From: Nikos Mavrogiannopoulos Date: Sat, 14 Feb 2015 12:40:29 +0000 (+0100) Subject: ocserv: added option to use seccomp X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=201ef91c321b21eb7369bff1f3be0fa804c6df08;p=feed%2Fpackages.git ocserv: added option to use seccomp Signed-off-by: Nikos Mavrogiannopoulos --- diff --git a/net/ocserv/Config.in b/net/ocserv/Config.in index 81075fd813..88c5f50914 100644 --- a/net/ocserv/Config.in +++ b/net/ocserv/Config.in @@ -7,6 +7,10 @@ config OCSERV_PAM bool "enable PAM" default n +config OCSERV_SECCOMP + bool "enable seccomp" + default n + config OCSERV_PROTOBUF bool "use external libprotobuf" default y diff --git a/net/ocserv/Makefile b/net/ocserv/Makefile index 3ddc5be7dc..6c23672ab7 100644 --- a/net/ocserv/Makefile +++ b/net/ocserv/Makefile @@ -22,6 +22,7 @@ PKG_FIXUP:=autoreconf PKG_CONFIG_DEPENDS:= \ CONFIG_OCSERV_PAM \ + CONFIG_OCSERV_SECCOMP \ CONFIG_OCSERV_PROTOBUF \ include $(INCLUDE_DIR)/package.mk @@ -37,7 +38,7 @@ define Package/ocserv TITLE:=OpenConnect VPN server URL:=http://www.infradead.org/ocserv/ MAINTAINER:=Nikos Mavrogiannopoulos - DEPENDS:= +OCSERV_HTTP_PARSER:libhttp-parser +libgnutls +certtool +libncurses +libreadline +OCSERV_PAM:libpam +OCSERV_PROTOBUF:libprotobuf-c +kmod-tun + DEPENDS:= +OCSERV_HTTP_PARSER:libhttp-parser +OCSERV_SECCOMP:libseccomp +libgnutls +certtool +libncurses +libreadline +OCSERV_PAM:libpam +OCSERV_PROTOBUF:libprotobuf-c +kmod-tun USERID:=ocserv=72:ocserv=72 endef @@ -62,6 +63,10 @@ ifneq ($(CONFIG_OCSERV_PAM),y) CONFIGURE_ARGS += --without-pam endif +ifneq ($(CONFIG_OCSERV_SECCOMP),y) +CONFIGURE_ARGS += --disable-seccomp +endif + ifneq ($(CONFIG_OCSERV_PROTOBUF),y) CONFIGURE_ARGS += --without-protobuf endif diff --git a/net/ocserv/files/ocserv.conf.template b/net/ocserv/files/ocserv.conf.template index 8307bf6507..1694fd782a 100644 --- a/net/ocserv/files/ocserv.conf.template +++ b/net/ocserv/files/ocserv.conf.template @@ -18,6 +18,8 @@ auth = "|AUTH|" # A banner to be displayed on clients banner = "Welcome to OpenWRT" +isolate-workers = true + # When the server has a dynamic DNS address (that may change), # should set that to true to ask the client to resolve again on # reconnects.