness queueing scheduler that a
Hi guys,
Le 18 juin 2015 17:18, "Stefan Tomanek" <
stefan.tomanek+open...@wertarbyte.de> a écrit :
>
> Dies schrieb Bastian Bittorf (bitt...@bluebottle.com):
>
> > > Can anyone supply any different ideas or provide some feedback?
> >
> > maybe: disabled services are stored during sysupgrade in
> >
Hi,
2015-06-20 21:35 GMT+02:00 John Crispin :
>
>
> On 20/06/2015 20:53, Rafał Miłecki wrote:
> > On 20 June 2015 at 13:56, Jo-Philipp Wich wrote:
> >>> i dont like this idea at all. calling ld-preload on every started app
> >>> just seems wrong
> >>
> >> I was the one suggesting the idea since
Hi all,
Please reread r46119
Relro full != relro partial
Fortify source 1 != fortify source 2
Ssp != ssp strong
Regards
Etienne
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-de
Hi,
Le 24 juin 2015 16:19, "Steven Barth" a écrit :
>
> Hi Etienne,
>
> I don't get your issue. 46119 only unifies the override variables,
> meaning if a package maintainer wants to override e.g. RELRO he now
> only needs to add PKG_RELRO:=0 instead of adding two for both RELRO
> modes.
>
Sorry i
hi bastian,
2015-07-01 21:55 GMT+02:00 Bastian Bittorf :
> * Emmanuel Deloget [01.07.2015 21:50]:
> > You should try Aliexpress - it seems they still have some 4900 (be aware
> > that prices might be a bit weird).
>
> my question is not about "tricks" to get these devices.
> it's about what can
We need a+x rights on the path to the root of the jails
so we can use users other than root (like nobody)
This partly fixes jailed dnsmasq
Signed-off-by: Etienne CHAMPETIER
---
jail/jail.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/jail/jail.c b/jail/jail.c
index
We need a+x rights on the path to the root of the jails
so we can use users other than root (like nobody)
This partly fixes jailed dnsmasq
Signed-off-by: Etienne CHAMPETIER
---
package/base-files/files/etc/init.d/boot | 1 -
1 file changed, 1 deletion(-)
diff --git a/package/base-files/files
found with strace, not sure we got all of them though
Signed-off-by: Etienne CHAMPETIER
---
package/network/services/dnsmasq/files/dnsmasq.init | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/network/services/dnsmasq/files/dnsmasq.init
b/package/network/services
Hi guys
Just forgot to says that my 3 patches fixing jails are also for CC
https://patchwork.ozlabs.org/patch/497899/
https://patchwork.ozlabs.org/patch/497900/
https://patchwork.ozlabs.org/patch/497901/
Regards
Etienne
___
openwrt-devel mailing list
op
, i've no idea yet)
2015-07-22 12:50 GMT+02:00 Etienne Champetier
:
> Hi guys
>
> Just forgot to says that my 3 patches fixing jails are also for CC
> https://patchwork.ozlabs.org/patch/497899/
> https://patchwork.ozlabs.org/patch/497900/
> https://patchwork.ozlabs.org/pa
Hi Maxim,
Le 12 août 2015 13:25, "Maxim Storchak" a écrit :
>
> This allows to build jails with more than a single binary.
> May be used to run main program with a wrapper, f.e. ionice,
> or to add helper binaries for the main one (like gzip for tar with no
> build-in compression support).
>
> Usa
we now can build seccomp, ujail, utrace separatly
Signed-off-by: Etienne CHAMPETIER
---
CMakeLists.txt | 2 ++
1 file changed, 2 insertions(+)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6af17a3..805e2ed 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -84,7 +84,9
child
Feature request:
-when we add a file or dir, detect if it's an exec and add it's dependencies
Signed-off-by: Etienne CHAMPETIER
---
jail/jail.c | 390
1 file changed, 155 insertions(+), 235 deletions(-)
diff --git a/
2015-08-21 0:39 GMT+02:00 Etienne CHAMPETIER :
> This is an RFC patch for ujail
>
> -use EXIT_SUCCESS/EXIT_FAILURE (not -1)
> -parse every options in main, put them in opts struct
> -add CLONE_NEWIPC to the clone() call (it's already compiled in openwrt
> kernel)
> -ret
this need to be applied after my work on ujail (procd git)
ujail doesn't depend on seccomp and some archs dont support seccomp
Signed-off-by: Etienne CHAMPETIER
---
package/system/procd/Makefile | 50 +--
1 file changed, 25 insertions(+), 25 dele
This patch series rework a bit ujail,
and add capabilities support to it
Seccomp filter are very powerful but not totally generic,
each arch can have different set of syscalls,
each libc can use different syscall for the same function,
and seccomp isn't supported on all arch.
Capabilities are mor
we can now build preload-seccomp, ujail, utrace separately
Signed-off-by: Etienne CHAMPETIER
---
CMakeLists.txt | 2 ++
1 file changed, 2 insertions(+)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6af17a3..805e2ed 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -84,7 +84,9
(perload-jail -> preload-seccomp)
Signed-off-by: Etienne CHAMPETIER
---
jail/seccomp.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/seccomp.h b/jail/seccomp.h
index 6c585ad..c44a607 100644
--- a/jail/seccomp.h
+++ b/jail/seccomp.h
@@ -12,8 +1
prctl(PR_SET_NO_NEW_PRIVS, 1) is enough, we don't require CAP_SYS_ADMIN
see
https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt
https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt
Signed-off-by: Etienne CHAMPETIER
---
jail/preload.c | 6 --
1 file chang
t's an exec and add it's dependencies
Signed-off-by: Etienne CHAMPETIER
---
jail/jail.c | 391
1 file changed, 156 insertions(+), 235 deletions(-)
diff --git a/jail/jail.c b/jail/jail.c
index 2bba292..487d18f 100644
--- a/jail
If there is one or more capabilities in cap.keep,
drop all capabilities not in cap.keep.
Always drop all capabalities in cap.drop
exemple json syntax:
{
"cap.keep": [
"cap_net_raw"
],
"cap.drop": []
}
Signed-off-by: Etienne CHAMPETIER
---
CMakeLists.tx
this need to be applied after my work on ujail (procd git)
ujail doesn't depend on seccomp and some archs dont support seccomp
Signed-off-by: Etienne CHAMPETIER
---
package/system/procd/Makefile | 50 +--
1 file changed, 25 insertions(+), 25 dele
2015-08-26 15:48 GMT+02:00 John Crispin :
>
>
> On 26/08/2015 01:00, Etienne CHAMPETIER wrote:
> > This patch series rework a bit ujail,
> > and add capabilities support to it
>
> nice
>
> >
> > Seccomp filter are very powerful but not totally generi
v3 of my (u)jail work, you can now use separately
namespaces jail, capabilities and seccomp
Openwrt procd Makefile patch v2 is still ok
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/open
we can now build preload-seccomp, ujail, utrace separately
Signed-off-by: Etienne CHAMPETIER
---
CMakeLists.txt | 2 ++
1 file changed, 2 insertions(+)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6af17a3..805e2ed 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -84,7 +84,9
t's an exec and add it's dependencies
Signed-off-by: Etienne CHAMPETIER
---
jail/jail.c | 393
1 file changed, 157 insertions(+), 236 deletions(-)
diff --git a/jail/jail.c b/jail/jail.c
index 2bba292..f8139b8 100644
--- a/jail
(perload-jail -> preload-seccomp)
Signed-off-by: Etienne CHAMPETIER
---
jail/seccomp.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/seccomp.h b/jail/seccomp.h
index 6c585ad..c44a607 100644
--- a/jail/seccomp.h
+++ b/jail/seccomp.h
@@ -12,8 +1
prctl(PR_SET_NO_NEW_PRIVS, 1) is enough, we don't require CAP_SYS_ADMIN
see
https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt
https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt
Signed-off-by: Etienne CHAMPETIER
---
jail/preload.c | 6 --
1 file chang
Signed-off-by: Etienne CHAMPETIER
---
jail/elf.c | 14 --
jail/jail.c | 10 --
jail/log.h | 1 +
3 files changed, 1 insertion(+), 24 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index c198599..cbb3051 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -12,33 +12,19
If there is one or more capabilities in cap.keep,
drop all capabilities not in cap.keep.
Always drop all capabalities in cap.drop
exemple json syntax:
{
"cap.keep": [
"cap_net_raw"
],
"cap.drop": []
}
Signed-off-by: Etienne CHAMPETIER
---
CMakeLists.tx
building a generic jail can be hard,
choosing to drop some capabilities can be easier.
This commit permit to use namespaces, capabilities
and seccomp combined as you like.
Signed-off-by: Etienne CHAMPETIER
---
jail/jail.c | 76 +
1
2015-08-27 12:18 GMT+02:00 John Crispin :
>
>
> On 26/08/2015 18:20, Etienne Champetier wrote:
> >
> >
> > 2015-08-26 15:48 GMT+02:00 John Crispin > <mailto:blo...@openwrt.org>>:
> >
> > On 26/08/2015 01:00, Etienne CHAMPETIER wr
2015-09-09 15:20 GMT+02:00 Hannu Nyman :
> I repeat my earlier wish that trunk should be renamed as soon as possible.
>
> There has been several changes during the summer that have made trunk to
> significantly deviate from the CC branch. Some of the changes are under the
> hood (like musl vs. uCl
2015-09-11 8:46 GMT+02:00 John Crispin :
>
>
> On 11/09/2015 08:39, Rafał Miłecki wrote:
> > On 11 September 2015 at 07:51, John Crispin wrote:
> >> On 11/09/2015 07:18, Rafał Miłecki wrote:
> >>> On 9 September 2015 at 17:24, Tobias Welz wrote:
> BTW: Why does the trunk has to be "renamed"
2015-09-11 8:59 GMT+02:00 John Crispin :
>
>
> On 11/09/2015 08:53, Etienne Champetier wrote:
> >
> >
> > 2015-09-11 8:46 GMT+02:00 John Crispin > <mailto:blo...@openwrt.org>>:
> >
> >
> >
> > On 11/09/2015 08:39, Rafał Miłec
Hi,
Le 13 sept. 2015 16:34, "Daniel Dickinson" a
écrit :
>
> Actually two far more useful solutions:
>
> 1) By default only answer requests from 'lan' network in
/etc/config/uhttp instead of 0.0.0.0/32
> 2) Some useful alert if what appears to be a firewally misconfiguration
is created (default O
Hi Daniel,
Le 13 sept. 2015 22:04, "Daniel Dickinson" a
écrit :
>
> I do think allowing to choose to disable the banner is a minor benefit,
however, as I've said, there are much more effective means of preventing
accidential exposure, and quite frankly if the user is *choosing* to open
the web in
Hi again,
Le 13 sept. 2015 22:50, "Daniel Dickinson" a
écrit :
>
> On 2015-09-13 4:41 PM, Luiz Angelo Daros de Luca wrote:
>>
>> While openwrt doesn't offer security release, hiding version in banner
>> is not very effective. If the attacker can detect it is OpenWRT and if
>> there is a known sec
Hi,
Le 14 sept. 2015 06:36, "Daniel Dickinson" a
écrit :
>
> On 2015-09-14 12:30 AM, Daniel Dickinson wrote:
>>
>> On 2015-09-13 11:39 PM, Florian Fainelli wrote:
>>>
>>> On Sep 13, 2015 2:00 PM, "Etienne Champetier"
>>> mailto:
hi,
2015-08-27 13:38 GMT+02:00 John Crispin :
>
>
> On 27/08/2015 13:25, Etienne Champetier wrote:
> >
> >
> > 2015-08-27 12:18 GMT+02:00 John Crispin > <mailto:blo...@openwrt.org>>:
> >
> >
> >
> > On 26/08/2015 18:20, Etienn
Hi Felix,
Maybe we should keep sha512 and switch to it? md5 is not best security
practice these days.
I've checked, ubuntu 14.04 and fedora 22 both use sha512 in /etc/shadow
I wonder if AF_ALG can be of any interest here (integrate needed algo by
default into the kernel, then patch core software
Hi,
Le 15 sept. 2015 01:40, "Felix Fietkau" a écrit :
>
> On 2015-09-15 00:22, Etienne Champetier wrote:
> > Hi Felix,
> >
> > Maybe we should keep sha512 and switch to it? md5 is not best security
> > practice these days.
> I don't see the point.
Hi
You should respond to the original mail and not create a new thread each
time
Le 19 janv. 2016 03:03, "Daniel Dickinson" daniel.thecshore.com
> a écrit :
>
> Hi John,
>
> Contrary to what you believed it is not possible for the ordinary users
(of which I am one at the moment) to modify their o
Hi,
Le 5 févr. 2016 07:14, "Okupandolared" a écrit :
>
> Hello.
>
> I have a WR740N with Barrie braker, I achieved to create my own image
with all requirements and after flash image, install mwan3 and
luci-app-mwa3.
>
> Currently I connect to a wireless network as a client-A WWAN, and create
anot
You should switch to git (haven't checked if it works right now though)
Le 25 févr. 2016 21:39, "Shankar Unni" a
écrit :
> The svn server on svn.openwrt.org seems to be down? The machine itself
> is up and running, however.
>
> Is there a known outage?
>
>
> % svn up
> svn: Can't connect to host
cc list
2016-04-13 14:40 GMT+02:00 Etienne Champetier
:
> Hi Zefir
>
> 2016-04-13 14:26 GMT+02:00 Zefir Kurtisi :
>
>> ujail can be selected on e.g. PowerPC platforms, which
>> currently causes the procd build to fail:
>> ./trace/trace.c:48:2: error: #error tr
Hi,
someone messed with git.openwrt.org nginx config, i can't get the js and css.
see https://git.openwrt.org/project/static/gitweb.css (doesn't look
like a css :) )
Cheers
Etienne
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://
2016-06-03 11:13 GMT+02:00 John Crispin :
>
>
> On 02/06/2016 13:20, Etienne Champetier wrote:
>> Hi,
>>
>> someone messed with git.openwrt.org nginx config, i can't get the js and css.
>>
>> see https://git.openwrt.org/project/static/gitweb.css (
Hi,
Just a heads up,
ujail uses "bind mount" to include file and directories into the jail,
so if you include a file named aaa (procd_add_jail_mount(_rw) aaa),
and then replace it outside of the jail using "mv bbb aaa",
in the jail you will still have file aaa.
Workaround is to use a directory in
Hi,
2015-09-18 11:03 GMT+02:00 Helmut Schaa :
> Hi John,
>
> On Fri, Sep 18, 2015 at 10:18 AM, John Crispin wrote:
> > Hi
> >
> > On 18/09/2015 09:59, Helmut Schaa wrote:
> >> Allow to pass RESPAWN_THESHOLD_DEFAULT, DRESPAWN_TIMEOUT_DEFAULT
> >> and RESPAWN_RETRY_DEFAULT as parameters to cmake t
patch serie
Signed-off-by: Etienne CHAMPETIER
---
initd/early.c | 12 ++--
plug/coldplug.c | 4 ++--
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/initd/early.c b/initd/early.c
index 89c8104..f410256 100644
--- a/initd/early.c
+++ b/initd/early.c
@@ -62,18 +
Hi,
2015-09-21 17:26 GMT+02:00 Helmut Schaa :
> Extend /etc/config/system with a parameter to enable
> infinite respawn mode:
>
> config system
> option service_endless_respawn 1
>
why not "service_respawn_retry", which set "respawn_retry" default value
(if i want to set
Hi,
2015-10-01 12:19 GMT+02:00 Kevin Darbyshire-Bryant <
ke...@darbyshire-bryant.me.uk>:
> This patch stops SIGHUP from enabling dnssec timechecks if disabled by
> use of --dnssec-no-timecheck option. --dnssec-timestamp continues to
> work correctly.
>
I haven't really followed the previous dis
2015-10-01 13:21 GMT+02:00 Kevin Darbyshire-Bryant <
ke...@darbyshire-bryant.me.uk>:
>
>
> On 01/10/15 11:37, Etienne Champetier wrote:
> > Hi,
> >
> > 2015-10-01 12:19 GMT+02:00 Kevin Darbyshire-Bryant
> > mailto:ke...@darbyshire-bryant.me.uk>>:
>
Hi,
2015-10-04 22:47 GMT+02:00 Javier Domingo Cansino :
> Hello,
>
> I asked Friday on IRC how to write blobs, I was suggested using
> blob_raw_put from libubox/blob.h, but as I have to implement a binary
> protocol that uses different endianess, non aligned data etc., I think the
> best solution
Hi John,
2015-10-05 11:14 GMT+02:00 John Crispin :
>
>
> On 27/08/2015 01:26, Etienne CHAMPETIER wrote:
> > v3 of my (u)jail work, you can now use separately
> > namespaces jail, capabilities and seccomp
> >
> > Openwrt procd Makefile patch v2 is still ok
>
Hi,
Le 5 oct. 2015 13:49, "Etienne Champetier" a
écrit :
>
> Hi John,
>
> 2015-10-05 11:14 GMT+02:00 John Crispin :
>>
>>
>>
>> On 27/08/2015 01:26, Etienne CHAMPETIER wrote:
>> > v3 of my (u)jail work, you can now use separately
>>
this completes fafbf7338ec8304f2a0ec0ba76048fba2c01c07e
Signed-off-by: Etienne CHAMPETIER
---
jail/jail.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/jail.c b/jail/jail.c
index f459a5e..56dc9ca 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -193,11 +193,11
Hi All,
Here are some commands to make a "full" git repo, from the "trunk" repo
(the only complaint that everyone agrees on)
We keep git commit sha's for the trunk, and we add all branches/tags
It needs some more tunning, but it's a good start :)
1) clone the trunk repo
git clone git://git.openw
Hi again,
2015-10-12 23:49 GMT+02:00 Etienne Champetier
:
> Hi All,
>
> Here are some commands to make a "full" git repo, from the "trunk" repo
> (the only complaint that everyone agrees on)
> We keep git commit sha's for the trunk, and we add all bran
Hi Dirk,
2015-10-16 12:10 GMT+02:00 Dirk Brenken :
> busybox binary in openwrt neither supports stat nor find mtime. This patch
> adds find mtime support by default.
>
what's the size before/after (ipk size)
> Signed-off-by: Dirk Brenken
> ---
> --- trunk/package/utils/busybox/Config-default
Hi,
Le 18 oct. 2015 21:31, "Dirk Brenken" a écrit :
>
> Hi,
>
> I can't see the diff/patch below on patchwork, anything wrong with the
> submitted patch?
How did you generate it?
You should use git send-email, and resend.
Also add the size before/after in the commit message.
>
> Thanks
> Dirk
>
Hi John,
since 47268, we need -DUTRACE_SUPPORT=1 to compile utrace
https://dev.openwrt.org/changeset/47268/
http://nbd.name/gitweb.cgi?p=luci2/procd.git;a=summary
can you (or anyone else) backport r46936 or should i resend?
https://dev.openwrt.org/changeset/46936/trunk/package/system/procd
Thank
ujail doesn't depend on seccomp and some archs dont support seccomp
Backport of r46936
needed since last procd update (r47268)
Signed-off-by: Etienne CHAMPETIER
---
package/system/procd/Makefile | 52 +--
1 file changed, 26 insertions(+), 26 dele
Hi
2015-10-29 22:04 GMT+01:00 Etienne CHAMPETIER
:
> ujail doesn't depend on seccomp and some archs dont support seccomp
>
> Backport of r46936
> needed since last procd update (r47268)
>
friendly ping
this is run tested on
Hi all, John,
I'm a bit out of my game on this bug, ujail is not adding the interpretor
in the jail (/lib/ld-musl-x86_64.so.1) with musl DD
it's working with uclibc CC, on my ubuntu 14.04, but not with musl DD
https://dev.openwrt.org/ticket/20785
___
op
Signed-off-by: Etienne CHAMPETIER
---
jail/jail.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/jail.c b/jail/jail.c
index 56dc9ca..08babde 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -272,7 +272,7 @@ static int exec_jail()
exit(EXIT_FAILURE
even on 64bits images)
-do not handle RPATH
This patch:
-use ldd to detect ELF dependencies
-add support for shell script
uClibc ldd doesn't work with shared lib, thus this patch break
seccomp with uClibc
Signed-off-by: Etienne CHAMPETIER
---
CMakeLists.txt | 2 +-
jail/deps.
00 John Crispin :
>
>
> On 21/11/2015 00:05, Etienne CHAMPETIER wrote:
> > Using ldd (via popen()) is a hack, but it's simpler (and working)
>
> indeed
>
> > we have 3 libc and many archs, too many ways to resolve .so
> where does it break ?
>
>
> > Curre
Signed-off-by: Etienne CHAMPETIER
---
jail/elf.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index cbb3051..34a5aca 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -33,6 +33,10 @@ static LIST_HEAD(library_paths);
void alloc_library_path
spawn_jail(void) produce a compilation error,
so we use spawn_jail()
Signed-off-by: Etienne CHAMPETIER
---
jail/jail.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/jail.c b/jail/jail.c
index 56dc9ca..08babde 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -272,7
extern for function declaration in '.h' doesn't make sense
Signed-off-by: Etienne CHAMPETIER
---
jail/elf.c | 28 +++-
jail/elf.h | 10 +-
2 files changed, 20 insertions(+), 18 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index 34a5aca..a26aa
org/ticket/20785
Signed-off-by: Etienne CHAMPETIER
---
CMakeLists.txt | 2 +-
jail/elf.c | 132 +++---
jail/elf.h | 9 ++-
jail/fs.c | 179 +
jail/fs.h | 20 +++
jail/jail.
Hi,
Le 23 nov. 2015 08:18, "John Crispin" a écrit :
>
>
>
> On 23/11/2015 01:39, Etienne CHAMPETIER wrote:
> > spawn_jail(void) produce a compilation error,
> > so we use spawn_jail()
> >
> > Signed-off-by: Etienne CHAMPETIER
> > ---
> &g
John
>
> On 23/11/2015 01:39, Etienne CHAMPETIER wrote:
> > extern for function declaration in '.h' doesn't make sense
> >
> > Signed-off-by: Etienne CHAMPETIER
> > ---
> > jail/elf.c | 28 +++-
> > jail/elf.h | 10 ++
2015-11-23 9:11 GMT+01:00 John Crispin :
>
>
> On 23/11/2015 09:09, Etienne Champetier wrote:
> > Hi,
> >
> > Le 23 nov. 2015 08:18, "John Crispin" > <mailto:blo...@openwrt.org>> a écrit :
> >>
> >>
> >>
> >
Hey,
2015-11-23 12:52 GMT+01:00 Paul Fertser :
> Hey Etienne,
>
> Etienne Champetier writes:
> > i know that spawn_jail(void) is valid code, but then the clone call
> > refuses to compile
>
> That's type-safety for you. spawn_jail() is valid code too but it
Signed-off-by: Etienne CHAMPETIER
---
jail/elf.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index cbb3051..34a5aca 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -33,6 +33,10 @@ static LIST_HEAD(library_paths);
void alloc_library_path
clone() call need a function with "void *" arg
(else we have a compilation error)
Signed-off-by: Etienne CHAMPETIER
---
jail/jail.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/jail.c b/jail/jail.c
index 56dc9ca..9952ed9 100644
--- a/jail/jail.c
+++ b/j
extern qualifiers for function definitions doesn't really make sense
Signed-off-by: Etienne CHAMPETIER
---
jail/elf.h | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/jail/elf.h b/jail/elf.h
index 3ae311e..19ceb3e 100644
--- a/jail/elf.h
+++ b/jail/elf.h
@@
Signed-off-by: Etienne CHAMPETIER
---
jail/elf.c | 28 +++-
jail/elf.h | 4 ++--
jail/jail.c | 2 +-
3 files changed, 18 insertions(+), 16 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index 34a5aca..fb046b4 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -69,7 +69,7
As requested, i've split up in smaller patches my work
I also follow the unwritten code style requirement :)
"rework fs jail part" commit is still a bit big
but if i split it further i will edit the same line
in each commit (tell me if it too big)
Etienne CHAMPETIER (17):
ujail
Signed-off-by: Etienne CHAMPETIER
---
jail/capabilities.h | 1 +
jail/elf.h | 4 +---
jail/log.h | 1 +
jail/seccomp.h | 1 +
4 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/jail/capabilities.h b/jail/capabilities.h
index e6699e9..beb67cc 100644
--- a/jail
headers must include all there dependencies, no more, no less
Signed-off-by: Etienne CHAMPETIER
---
jail/preload.c | 2 --
jail/seccomp.c | 2 --
jail/seccomp.h | 3 +++
3 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/jail/preload.c b/jail/preload.c
index a1cc0b6..5466f27 100644
headers must include all there dependencies, no more, no less
Signed-off-by: Etienne CHAMPETIER
---
jail/elf.c | 1 +
jail/elf.h | 2 --
jail/jail.c | 1 +
3 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index 6d36215..5e22606 100644
--- a/jail/elf.c
headers must include all there dependencies, no more, no less
(it uses fprintf)
Signed-off-by: Etienne CHAMPETIER
---
jail/elf.c | 1 -
jail/jail.c | 1 -
jail/log.h | 1 +
3 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index fb046b4..6d36215 100644
, not in /lib64 (/lib64 is also a symlink to /lib)
/lib64 is before /lib since the first commit, i don't know
if it was on purpose
this partly fixes
https://dev.openwrt.org/ticket/20785
Signed-off-by: Etienne CHAMPETIER
---
jail/jail.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
move all libraries search initialisation stuff
into elf.c / init_library_search()
for now we don't handle musl specific files
Signed-off-by: Etienne CHAMPETIER
---
jail/elf.c | 13 +++--
jail/elf.h | 3 +--
jail/jail.c | 6 +-
3 files changed, 13 insertions(+), 9 dele
Signed-off-by: Etienne CHAMPETIER
---
jail/elf.c | 9 +
jail/jail.c | 9 +
2 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index 5e22606..2acac71 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -22,6 +22,7 @@
#include
#include
#include
this code is present since first ujail commit (dfcfcca7)
Signed-off-by: Etienne CHAMPETIER
---
jail/elf.c | 7 +--
jail/jail.c | 8 ++--
2 files changed, 3 insertions(+), 12 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index c3a392c..7c52880 100644
--- a/jail/elf.c
+++ b/jail
Signed-off-by: Etienne CHAMPETIER
---
jail/jail.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/jail.c b/jail/jail.c
index 5b24f63..b7e6946 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -139,7 +139,7 @@ static int mount_bind(const char *root, const char *path
th_and_deps() function to handle file/lib openning and mmaping
Check if file is an elf (magic number) before passing it to elf_load_deps()
elf_load_deps() now only handle elf parsing part
next commit adds script (#!) handling
Use add_path_and_deps() with -r and -w args to automatically a
see
https://docs.oracle.com/cd/E19683-01/817-3677/chapter6-42444/index.html
Signed-off-by: Etienne CHAMPETIER
---
jail/elf.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/jail/elf.c b/jail/elf.c
index 7c52880..46c19df 100644
--- a/jail/elf.c
+++ b/jail/elf.c
@@ -182,7
this make simple script work easily with ujail
Signed-off-by: Etienne CHAMPETIER
---
jail/fs.c | 28
1 file changed, 28 insertions(+)
diff --git a/jail/fs.c b/jail/fs.c
index aeab730..c848700 100644
--- a/jail/fs.c
+++ b/jail/fs.c
@@ -79,6 +79,29 @@ void
1 - 100 of 444 matches
Mail list logo