git.openwrt.org Git - project/procd.git/commit

author	Etienne CHAMPETIER <champetier.etienne@gmail.com>
	Wed, 26 Aug 2015 23:26:45 +0000 (23:26 +0000)
committer	John Crispin <blogic@openwrt.org>
	Wed, 7 Oct 2015 09:07:54 +0000 (11:07 +0200)
commit	51201235db9dad9fe1823d9de46ed90f5e160fd0
tree	6abff11a7f8ffd602756ce3802ddafdab48bdc9e	tree \| snapshot
parent	fafbf7338ec8304f2a0ec0ba76048fba2c01c07e	commit \| diff

jail: add capabilities support

If there is one or more capabilities in cap.keep,
drop all capabilities not in cap.keep.
Always drop all capabalities in cap.drop

exemple json syntax:
{
"cap.keep": [
"cap_net_raw"
],
"cap.drop": []
}

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>

CMakeLists.txt		diff \| blob \| history
jail/capabilities.c	[new file with mode: 0644]	blob
jail/capabilities.h	[new file with mode: 0644]	blob
jail/jail.c		diff \| blob \| history
make_capabilities_h.sh	[new file with mode: 0755]	blob

OpenWrt service / process manager

RSS Atom