project/procd.git
8 years agoinstance, ujail: wire remount / read only option (-o)
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:23 +0000 (23:09 +0000)]
instance, ujail: wire remount / read only option (-o)

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoinstance, ujail: remove "-P <path>" option
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:21 +0000 (23:09 +0000)]
instance, ujail: remove "-P <path>" option

we can now launch multiple time the same
ujail command without conflict

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: add O_CLOEXEC flag to open() call
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:20 +0000 (23:09 +0000)]
ujail: add O_CLOEXEC flag to open() call

if we forget to close() in the future,
this prevent fd leak

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: fixup code style // -> /* */
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:19 +0000 (23:09 +0000)]
ujail: fixup code style // -> /* */

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoujail: add ELF interpreter (DT_INTERP) to the jail
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:16 +0000 (16:27 +0000)]
ujail: add ELF interpreter (DT_INTERP) to the jail

this is needed by musl (openwrt DD)
uClibc/glibc is working without this

this partly fixes
https://dev.openwrt.org/ticket/20785

we still don't handle DT_RPATH, DT_RUNPATH, nodeflib, ...
see http://man7.org/linux/man-pages/man8/ld.so.8.html

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoujail: automatically add script (#!) interpreter
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:15 +0000 (16:27 +0000)]
ujail: automatically add script (#!) interpreter

this make simple script work easily with ujail

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoujail: rework fs jail part
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:14 +0000 (16:27 +0000)]
ujail: rework fs jail part

Change functions to work with full paths (do less split and concat of path)
  Store "soname" as key and the fullpath as path in "libraries"
  Remove "extras" list and replace it with "mounts" avl_tree
  ("mounts" also store fullpath)

Add add_path_and_deps() function to handle file/lib openning and mmaping
  Check if file is an elf (magic number) before passing it to elf_load_deps()
  elf_load_deps() now only handle elf parsing part
  next commit adds script (#!) handling

Use add_path_and_deps() with -r and -w args to automatically add dependencies

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoujail: DT_STRTAB uses d_ptr in d_un union (not d_val)
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:13 +0000 (16:27 +0000)]
ujail: DT_STRTAB uses d_ptr in d_un union (not d_val)

see
https://docs.oracle.com/cd/E19683-01/817-3677/chapter6-42444/index.html

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoujail: remove some debug/dev hack
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:12 +0000 (16:27 +0000)]
ujail: remove some debug/dev hack

this code is present since first ujail commit (dfcfcca7)

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoujail: fixup code style: "func()" -> "func(void)"
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:11 +0000 (16:27 +0000)]
ujail: fixup code style: "func()" -> "func(void)"

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoujail: add init_library_search()
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:10 +0000 (16:27 +0000)]
ujail: add init_library_search()

move all libraries search initialisation stuff
into elf.c / init_library_search()

for now we don't handle musl specific files

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoujail: use PATH_MAX for path related buffers
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:09 +0000 (16:27 +0000)]
ujail: use PATH_MAX for path related buffers

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoujail: search libs in /lib before /lib64
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:08 +0000 (16:27 +0000)]
ujail: search libs in /lib before /lib64

musl (openwrt DD r47603 x86-64) looks for lib only in /lib,
not in /lib64, and /lib64 is a symlink to /lib, so ujail find
all the libs in /lib64, add them in the jail (only under /lib64)
and then musl fails to find the libs.

uClibc (openwrt CC r47608 x86-64) looks for lib in /lib and
/usr/lib, not in /lib64 (/lib64 is also a symlink to /lib)

/lib64 is before /lib since the first commit, i don't know
if it was on purpose

this partly fixes
https://dev.openwrt.org/ticket/20785

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoujail: remove "#include log.h" from elf.h
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:07 +0000 (16:27 +0000)]
ujail: remove "#include log.h" from elf.h

headers must include all there dependencies, no more, no less

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoujail: add <stdio.h> and <syslog.h> to seccomp.h
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:06 +0000 (16:27 +0000)]
ujail: add <stdio.h> and <syslog.h> to seccomp.h

headers must include all there dependencies, no more, no less

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoujail: add <stdio.h> to log.h
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:05 +0000 (16:27 +0000)]
ujail: add <stdio.h> to log.h

headers must include all there dependencies, no more, no less
(it uses fprintf)

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoujail: put #include guard macro in all *.h
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:04 +0000 (16:27 +0000)]
ujail: put #include guard macro in all *.h

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoujail: use more const in elf.*
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:03 +0000 (16:27 +0000)]
ujail: use more const in elf.*

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoujail: stop using extern in elf.h
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:02 +0000 (16:27 +0000)]
ujail: stop using extern in elf.h

extern qualifiers for function definitions doesn't really make sense

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoujail: don't pass unused arg in clone call
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:01 +0000 (16:27 +0000)]
ujail: don't pass unused arg in clone call

clone() call need a function with "void *" arg
(else we have a compilation error)

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoujail: don't add non existant library_path
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:00 +0000 (16:27 +0000)]
ujail: don't add non existant library_path

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agofix a potential off-by-on eerror inside udevtrigegr
John Crispin [Mon, 23 Nov 2015 09:31:23 +0000 (10:31 +0100)]
fix a potential off-by-on eerror inside udevtrigegr

coverity found this: 1330086

Signed-off-by: John Crispin <blogic@openwrt.org>
9 years agosyslog: set sane priority values
Ulrich Weber [Wed, 4 Nov 2015 15:33:11 +0000 (16:33 +0100)]
syslog: set sane priority values

otherwise LOG_USER/LOG_EMERG is used

Signed-off-by: Ulrich Weber <uw@ocedo.com>
9 years agocmake: use CMAKE_INSTALL_* variables
Sergiy Kibrik [Tue, 13 Oct 2015 20:30:42 +0000 (23:30 +0300)]
cmake: use CMAKE_INSTALL_* variables

Replace hard-coded installation directories with cmake-provided
variables, which gives more flexibility on where to install
final binaries. Great simplification for usage with e.g. BitBake recipes.

Signed-off-by: Sergiy Kibrik <sakib@meta.ua>
9 years agoexplicitely ignore return value of symlink(3) call
Daniel Golle [Thu, 22 Oct 2015 21:15:58 +0000 (23:15 +0200)]
explicitely ignore return value of symlink(3) call

glibc sets __attribute_warn_unused_result__ on symlink(3) if
FORTIFY_SOURCE is set. This breaks procd which deliberately ignores
the result of the symlink(3) call early during init as there wouldn't
be anything better to do in that case other than ignoring the error and
trying to survive.

Introduce libc-compat.h to work-around libc anomalities.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
9 years agojail: Add MS_NODEV MS_NOEXEC MS_NOSUID mount options where needed
Etienne CHAMPETIER [Thu, 8 Oct 2015 20:01:44 +0000 (20:01 +0000)]
jail: Add MS_NODEV MS_NOEXEC MS_NOSUID mount options where needed

this completes fafbf7338ec8304f2a0ec0ba76048fba2c01c07e

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agojail: allow to not use namespaces
Etienne CHAMPETIER [Wed, 26 Aug 2015 23:26:47 +0000 (23:26 +0000)]
jail: allow to not use namespaces

building a generic jail can be hard,
choosing to drop some capabilities can be easier.

This commit permit to use namespaces, capabilities
and seccomp combined as you like.

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agojail: cleanup include
Etienne CHAMPETIER [Wed, 26 Aug 2015 23:26:46 +0000 (23:26 +0000)]
jail: cleanup include

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agojail: add capabilities support
Etienne CHAMPETIER [Wed, 26 Aug 2015 23:26:45 +0000 (23:26 +0000)]
jail: add capabilities support

If there is one or more capabilities in cap.keep,
drop all capabilities not in cap.keep.
Always drop all capabalities in cap.drop

exemple json syntax:
{
"cap.keep": [
        "cap_net_raw"
],
"cap.drop": []
}

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoAdd MS_NODEV MS_NOEXEC MS_NOSUID mount options where needed
Etienne CHAMPETIER [Sat, 19 Sep 2015 19:20:45 +0000 (19:20 +0000)]
Add MS_NODEV MS_NOEXEC MS_NOSUID mount options where needed

These options aren't mandatory, but can prevent some future
bugs from being exploited. Good reading:
http://lwn.net/Articles/647757/

Value chosen by looking at fedora 22 / ubuntu 14.04

Not tested yet (away from my tests routers)

Not touching jail/jail.c as this conflict with
my pending patch serie

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agosystem: fix undefined behavior in wdt offline check
Alexander Couzens [Wed, 23 Sep 2015 13:04:18 +0000 (15:04 +0200)]
system: fix undefined behavior in wdt offline check

watchdog_fd() is returning a char* and not a int. checking against < 0 could
lead in undefined behaviour.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
9 years agojail: reworks & cleanups
Etienne CHAMPETIER [Wed, 26 Aug 2015 23:26:44 +0000 (23:26 +0000)]
jail: reworks & cleanups

-use EXIT_SUCCESS/EXIT_FAILURE (not -1)
-parse every option in main, put them in opts struct
-add CLONE_NEWIPC to the clone() call (it's already compiled in openwrt kernel)
-return the exit status of the jailed process, or the num of the signal that killed it
-add missing options to usage()
-add a warning in usage() about ujail security
-debug option can now take an int as parameter (~debug level),
  with -d2 you now activate "LD_DEBUG=all" for exemple
-do not depend on libpreload-seccomp.so if -S is not present
-there is now only one ujail process instead of two

jail creation is now as follow:
1) create jail root dir (mkdir)
2) create new namespace (clone)
(in the parent wait for the child with uloop)
3) build the jail root fs (mount bind all the libs/bins ...),
pivot_root and mount special fs (procfs, sysfs) (build_jail_fs())
4) build envp (LD_PRELOAD the seccomp helper or ...)
5) drop capabilities (next patch)
6) execve the jailed bin
7) remove jail root dir (once child is dead)

there is no need to umount anything because we are already in a namespace

Todo:
-allow signals from the parent to the child

Feature request:
-when we add a file or dir, detect if it's an exec and add it's dependencies

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agojail, seccomp: remove useless root check
Etienne CHAMPETIER [Wed, 26 Aug 2015 23:26:43 +0000 (23:26 +0000)]
jail, seccomp: remove useless root check

prctl(PR_SET_NO_NEW_PRIVS, 1) is enough, we don't require CAP_SYS_ADMIN
see
https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt
https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agojail, seccomp: fix typo/improve log prefix
Etienne CHAMPETIER [Wed, 26 Aug 2015 23:26:42 +0000 (23:26 +0000)]
jail, seccomp: fix typo/improve log prefix

(perload-jail -> preload-seccomp)

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoadd UTRACE_SUPPORT build option
Etienne CHAMPETIER [Wed, 26 Aug 2015 23:26:41 +0000 (23:26 +0000)]
add UTRACE_SUPPORT build option

we can now build preload-seccomp, ujail, utrace separately

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agomove /dev/shm to /tmp/shm
Daniel Gimpelevich [Sat, 11 Jul 2015 01:58:38 +0000 (18:58 -0700)]
move /dev/shm to /tmp/shm

Since the /dev filesystem is tiny, /dev/shm needs to live somewhere
else.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
9 years agoinittab: always proceed to next state
Sergiy Kibrik [Wed, 19 Aug 2015 16:57:44 +0000 (19:57 +0300)]
inittab: always proceed to next state

If no S or K rc scripts provided we still should
be able to go on to next state, or we won't boot
properly and would not be able to reboot/shutdown later.

Signed-off-by: Sergiy Kibrik <sakib@meta.ua>
9 years agohotplug: add BUTTON to environment vars for timeout action
Günther Kelleter [Tue, 1 Sep 2015 14:01:25 +0000 (16:01 +0200)]
hotplug: add BUTTON to environment vars for timeout action

as done in pressed and released actions

Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
9 years agofix generating syscall-names.h
Hauke Mehrtens [Sat, 15 Aug 2015 16:17:33 +0000 (18:17 +0200)]
fix generating syscall-names.h

Sometimes the syscall number is not defined with a number but with an
offset to an other syscall and then make_syscall_h.sh created some
broken header file.

For example the bit/syscall.h from musl for i386 has this:

  #define __NR_timer_create     259
  #define __NR_timer_settime    (__NR_timer_create+1)

With this patch the resulting array looks like this:

 [259] = "timer_create",
 [(__NR_timer_create+1)] = "timer_settime",

This fixes this bug from OpenWrt:
https://dev.openwrt.org/ticket/20195

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
9 years agoallow buttons to call delayed timeout actions
John Crispin [Sat, 18 Jul 2015 22:30:42 +0000 (00:30 +0200)]
allow buttons to call delayed timeout actions

Signed-off-by: John Crispin <blogic@openwrt.org>
9 years agojail: fix jail root folder permissions
Etienne CHAMPETIER [Mon, 20 Jul 2015 20:41:50 +0000 (22:41 +0200)]
jail: fix jail root folder permissions

We need a+x rights on the path to the root of the jails
so we can use users other than root (like nobody)

This partly fixes jailed dnsmasq

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
9 years agoservice: if logging start app with LD_PRELOAD & lib for line buffering
Rafał Miłecki [Mon, 6 Jul 2015 21:37:11 +0000 (23:37 +0200)]
service: if logging start app with LD_PRELOAD & lib for line buffering

Using pipe automatically switches service to block buffering which kind
of breaks our logging. We won't get anything from stdout FD until the
buffer gets filled fully or the service exits. This makes log messages
appear with an unwanted delay.
This change adds a tiny libsetlbf.so switching stdout to line buffering
and uses this lib for every logging-enabled service started by procd.
We don't need any extra change for stderr as it's unbuffered by default.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Modified to use no buffering to align with stderr. Several cleanups.

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agoAttempt to deal gracefully with allocation failures.
Juliusz Chroboczek [Thu, 25 Jun 2015 22:23:33 +0000 (00:23 +0200)]
Attempt to deal gracefully with allocation failures.

These should probably not happen in practice, but having an explicit
error message may make debugging out-of-memory situations easier.

9 years agoRevert "hotplug: support for interval commands"
Felix Fietkau [Sat, 20 Jun 2015 07:33:53 +0000 (09:33 +0200)]
Revert "hotplug: support for interval commands"

This reverts commit 9562ce477476a27851ec90cfbf971b8cb41c81a6.

Revert requested by John, will be re-implemented in a different way.

9 years agofix /dev/shm permissions, this time for real
Daniel Gimpelevich [Wed, 17 Jun 2015 13:18:36 +0000 (06:18 -0700)]
fix /dev/shm permissions, this time for real

Previous patch did not account for umask, now adding that.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
9 years agofix /dev/shm permissions
Daniel Gimpelevich [Wed, 17 Jun 2015 09:51:37 +0000 (02:51 -0700)]
fix /dev/shm permissions

On my Ubuntu system, the permissions are 1777. They are incorrect in
procd, leading to this:
https://forum.openwrt.org/viewtopic.php?id=57073
This in intended for both CC and DD.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
9 years agohotplug: support for interval commands
Rafał Miłecki [Sat, 9 May 2015 20:02:03 +0000 (22:02 +0200)]
hotplug: support for interval commands

This allows executing code with a given interval. As every command, it
can be assign to any uevent.

Intervals may be useful for counting elapsed time since some action. It
allows e.g. indicating that button has been pressed for some time. This
is useful to let user know he can already release the button.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
9 years agoservice: reorder function to avoid forward declaration
Felix Fietkau [Sun, 14 Jun 2015 16:31:38 +0000 (18:31 +0200)]
service: reorder function to avoid forward declaration

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
9 years agoservice: close instance pipe fd on restart.
Yousong Zhou [Sun, 14 Jun 2015 04:14:47 +0000 (12:14 +0800)]
service: close instance pipe fd on restart.

Otherwise we hit max number of fd limit (1024) and instances fail to
start with the following errors in syslog

    Sun Jun 14 01:27:38 2015 daemon.warn procd: pipe() failed: 24 (Too many open files)

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
9 years agoservice: allow get_data of specifc instance.
Yousong Zhou [Sun, 14 Jun 2015 04:14:46 +0000 (12:14 +0800)]
service: allow get_data of specifc instance.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
9 years agoservice: remove unused struct watch_subscribe definition.
Yousong Zhou [Sun, 14 Jun 2015 04:14:45 +0000 (12:14 +0800)]
service: remove unused struct watch_subscribe definition.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
9 years agoservice: dump respawn params in the same order as when passed in.
Yousong Zhou [Sun, 14 Jun 2015 04:14:44 +0000 (12:14 +0800)]
service: dump respawn params in the same order as when passed in.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
9 years agoservice: optimize relaying stdio output of daemons a bit.
Yousong Zhou [Sun, 14 Jun 2015 04:14:43 +0000 (12:14 +0800)]
service: optimize relaying stdio output of daemons a bit.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
9 years agotrigger: make trigger_match() bool and make return value less confusing
Felix Fietkau [Tue, 2 Jun 2015 14:27:56 +0000 (16:27 +0200)]
trigger: make trigger_match() bool and make return value less confusing

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
9 years agoallow multiple identical events to be queued
John Crispin [Tue, 2 Jun 2015 00:00:03 +0000 (02:00 +0200)]
allow multiple identical events to be queued

Signed-off-by: John Crispin <blogic@openwrt.org>
9 years agoremove ->
John Crispin [Fri, 22 May 2015 23:31:22 +0000 (01:31 +0200)]
remove  ->
[    1.240000] init: failed to symlink /tmp -> /var

Signed-off-by: John Crispin <blogic@openwrt.org>
9 years agojail: respect byte order when setting AUDIT_ARCH
Daniel Golle [Sun, 17 May 2015 02:33:29 +0000 (04:33 +0200)]
jail: respect byte order when setting AUDIT_ARCH

AUDIT_ARCH on ARM and MIPS differs depending on the byte order.
Thus set AUDIT_ARCH to the respective endian-specific variants.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
9 years agojail: add support for ARM architecture
Daniel Golle [Sun, 17 May 2015 02:33:02 +0000 (04:33 +0200)]
jail: add support for ARM architecture

SECCOMP_FILTER isn't supported on ARM OABI.
Thus enable seccomp support in jail only for EABI.
thumb might work as well as it apparently implies EABI, but
yet doesn't set __ARM_EABI__.

The REG_SYSCALL macro seems to be an unused left-over.
However, it's defined for other architectures as well.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
9 years agotrace: add support for ARM architecture
Daniel Golle [Sun, 17 May 2015 02:32:45 +0000 (04:32 +0200)]
trace: add support for ARM architecture

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
9 years agoinstance: handle setgid() before setuid()
Jo-Philipp Wich [Tue, 5 May 2015 09:08:24 +0000 (11:08 +0200)]
instance: handle setgid() before setuid()

When attempting to run a service with an unprivileged user and group
id procd, the following error might occur:

procd: failed to set uid:1000, gid:1000

This is due to the fact that procd first performs the setuid(), then
the setgid() call.

Usually there no sufficient permissions after a setuid() anymore to
change the effective group id of the process.

Refactor the code to:

  * Swap the invocations (first gid, then uid)
  * Don't set user or group id if it is 0
  * Handle errors independently and make them more verbose

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
9 years agoinstance: avoid dumping invalid service instances - prevents a potential crash
Felix Fietkau [Sun, 19 Apr 2015 15:14:59 +0000 (17:14 +0200)]
instance: avoid dumping invalid service instances - prevents a potential crash

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
9 years agofix include order
John Crispin [Thu, 9 Apr 2015 22:39:16 +0000 (00:39 +0200)]
fix include order

this broke x86_64 builds on uclibc

Signed-off-by: John Crispin <blogic@openwrt.org>
9 years agoproperly handle return codes
John Crispin [Sat, 28 Mar 2015 14:41:58 +0000 (15:41 +0100)]
properly handle return codes

Signed-off-by: John Crispin <blogic@openwrt.org>
9 years agomake it optional to remount the tmpfs as ro
John Crispin [Fri, 27 Mar 2015 01:27:16 +0000 (02:27 +0100)]
make it optional to remount the tmpfs as ro

Signed-off-by: John Crispin <blogic@openwrt.org>
9 years agomake jail build optional
John Crispin [Thu, 26 Mar 2015 18:21:14 +0000 (19:21 +0100)]
make jail build optional

Signed-off-by: John Crispin <blogic@openwrt.org>
9 years agoprocd can now start jailed processes
John Crispin [Sat, 21 Mar 2015 13:11:15 +0000 (14:11 +0100)]
procd can now start jailed processes

Signed-off-by: John Crispin <blogic@openwrt.org>
9 years agoadd initial version of ujail and utrace
John Crispin [Sat, 21 Mar 2015 10:47:01 +0000 (11:47 +0100)]
add initial version of ujail and utrace

Signed-off-by: John Crispin <blogic@openwrt.org>
9 years agocheck for empty parameters in askfirst
Zefir Kurtisi [Wed, 18 Mar 2015 15:44:48 +0000 (16:44 +0100)]
check for empty parameters in askfirst

Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
9 years agoswitch to _DEFAULT_SOURCE for modern glibc compat
John Crispin [Thu, 12 Mar 2015 12:54:01 +0000 (13:54 +0100)]
switch to _DEFAULT_SOURCE for modern glibc compat

Signed-off-by: Jeff Waugh <jdub@bethesignal.org>
9 years agojson 0.12 fixes
John Crispin [Fri, 6 Mar 2015 16:46:04 +0000 (17:46 +0100)]
json 0.12 fixes
Signed-off-by: John Crispin <blogic@openwrt.org>
9 years agoservice: rename variables / struct members called stdout, stderr to avoid conflicts...
Felix Fietkau [Fri, 27 Feb 2015 07:28:35 +0000 (20:28 +1300)]
service: rename variables / struct members called stdout, stderr to avoid conflicts with system defines

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
9 years agoservice: don't use stdio log channel
Jo-Philipp Wich [Thu, 26 Feb 2015 14:23:59 +0000 (15:23 +0100)]
service: don't use stdio log channel

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
9 years agoprocd: support relayoing daemon stdout/stderr to syslog
Jo-Philipp Wich [Thu, 26 Feb 2015 11:27:39 +0000 (12:27 +0100)]
procd: support relayoing daemon stdout/stderr to syslog

This commit adds support to procd for relaying stdout and stderr streams to
the system log. That is mainly useful for services not using syslog, e.g.
uhttpd.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
9 years agoConvert log calls to ulog() api
Jo-Philipp Wich [Wed, 25 Feb 2015 22:52:03 +0000 (23:52 +0100)]
Convert log calls to ulog() api

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
9 years agoprocd: increase memory allocated for tmpfs on zram
Nathan Hintz [Sat, 24 Jan 2015 03:36:47 +0000 (19:36 -0800)]
procd: increase memory allocated for tmpfs on zram

Devices with <= 32MB of ram get half of memory allocated to zram (up to 16MB).
Devices with > 32MB of ram get just 8MB of memory allocated to zram.

Increase memory allocated to devices with > 32MB ram to 16MB.

Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>
9 years agoMake build of upgraded optional
Jo-Philipp Wich [Sun, 25 Jan 2015 16:05:46 +0000 (17:05 +0100)]
Make build of upgraded optional

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
9 years agosystem: increase memory field sizes to 64bit
Jo-Philipp Wich [Thu, 15 Jan 2015 11:32:36 +0000 (12:32 +0100)]
system: increase memory field sizes to 64bit

On an Alix APU board with 4GB of available ram, the total memory is reported
as "-179417088" bytes. Increase the ubus field sizes to 64bit integers in
order to avoid overflows.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
9 years agosystem: attempt to parse /proc/device-tree/model
Jo-Philipp Wich [Thu, 15 Jan 2015 11:17:21 +0000 (12:17 +0100)]
system: attempt to parse /proc/device-tree/model

Fallback to /proc/device-tree/model if /tmp/sysinfo/model is not available.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
9 years agosystem: improve system name detection
Jo-Philipp Wich [Thu, 15 Jan 2015 10:51:52 +0000 (11:51 +0100)]
system: improve system name detection

Skip entries like "Processor: 0" which are common on x86, otherwise
an "ubus call system board" will just return "system: 0".

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
9 years agoinittab: don't close fds unconditionally since this breaks UML
Steven Barth [Fri, 9 Jan 2015 08:39:22 +0000 (09:39 +0100)]
inittab: don't close fds unconditionally since this breaks UML

Signed-off-by: Steven Barth <steven@midlink.org>
9 years agoonly write to the watchdog if the fd is valid
John Crispin [Sun, 14 Dec 2014 21:12:45 +0000 (22:12 +0100)]
only write to the watchdog if the fd is valid

Signed-off-by: John Crispin <blogic@openwrt.org>
9 years agoprevious commit accidentiall dropped the cgroup mount
John Crispin [Tue, 2 Dec 2014 12:40:11 +0000 (13:40 +0100)]
previous commit accidentiall dropped the cgroup mount

Signed-off-by: John Crispin <blogic@openwrt.org>
9 years agoadd support for zram compressed tmpfs
John Crispin [Fri, 28 Nov 2014 00:27:57 +0000 (01:27 +0100)]
add support for zram compressed tmpfs

Signed-off-by: John Crispin <blogic@openwrt.org>
10 years agoservice: fix ubus list command
Felix Fietkau [Wed, 19 Nov 2014 16:36:58 +0000 (17:36 +0100)]
service: fix ubus list command

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
10 years agoinitd: mount cgroup
Luka Perkov [Tue, 11 Nov 2014 12:28:19 +0000 (12:28 +0000)]
initd: mount cgroup

If kernel is compiled with cgroup support it should be mounted. This change
does not effect kernels without cgroup support.

Signed-off-by: Luka Perkov <luka@openwrt.org>
10 years agoinittab: clean up tty opening code, fix console shell job control issues
Felix Fietkau [Sat, 8 Nov 2014 18:07:46 +0000 (19:07 +0100)]
inittab: clean up tty opening code, fix console shell job control issues

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
10 years agocall setsid during startup.
John Crispin [Wed, 5 Nov 2014 15:22:31 +0000 (16:22 +0100)]
call setsid during startup.

this fixes a bug where pgrp was not set up properly leading to a trail of carnage;

Signed-off-by: John Crispin <blogic@openwrt.org>
10 years agokmodloader takes longer than wdt timeout
John Crispin [Sat, 1 Nov 2014 22:23:47 +0000 (23:23 +0100)]
kmodloader takes longer than wdt timeout

on systms with slow flash the watchdog will trigger when a lot of modules are
included in the image.

Signed-off-by: John Crispin <blogic@openwrt.org>
10 years agoget_cmdline_val: search for entire name, not just suffix
Steven Barth [Wed, 5 Nov 2014 10:17:09 +0000 (11:17 +0100)]
get_cmdline_val: search for entire name, not just suffix

also fix writing of 0-byte to buffer

Signed-off-by: Steven Barth <steven@midlink.org>
10 years agoprocd: Make askconsole work again when no tty is specified in inittab
Michel Stam [Tue, 4 Nov 2014 16:40:16 +0000 (17:40 +0100)]
procd: Make askconsole work again when no tty is specified in inittab

Consider:
::askconsole:/bin/ash --login

askconsole( ) checks for the existance of the tty, but if none is
specified it will skip the remainder of the function. This means
fork_worker( ) is never called and no process is spawned. This
would leave routers without an initial console.

Signed-off-by: Michel Stam <m.stam@fugro.nl>
10 years agoHonour tty field in /etc/inittab
Michel Stam [Tue, 4 Nov 2014 15:50:54 +0000 (16:50 +0100)]
Honour tty field in /etc/inittab

The problem was caused by procd not opening /dev/tty* (whichever was
specified for the ID field /etc/inittab), causing /proc/PID/fd to
point to /dev/console instead.

This is a rework of e63051d9, which did not initialise the console
pointer and did not check the tty pointer in askconsole. askfirst
was not completely fixed as it expected the console parameter on
the commandline, which is no longer necessary because procd opens
the console prior to fork()-ing.

Signed-off-by: Michel Stam <m.stam@fugro.nl>
10 years agoRevert "Honour tty field in /etc/inittab"
Steven Barth [Sat, 1 Nov 2014 13:11:57 +0000 (14:11 +0100)]
Revert "Honour tty field in /etc/inittab"

This reverts commit e63051d9843ddbafb1fabfd97d60e853bdeac129.
This unbreaks the initial console on UML and possibly other platforms.

Signed-off-by: Steven Barth <cyrus@openwrt.org>
10 years agoFix regression in command line parsing
Steven Barth [Fri, 31 Oct 2014 12:05:47 +0000 (13:05 +0100)]
Fix regression in command line parsing

79872ea6 reduced the command line buffer breaking various platforms.

Signed-off-by: Steven Barth <steven@midlink.org>
10 years agoLog startup/shutdown to console
John Crispin [Thu, 30 Oct 2014 10:07:26 +0000 (11:07 +0100)]
Log startup/shutdown to console

procd has the habit of logging startup/shutdown via
rcS to syslog, which is pointless in case of a
shutdown, and unlikely to be complete on a startup
(as syslog is not running). Write to the console
instead.

Signed-off-by: Michel Stam <m.stam@fugro.nl>
Signed-off-by: John Crispin <blogic@openwrt.org>
10 years agominor fixes to michels patches
John Crispin [Sun, 12 Oct 2014 12:54:29 +0000 (14:54 +0200)]
minor fixes to michels patches

Signed-off-by: John Crispin <blogic@openwrt.org>
10 years agoHonour tty field in /etc/inittab
Michel Stam [Mon, 13 Oct 2014 14:14:37 +0000 (16:14 +0200)]
Honour tty field in /etc/inittab

The problem was caused by procd not opening /dev/tty* (whichever was
specified for the ID field /etc/inittab), causing /proc/PID/fd to
point to /dev/console instead.

Signed-off-by: Michel Stam <m.stam@fugro.nl>
10 years agoFix ctrl+alt+del support
Michel Stam [Mon, 13 Oct 2014 14:14:36 +0000 (16:14 +0200)]
Fix ctrl+alt+del support

The previous patch did not catch SIGINT, which is used by the
kernel to indicate to the init process that the system should
reboot.

Signed-off-by: Michel Stam <m.stam@fugro.nl>
10 years agoShow the shutdown sequence on the active virtual terminal
Michel Stam [Mon, 13 Oct 2014 14:14:35 +0000 (16:14 +0200)]
Show the shutdown sequence on the active virtual terminal

procd by default writes to /dev/console. When rebooting, this means that the
terminal on which the reboot sequence was started will not see what is going
on. This patch fixes that by reopening stdin, stdout and stderr to the console
device specified on the commandline, /dev/tty0 or /dev/console upon reboot.

Also, due to (probably) pivot-root, /proc/1/fd shows 1-3 pointing to
/console. This patch also fixes that.

Signed-off-by: Michel Stam <m.stam@fugro.nl>
10 years agoUse one generic routine to access /proc/cmdline
Michel Stam [Mon, 13 Oct 2014 14:14:34 +0000 (16:14 +0200)]
Use one generic routine to access /proc/cmdline

Signed-off-by: Michel Stam <m.stam@fugro.nl>
10 years agomake procd wait for ubus to come up
John Crispin [Mon, 6 Oct 2014 18:15:24 +0000 (20:15 +0200)]
make procd wait for ubus to come up

Signed-off-by: John Crispin <blogic@openwrt.org>