crowdsec-firewall-bouncer: add ujail
authorS. Brusch <ne20002@gmx.ch>
Sat, 21 Oct 2023 17:22:13 +0000 (19:22 +0200)
committerTianling Shen <cnsztl@gmail.com>
Mon, 6 Nov 2023 01:57:58 +0000 (09:57 +0800)
* added ujail for crowdsec-firewall-bouncer
* set nice to reduce priority for process

Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma GĂ©rald <gandalf@gk2.net>
Run tested: mediatek/filogic, BPI-R3, Openwrt 23.05.0

(cherry picked from commit a8df73ce7277134c5bd318b3e63cc14e2c70e9a7)

net/crowdsec-firewall-bouncer/Makefile
net/crowdsec-firewall-bouncer/files/crowdsec-firewall-bouncer.initd

index debdfc61f7140d762313376420b87ccde617c1a7..f8b906d447a4fb390d1f942136826a81e288e0b9 100644 (file)
@@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=crowdsec-firewall-bouncer
 PKG_VERSION:=0.0.28
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/crowdsecurity/cs-firewall-bouncer/tar.gz/v$(PKG_VERSION)?
index 04acd16173c8a0a251bd0f29231008fc0365c18d..eb5b79b7b08fb4ab0715b08b4754d63baa3b5980 100755 (executable)
@@ -210,6 +210,13 @@ run_bouncer() {
                procd_set_param command "$PROG" -c "$VARCONFIG"
                procd_set_param stdout 1
                procd_set_param stderr 1
+               procd_set_param nice 10
+               if [ -x "/sbin/ujail" ]; then
+                       procd_add_jail cs-bouncer log
+                       procd_add_jail_mount $VARCONFIG
+                       procd_add_jail_mount_rw /var/log/
+                       procd_set_param no_new_privs 1
+               fi
                procd_close_instance
        fi
 }