-- @return table with configuration defaults
function UCI.defaults()
return {
- security = { { exemptAngel = 1, setuser = "nobody" } },
+ security = {
+ { setuser = "nobody", keepNetAdmin = 1 },
+ { chroot = "/var/run/" },
+ { nofiles = 0 },
+ { noforks = 1 },
+ { seccomp = 0 },
+ { setupComplete = 1 }
+ },
router = {
ipTunnel = { outgoingConnections = {}, allowedConnections = {} },
interface = { type = "TUNInterface" }
obj.router.interface.tunDevice = config.tun_device
end
+ for i,section in pairs(obj.security) do
+ if type(section.seccomp) == "number" then
+ obj.security[i].seccomp = tonumber(config.seccomp)
+ end
+ end
+
cursor:foreach("cjdns", "iptunnel_outgoing", function(outgoing)
table.insert(obj.router.ipTunnel.outgoingConnections, outgoing.public_key)
end)
private_key = obj.privateKey,
admin_password = obj.admin.password,
admin_address = admin_address,
- admin_port = admin_port,
+ admin_port = admin_port
})
if obj.router.interface.tunDevice then
})
end
+ if obj.security then
+ for i,section in pairs(obj.security) do
+ for key,value in pairs(section) do
+ if key == "seccomp" then
+ UCI.cursor_section(cursor, "cjdns", "cjdns", "cjdns", {
+ seccomp = tonumber(value)
+ })
+ end
+ end
+ end
+ end
+
if obj.router.ipTunnel.outgoingConnections then
for i,public_key in pairs(obj.router.ipTunnel.outgoingConnections) do
UCI.cursor_section(cursor, "cjdns", "iptunnel_outgoing", nil, {
projects / feed / routing.git / commitdiff