project/procd.git
6 years agoprocd: initd: fix path allocation in early_insmod
Nathan Hintz [Fri, 29 Dec 2017 04:48:26 +0000 (04:48 +0000)]
procd: initd: fix path allocation in early_insmod

Noticed that /tmp was not being created on /dev/zram0.  This was on
ixp4xx (nslu2) using GCC 6.3 and musl.

The allocation should be using the length of the passed string
(module path), not the size of the pointer to the string.

Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>
7 years agoservice: fix calls to blobmsg_parse()
Pierre Lebleu [Fri, 10 Nov 2017 09:59:35 +0000 (10:59 +0100)]
service: fix calls to blobmsg_parse()

We should use blobmsg_data() rather than blob_data() and
blobmsg_data_len() rather than blob_len().

Signed-off-by: Pierre Lebleu <pme.lebleu@gmail.com>
7 years agoprocd: add missing new lines inside debug code
John Crispin [Thu, 26 Oct 2017 07:39:52 +0000 (09:39 +0200)]
procd: add missing new lines inside debug code

Signed-off-by: John Crispin <john@phrozen.org>
7 years agoservice: fix SERVICE_ATTR_NAME usage in service_handle_set
pme.lebleu@gmail.com [Wed, 4 Oct 2017 11:14:16 +0000 (13:14 +0200)]
service: fix SERVICE_ATTR_NAME usage in service_handle_set

The SERVICE_SET_NAME belongs to enum SERVICE_SET_XXXX, not SERVICE_ATTR_NAME.

Signed-off-by: Pierre Lebleu <pme.lebleu@gmail.com>
7 years agowatchdog: fix inline watchdog_get_magicclose function prototype
Hans Dedecker [Tue, 8 Aug 2017 07:49:26 +0000 (09:49 +0200)]
watchdog: fix inline watchdog_get_magicclose function prototype

Fix procd compilation issue which occurs when DISABLE_INIT is set as the
inline watchdog_get_magicclose function prototype was wrong.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agoprocd: Do not leak pipe file descriptors to children
Michal Sojka [Thu, 6 Jul 2017 20:25:16 +0000 (22:25 +0200)]
procd: Do not leak pipe file descriptors to children

Without this change, a process started by procd can have access to
stdout/err of processes started by procd before.

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
7 years agowatchdog: add support for starting/stopping kernel watchdog
Hans Dedecker [Mon, 19 Jun 2017 09:14:27 +0000 (11:14 +0200)]
watchdog: add support for starting/stopping kernel watchdog

Extend the ubus watchdog cmd with the parameter magicclose; when set and
in case the stopped parameter is enabled the kernel watchdog will be stopped
by first sending the magic character 'V' followed by a close of the watchdog
fd. In case stopped is set to disabled the watchdog fd will be created again.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: John Crispin <john@phrozen.org>
7 years agosystem: introduce new attribute board_name
Daniel Golle [Thu, 8 Jun 2017 20:21:27 +0000 (22:21 +0200)]
system: introduce new attribute board_name

The system board call returns the verbose model string instead of the
board name. Unfortunately we have not yet estabkushed clear convention
regarding device-tree 'compatible' or 'model' property and sysupgrade
image name (same accounts for scraping /proc/cpuinfo on legacy
targets). This is odd as the idea was to return information needed to
identify the right sysupgrade image. On most targets we got a large
shell-script which translates either /proc/cpuinfo or the 'model'
property back into the board name used here.
Hence introduce a new attribute board_name to return either
/tmp/sysinfo/board_name or /proc/device-tree/compatible.

This combines commit 79bbe6d (system: return legacy board name) and
commit 453116e (system: introduce new attribute board_name) from the
master branch into a single commit.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
7 years agopreinit: define _GNU_SOURCE
Hans Dedecker [Fri, 16 Jun 2017 14:09:01 +0000 (16:09 +0200)]
preinit: define _GNU_SOURCE

In uClibc getdelim is only defined if _GNU_SOURCE is defined; fix
compilation issue by defining _GNU_SOURCE

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agoupgraded: cmake: Find and include uloop.h
Florian Fainelli [Wed, 31 May 2017 21:00:34 +0000 (14:00 -0700)]
upgraded: cmake: Find and include uloop.h

Add a CMake FIND_PATH and INCLUDE_DIRECTORIES searching for
libubox/uloop.h. Some external toolchains which do not include standard
locations would fail to find the header otherwise.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
7 years agohotplug: fix a memory leak in handle_button_complete()
Alexander Couzens [Sun, 11 Jun 2017 09:52:47 +0000 (11:52 +0200)]
hotplug: fix a memory leak in handle_button_complete()

Found-by: Coverity Scan #1412460
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
7 years agoservice/service_stopped(): fix a use-after-free
Alexander Couzens [Sun, 11 Jun 2017 09:49:00 +0000 (11:49 +0200)]
service/service_stopped(): fix a use-after-free

Found-by: Coverity Scan #1412548
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
7 years agoupgraded: define __GNU_SOURCE
Matthias Schiffer [Tue, 30 May 2017 05:23:57 +0000 (07:23 +0200)]
upgraded: define __GNU_SOURCE

It is required on non-musl libcs for O_DIRECTORY.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
7 years agorcS: add missing fcntl.h include
Matthias Schiffer [Mon, 29 May 2017 21:39:53 +0000 (23:39 +0200)]
rcS: add missing fcntl.h include

Fixes: d42b21ed9305 "procd/rcS: Use /dev/null as stdin"
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
7 years agoprocd/rcS: Use /dev/null as stdin
Michal Sojka [Sun, 30 Apr 2017 07:51:20 +0000 (09:51 +0200)]
procd/rcS: Use /dev/null as stdin

This change ensures that /etc/init.d/* scripts are started with
/dev/null as stdin. This is useful in cases where an init.d script
reads (e.g. by mistake) from stdin, which a user can perceive as if
some characters typed into shell on serial console are "eaten" by
something else (i.e. by the init.d script running on background). This
is very annoying, because each character needs to be pressed several
times before it appears on the screen.

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
7 years agoprocd: Log initscript output prefixed with script name
Michal Sojka [Sat, 11 Mar 2017 00:48:16 +0000 (01:48 +0100)]
procd: Log initscript output prefixed with script name

It helps with debugging of initscript problems.

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
7 years agoprocd: Don't use syslog before its initialization
Michal Sojka [Sun, 12 Mar 2017 01:11:39 +0000 (02:11 +0100)]
procd: Don't use syslog before its initialization

When procd starts a rcS script, it captures its stdout and stderr and
logs them via syslog(). The problem with that is that the rest of
procd code uses ulog rather than syslog() directly and ulog_open()
doesn't call openlog() immediately, but only after something is logged
with ulog(). This lazy calling of openlog() can result in the
following unwanted behavior:

1) When rcS's stdout/err is logged via syslog(), the log identifier is
   not set yet (due to openlog() not called) and so the log message
   lacks information about source.

2) procd can also log stdout/err from services. When a message from a
   service needs to be logged, ulog_open() is called to change the log
   identifier to match the service name/PID. After logging the service
   messages, ulog_open() is called again the change the identifier
   back to "procd". The lazy call to openlog() means that the messages
   logged directly with syslog() will be logged with the
   identification of the previously logged service and not of the rcS
   script that produced the message.

Both problems are fixed by replacing direct call to syslog() with
ULOG_NOTE, which automatically calls openlog() if needed.

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
7 years agoprocd: Add missing \n in debug message
Michal Sojka [Sat, 11 Mar 2017 00:48:14 +0000 (01:48 +0100)]
procd: Add missing \n in debug message

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
7 years agoprocd: service gets deleted when its last instance is freed
Alin Năstac [Mon, 27 Feb 2017 09:08:34 +0000 (10:08 +0100)]
procd: service gets deleted when its last instance is freed

This fixes the following regression introduced in commit
961dc692aff7457f874bce61f8e766514edcf794:
 1) reboot using the following configuration
root@OpenWrt:~# uci show system.ntp
system.ntp=timeserver
system.ntp.enable_server='0'
system.ntp.use_dhcp='1'
system.ntp.dhcp_interface='wan'
root@OpenWrt:~# uci show network.wan
network.wan=interface
network.wan.proto='dhcp'
network.wan.ifname='eth4'
network.wan.reqopts='1 3 6 15 33 42 51 121 249'
 2) if obtained DHCP lease has an option 42 sysntpd service will have an
 instance
 3) run "ifup wan"
 4) although the same DHCP lease was obtained, sysntpd would be stopped

Because sysntpd service is deleted when last instance is freed, its triggers
will also be released. Without these triggers in place, sysntpd will not be
reloaded when a new DHCP lease containing option 42 will be received.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
7 years agoprocd: add cancel_timeout on rc scripts when a runtime_timeout is specified
Jurgen Van Ham [Fri, 10 Feb 2017 06:55:23 +0000 (07:55 +0100)]
procd: add cancel_timeout on rc scripts when a runtime_timeout is specified

Enable procd to restrict the execution time of a rc scripts during shutdown, even
when a script ignores the SIGTERM signal by insisting after 10s with a SIGKILL.

Signed-off-by: Jurgen Van Ham <juvanham.tc@gmail.com>
7 years agoprocd: stop service using SIGKILL if SIGTERM failed to do so
Alin Năstac [Thu, 9 Feb 2017 10:02:53 +0000 (11:02 +0100)]
procd: stop service using SIGKILL if SIGTERM failed to do so

SIGKILL is sent if instance process is still running after
<term_timeout> seconds after SIGTERM has been sent. To prevent
another daemon process being launched before old process dies,
the instance is kept until SIGCHLD confirms that service has
been stopped.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
7 years agoadd missing includes
Felix Fietkau [Sat, 11 Feb 2017 14:43:36 +0000 (15:43 +0100)]
add missing includes

Including sys/sysmacros.h is now necessary for makedev() on glibc 2.25.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agoujail: fix signal forwarding
John Crispin [Wed, 8 Feb 2017 11:02:10 +0000 (12:02 +0100)]
ujail: fix signal forwarding

Signed-off-by: John Crispin <john@phrozen.org>
7 years agoinit: fix /tmp permissions on zram
Matthias Schiffer [Thu, 26 Jan 2017 11:56:24 +0000 (12:56 +0100)]
init: fix /tmp permissions on zram

mkfs.ext4 will create the filesystem with 755, we need to chmod to 1777
explicitly.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
7 years agoujail: add basic /dev files
Etienne CHAMPETIER [Fri, 30 Dec 2016 02:08:58 +0000 (18:08 -0800)]
ujail: add basic /dev files

This adds
/dev/full
/dev/null
/dev/urandom
/dev/zero
in every jail (not having them only allow subtle bugs)

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
7 years agoservice: add reload_signal property
Jo-Philipp Wich [Tue, 13 Dec 2016 16:27:13 +0000 (17:27 +0100)]
service: add reload_signal property

Introduce a new optional property "reload_signal" which - if set - instructs
procd to not terminate and restart supervised processes upon changes, but to
send them a kill() signal instead.

This is useful for services which fully support native config reload upon
receipt of a signal.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agohotplug: fix uninitialized variable
Jo-Philipp Wich [Tue, 13 Dec 2016 15:26:03 +0000 (16:26 +0100)]
hotplug: fix uninitialized variable

Commit e999ab7 (hotplug: Check chown return value) introduced a new variable
"ret" which is not explicitely initialized, leading to the following compile
error:

    hotplug.c:155:18: error: 'ret' may be used uninitialized in this function [-Werror=maybe-uninitialized]
        if (!g || ret < 0)
                      ^
    cc1: all warnings being treated as errors

Explicitely initialize it to zero to avoid that problem.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agoservice: add service.signal ubus call
Jo-Philipp Wich [Tue, 13 Dec 2016 15:21:29 +0000 (16:21 +0100)]
service: add service.signal ubus call

Add a service.signal call to allow sending kill() signals to a service.

The default signal sent to services is SIGHUP and may be overridden by a
numerical signal value using the signal parameter.

The optional instance argument allows restricting the signal delivery to one
specific instance. If omitted, the signal is sent to all instances.

Acked-by: John Crispin <john@phrozen.org>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agotrace: use the cloned environment pointer
Felix Fietkau [Mon, 5 Dec 2016 17:16:47 +0000 (18:16 +0100)]
trace: use the cloned environment pointer

Fixes an issue where it would overwrite the first environment variable
with the preload one

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agoprocd: Fix memory leaks found by cppcheck
Rosen Penev [Sun, 4 Dec 2016 04:39:42 +0000 (20:39 -0800)]
procd: Fix memory leaks found by cppcheck

Signed-off by: Rosen Penev <rosenp@gmail.com>

7 years agohotplug: Check chown return value
Florian Fainelli [Sat, 3 Dec 2016 17:32:21 +0000 (09:32 -0800)]
hotplug: Check chown return value

Fixes:

plug/hotplug.c:152:10: error: ignoring return value of 'chown', declared with attribute warn_unused_result [-Werror=unused-result]
     chown(blobmsg_get_string(tb[0]), 0, g->gr_gid);

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
7 years agoujail: send SIGKILL to jail process if SIGTERM fails
Felix Fietkau [Fri, 2 Dec 2016 12:52:57 +0000 (13:52 +0100)]
ujail: send SIGKILL to jail process if SIGTERM fails

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agoservice: do not restart instances if data changes
Felix Fietkau [Wed, 19 Oct 2016 12:09:10 +0000 (14:09 +0200)]
service: do not restart instances if data changes

Drop in->data from instance_config_changed() checks.

So far, procd_open_data is always used in places for passing data to
other services, not for triggering restarts on specific changes.
With this change it is possible to use this behavior more explicitly
while avoiding unnecessary restarts

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agoservice: make instance_update() void and unconditionally replace config on update
Felix Fietkau [Wed, 19 Oct 2016 12:08:03 +0000 (14:08 +0200)]
service: make instance_update() void and unconditionally replace config on update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agoservice: add support for instances without command
Felix Fietkau [Wed, 19 Oct 2016 11:54:51 +0000 (13:54 +0200)]
service: add support for instances without command

This can be useful for maintaining active procd data for use in other
services, even when no helper process is active.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agoprocd: fix build when DEBUG is set
Zefir Kurtisi [Thu, 13 Oct 2016 15:40:38 +0000 (17:40 +0200)]
procd: fix build when DEBUG is set

There is a collision between the DEBUG set in the CMake file as
flag and the macro defined in log.h, resulting in build error:

In file included from ./procd/initd/init.h:19:0,
                 from ./procd/initd/init.c:33:
./procd/initd/../log.h:20:0: error: "DEBUG" redefined [-Werror]
 #define DEBUG(level, fmt, ...) do { \
 ^
<command-line>:0:0: note: this is the location of the previous definition
cc1: all warnings being treated as errors

This patch fixes the issue by renaming the build flag to
UDEV_DEBUG (since it is only used in udevtrigger).

Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
8 years agoprocd: fire events at instance respawn and failure
Zefir Kurtisi [Thu, 13 Oct 2016 14:50:56 +0000 (16:50 +0200)]
procd: fire events at instance respawn and failure

In addition to the existing 'start' and 'stop',
this commit adds 'respawn' and 'fail' events
to allow system monitors to detect and handle
unstable processes.

Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
8 years agoadd late variant of respawn and askconsole
John Crispin [Tue, 27 Sep 2016 16:09:52 +0000 (18:09 +0200)]
add late variant of respawn and askconsole

Signed-off-by: John Crispin <john@phrozen.org>
8 years agofixes a copy paste error in the service ubus binding
John Crispin [Tue, 27 Sep 2016 15:19:55 +0000 (17:19 +0200)]
fixes a copy paste error in the service ubus binding

Signed-off-by: John Crispin <john@phrozen.org>
8 years agoprocd: uClibc O_PATH backwards compatibility fixes
Hans Dedecker [Fri, 12 Aug 2016 08:27:54 +0000 (10:27 +0200)]
procd: uClibc O_PATH backwards compatibility fixes

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
8 years agotrigger: rework timeout handling and command queueing
Felix Fietkau [Fri, 29 Jul 2016 11:52:38 +0000 (13:52 +0200)]
trigger: rework timeout handling and command queueing

Instead of queueing the full json_script, only queue actual script calls
issued by it. This fixes a long standing issue where trigger events were
dropped, triggered by the following scenario:

- Set up a trigger with timeout and condition check in the script.
- Fire an event that matches the condition.
- Fire another event that does not match the condition.

This series of events will fire the delay timer of the trigger, but the
second event will replace the trigger event data. When the timer
expires, the json_script is run, but no script call is issued

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agotrigger: replace trigger_init() with static runqueue initialization
Felix Fietkau [Fri, 29 Jul 2016 10:03:50 +0000 (12:03 +0200)]
trigger: replace trigger_init() with static runqueue initialization

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agotrigger: remove unnecessary runqueue empty callback
Felix Fietkau [Fri, 29 Jul 2016 09:55:01 +0000 (11:55 +0200)]
trigger: remove unnecessary runqueue empty callback

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agotrigger: reduce indentation level in trigger_event()
Felix Fietkau [Fri, 29 Jul 2016 09:04:30 +0000 (11:04 +0200)]
trigger: reduce indentation level in trigger_event()

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 years agoprocd: remove instance_removepid call from instance_stop
Jurgen Van Ham [Fri, 15 Jul 2016 10:34:52 +0000 (12:34 +0200)]
procd: remove instance_removepid call from instance_stop

It is already called from instance_exit when the instance is stopped

Signed-off-by: Jurgen Van Ham <juvanham.tc@gmail.com>
8 years agosystem: add reboot method to system ubus object
Rafał Miłecki [Wed, 6 Jul 2016 11:55:48 +0000 (13:55 +0200)]
system: add reboot method to system ubus object

Sometimes, for various reasons, user may want to reboot a device. This
is a common task and it makes sense to support it with something common
like a procd.

Right now both: LuCI and LuCI2 implement this feature on their own with
luci-rpc-luci2-system reboot and luci-rpc-sys reboot. This leads to code
duplication and situation may become even worse with more software
controlling system with ubus.

Othen than that procd already has support for rebooting so one may
consider this ubus method even cleaner.

Once we get this patch in place we may consider switching LuCI and LuCI2
to this new method.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
8 years agosystem: fix localtime value in ubus info method output
Rafał Miłecki [Tue, 5 Jul 2016 13:40:56 +0000 (15:40 +0200)]
system: fix localtime value in ubus info method output

Function mktime respects current time zone and calling it results in
converting time back to the UTC. It means we were never returning a
time for local zone but GMT one.

The easiest solution is to use tm_gmtoff from struct tm. Unfortunately
this isn't part of POSIX but it seems to be the best idea anyway.

Alternative (worse?) solutions:
1) Use timegm that is nonstandard GNU extension
2) Work with TZ env (getenv & (un)setenv) that is not thread-safe
3) Use timegm (next to localtime) and implement function comparing two
   struct tm. This is what glibc does internally (tm_diff) when compiled
   without HAVE_TM_GMTOFF.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
8 years agoprocd: remove pidfile after unexpected termination without respawn
Jurgen Van Ham [Tue, 5 Jul 2016 07:57:18 +0000 (09:57 +0200)]
procd: remove pidfile after unexpected termination without respawn

When procd detects a daemon halts and it is not configured to
be respawned, the pidfile has to be removed.

Signed-off-by: Jurgen Van Ham <juvanham.tc@gmail.com>
8 years agocmake: Find libubox/uloop.h
Florian Fainelli [Fri, 1 Jul 2016 23:05:52 +0000 (16:05 -0700)]
cmake: Find libubox/uloop.h

Add a CMake FIND_PATH and INCLUDE_DIRECTORIES searching for
libubox/uloop.h. Some external toolchains which do not include standard
locations would fail to find the header otherwise.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
8 years agohotplug: makedev should be able to set the group of a device node
John Crispin [Thu, 16 Jun 2016 09:49:04 +0000 (11:49 +0200)]
hotplug: makedev should be able to set the group of a device node

Signed-off-by: John Crispin <john@phrozen.org>
8 years agomake /var/{run, lock, state} not world writable (0755)
Etienne CHAMPETIER [Thu, 16 Jun 2016 08:09:15 +0000 (08:09 +0000)]
make /var/{run, lock, state} not world writable (0755)

since commit be950c5e56b86509e1e237931d0ac8203372be82 (09/03/2013)
/var/{run,lock,state} are world writable (0777) which is a security issue
before that they were created by /etc/init.d/boot with normal
permissions (0755), so revert to that state

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agojail: don't always CLONE_NEWUTS
Etienne CHAMPETIER [Wed, 1 Jun 2016 20:54:06 +0000 (20:54 +0000)]
jail: don't always CLONE_NEWUTS

no -h => no CLONE_NEWUTS
-h "" => CLONE_NEWUTS
-h "newjailhostname" => CLONE_NEWUTS + sethostname

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agojail: ensure mounts are not MS_SHARED to avoid pivot_root() failure
Etienne CHAMPETIER [Sun, 29 May 2016 23:39:17 +0000 (23:39 +0000)]
jail: ensure mounts are not MS_SHARED to avoid pivot_root() failure

By default mounts are MS_PRIVATE (kernel default) but systemd
decided to make it MS_SHARED by default since v188
https://github.com/systemd/systemd/commit/b3ac5f8cb98757416d8660023d6564a7c411f0a0

This patch fixes ujail on systemd distro (useful for development at least).

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agojail: improve some logs
Etienne CHAMPETIER [Sun, 29 May 2016 23:39:16 +0000 (23:39 +0000)]
jail: improve some logs

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agojail: don't include capabilities config (-C) inside the jail
Etienne CHAMPETIER [Sun, 29 May 2016 23:39:15 +0000 (23:39 +0000)]
jail: don't include capabilities config (-C) inside the jail

Removing capabilities from the capability bounding set doesn't change
the capability effective set, so we can "drop capabilities" before we
build the jail fs, so we don't need to include the capabilities config
file into the jail.

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agojail: call build_envp() just before execve()
Etienne CHAMPETIER [Sun, 29 May 2016 23:39:14 +0000 (23:39 +0000)]
jail: call build_envp() just before execve()

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agojail: regroup add_path_and_deps() calls
Etienne CHAMPETIER [Sun, 29 May 2016 23:39:13 +0000 (23:39 +0000)]
jail: regroup add_path_and_deps() calls

we are already calling add_path_and_deps() while parsing -r/-w options,
so move the 2 remaining calls into main()

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agojail: call chdir(/) after pivot_root()
Etienne CHAMPETIER [Sun, 29 May 2016 23:39:12 +0000 (23:39 +0000)]
jail: call chdir(/) after pivot_root()

pivot_root(2) man page recommend calling chdir(/), so do it

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years ago_GNU_SOURCE should be defined for building vs uClibc
Alexey Brodkin [Mon, 23 May 2016 17:57:28 +0000 (20:57 +0300)]
_GNU_SOURCE should be defined for building vs uClibc

In uClibc-ng O_PATH and O_DIRECTORY are only defined if _GNU_SOURCE is
defined.

So explicitly define _GNU_SOURCE in sources that use O_PATH and
O_DIRECTORY.

Without that extra definition that's what happens when building procd.

utils/utils.c:
------------------------->8----------------------
.../openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/utils/utils.c:
In function 'patch_fd':
.../openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/utils/utils.c:168:22:
error: 'O_PATH' undeclared (first use in this function)
   dfd = open("/dev", O_PATH|O_DIRECTORY);
                      ^
.../openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/utils/utils.c:168:22:
note: each undeclared identifier is reported only once for each function
it appears in
.../openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/utils/utils.c:168:29:
error: 'O_DIRECTORY' undeclared (first use in this function)
   dfd = open("/dev", O_PATH|O_DIRECTORY);
                             ^
CMakeFiles/init.dir/build.make:182: recipe for target
'CMakeFiles/init.dir/utils/utils.c.o' failed
------------------------->8----------------------

inittab.c:
------------------------->8----------------------
.../openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/inittab.c:
In function 'dev_exist':
.../openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/inittab.c:72:21:
error: 'O_PATH' undeclared (first use in this function)
  dfd = open("/dev", O_PATH|O_DIRECTORY);
                     ^
.../git/openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/inittab.c:72:21:
note: each undeclared identifier is reported only once for each function
it appears in
.../git/openwrt/build_dir/target-arc_arc700_uClibc-1.0.14/procd-2016-05-19/inittab.c:72:28:
error: 'O_DIRECTORY' undeclared (first use in this function)
  dfd = open("/dev", O_PATH|O_DIRECTORY);
                            ^
CMakeFiles/procd.dir/build.make:134: recipe for target
'CMakeFiles/procd.dir/inittab.c.o' failed
make[6]: *** [CMakeFiles/procd.dir/inittab.c.o] Error 1
------------------------->8----------------------

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Waldemar Brodkorb <wbx@openadk.org>
Cc: John Crispin <john@phrozen.org>
Cc: Jo-Philipp Wich <jo@mein.io>
8 years agoutils: use O_PATH when opening /dev
Jo-Philipp Wich [Tue, 17 May 2016 15:42:11 +0000 (17:42 +0200)]
utils: use O_PATH when opening /dev

Use the O_PATH and O_DIRECTORY flags when opening the "/dev" path for the
subsequent openat() call to ensure that it is indeed a directory.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
8 years agoinittab: use more robust dev_exist() implementation
Jo-Philipp Wich [Tue, 17 May 2016 15:42:10 +0000 (17:42 +0200)]
inittab: use more robust dev_exist() implementation

Rework the dev_exist() function to use openat() in order to resolve the device
file relative to the "/dev" directory. Drop the now unused dev_open() function.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
8 years agoinitd: fix descriptor leak
Jo-Philipp Wich [Tue, 17 May 2016 15:00:47 +0000 (17:00 +0200)]
initd: fix descriptor leak

Close the descriptor to /tmp/.preinit returned by creat() in order to avoid
an fd leak in the init process.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
8 years agoinittab: use patch_stdio() for stdio redirection
Jo-Philipp Wich [Tue, 17 May 2016 15:00:46 +0000 (17:00 +0200)]
inittab: use patch_stdio() for stdio redirection

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
8 years agoinitd: use patch_stdio() for kmodloader stdio redirection
Jo-Philipp Wich [Tue, 17 May 2016 15:00:45 +0000 (17:00 +0200)]
initd: use patch_stdio() for kmodloader stdio redirection

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
8 years agoinitd: use patch_stdio() for early console setup
Jo-Philipp Wich [Tue, 17 May 2016 15:00:44 +0000 (17:00 +0200)]
initd: use patch_stdio() for early console setup

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
8 years agoutils: add patch_fd() and patch_stdio() helpers
Jo-Philipp Wich [Tue, 17 May 2016 15:00:43 +0000 (17:00 +0200)]
utils: add patch_fd() and patch_stdio() helpers

Introduce two new helper functions to deal with stdio redirecation in a
uniform, reliable manner:

The patch_fd() function will attempt to redirect the given fd number to the
specified file, using the supplied flags for the open() syscall. When the
device is NULL, "/dev/null" is asumed, when the device is a relative path,
openat() is used to open it relative to the "/dev" directory. When the device
cannot be openend, a fallback to "/dev/null" is attempted.

The patch_stdio() function is essentially a wrapper around patch_fd(),
providing an easy interface to redirect stdin, stdout and stderr to the same
given device.

Both function return 0 on success and -1 on error. The errno variable will
be set accordingly.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
8 years agopreinit: create a sentinel file during preinit
John Crispin [Sun, 15 May 2016 14:18:41 +0000 (16:18 +0200)]
preinit: create a sentinel file during preinit

Signed-off-by: John Crispin <john@phrozen.org>
8 years agoprocd: service: Support writing pidfiles
Karl Palsson [Wed, 2 Mar 2016 14:47:06 +0000 (14:47 +0000)]
procd: service: Support writing pidfiles

Use the "pidfile" attribute of a service to decide whether to write a
pidfile or not.

Files are removed on stop/restart, and correctly created if the config
has changed.

Signed-off-by: Karl Palsson <karlp@etactica.com>
8 years agoinit: reduce delay after starting kmodloader
Felix Fietkau [Sat, 5 Mar 2016 19:08:56 +0000 (20:08 +0100)]
init: reduce delay after starting kmodloader

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agomake initial ubus connect delay small, use exponential backoff
Felix Fietkau [Sat, 5 Mar 2016 14:40:36 +0000 (15:40 +0100)]
make initial ubus connect delay small, use exponential backoff

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agoservice: get rid of service_init and service_validate_init, use static avl tree initi...
Felix Fietkau [Sat, 5 Mar 2016 13:08:59 +0000 (14:08 +0100)]
service: get rid of service_init and service_validate_init, use static avl tree initialization

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agoprocd: add an option to log to stdout
Felix Fietkau [Sat, 5 Mar 2016 12:14:19 +0000 (13:14 +0100)]
procd: add an option to log to stdout

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agoadd a build-time option to disable init related code
Felix Fietkau [Sat, 5 Mar 2016 11:16:13 +0000 (12:16 +0100)]
add a build-time option to disable init related code

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agoadd ifdefs to make service/instance.c compile on non-linux systems
Felix Fietkau [Sat, 5 Mar 2016 11:15:38 +0000 (12:15 +0100)]
add ifdefs to make service/instance.c compile on non-linux systems

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agoutils.c: remove an unnecessary include
Felix Fietkau [Sat, 5 Mar 2016 11:15:11 +0000 (12:15 +0100)]
utils.c: remove an unnecessary include

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agoadd ifdefs to make system.c compile on non-linux systems
Felix Fietkau [Sat, 5 Mar 2016 11:07:04 +0000 (12:07 +0100)]
add ifdefs to make system.c compile on non-linux systems

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agoadd option to disable build of the init binary
Felix Fietkau [Sat, 5 Mar 2016 10:54:55 +0000 (11:54 +0100)]
add option to disable build of the init binary

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agoExpose EARLY_PATH as cmake flag
Jo-Philipp Wich [Mon, 8 Feb 2016 12:21:37 +0000 (13:21 +0100)]
Expose EARLY_PATH as cmake flag

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
8 years agoinitd: allow overriding early PATH through build time define
Jo-Philipp Wich [Mon, 8 Feb 2016 11:13:49 +0000 (12:13 +0100)]
initd: allow overriding early PATH through build time define

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
8 years agotrigger: fix memory leak in script calls
Felix Fietkau [Thu, 4 Feb 2016 19:37:07 +0000 (20:37 +0100)]
trigger: fix memory leak in script calls

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
8 years agoAlign early init PATH with system wide OpenWrt path value
Jo-Philipp Wich [Thu, 14 Jan 2016 12:51:36 +0000 (13:51 +0100)]
Align early init PATH with system wide OpenWrt path value

Changeset r47080 globally unified the executable search path in OpenWrt,
now update procd to use the same path value.

This fixes diverging path values observed in programs launched by netifd
which inherits the early path value from procd.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
8 years agoinstance, ujail: wire hostname (-h) option
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:27 +0000 (23:09 +0000)]
instance, ujail: wire hostname (-h) option

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: split name (-n) and hostname (-h) options
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:26 +0000 (23:09 +0000)]
ujail: split name (-n) and hostname (-h) options

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoinstance, ujail: wire no_new_privs (-c) option
John Crispin [Fri, 11 Dec 2015 11:04:52 +0000 (12:04 +0100)]
instance, ujail: wire no_new_privs (-c) option

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: add no_new_privs (-c) option
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:24 +0000 (23:09 +0000)]
ujail: add no_new_privs (-c) option

set PR_SET_NO_NEW_PRIVS to 1

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoinstance, ujail: wire remount / read only option (-o)
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:23 +0000 (23:09 +0000)]
instance, ujail: wire remount / read only option (-o)

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoinstance, ujail: remove "-P <path>" option
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:21 +0000 (23:09 +0000)]
instance, ujail: remove "-P <path>" option

we can now launch multiple time the same
ujail command without conflict

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: add O_CLOEXEC flag to open() call
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:20 +0000 (23:09 +0000)]
ujail: add O_CLOEXEC flag to open() call

if we forget to close() in the future,
this prevent fd leak

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: fixup code style // -> /* */
Etienne CHAMPETIER [Mon, 30 Nov 2015 23:09:19 +0000 (23:09 +0000)]
ujail: fixup code style // -> /* */

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: add ELF interpreter (DT_INTERP) to the jail
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:16 +0000 (16:27 +0000)]
ujail: add ELF interpreter (DT_INTERP) to the jail

this is needed by musl (openwrt DD)
uClibc/glibc is working without this

this partly fixes
https://dev.openwrt.org/ticket/20785

we still don't handle DT_RPATH, DT_RUNPATH, nodeflib, ...
see http://man7.org/linux/man-pages/man8/ld.so.8.html

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: automatically add script (#!) interpreter
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:15 +0000 (16:27 +0000)]
ujail: automatically add script (#!) interpreter

this make simple script work easily with ujail

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: rework fs jail part
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:14 +0000 (16:27 +0000)]
ujail: rework fs jail part

Change functions to work with full paths (do less split and concat of path)
  Store "soname" as key and the fullpath as path in "libraries"
  Remove "extras" list and replace it with "mounts" avl_tree
  ("mounts" also store fullpath)

Add add_path_and_deps() function to handle file/lib openning and mmaping
  Check if file is an elf (magic number) before passing it to elf_load_deps()
  elf_load_deps() now only handle elf parsing part
  next commit adds script (#!) handling

Use add_path_and_deps() with -r and -w args to automatically add dependencies

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: DT_STRTAB uses d_ptr in d_un union (not d_val)
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:13 +0000 (16:27 +0000)]
ujail: DT_STRTAB uses d_ptr in d_un union (not d_val)

see
https://docs.oracle.com/cd/E19683-01/817-3677/chapter6-42444/index.html

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: remove some debug/dev hack
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:12 +0000 (16:27 +0000)]
ujail: remove some debug/dev hack

this code is present since first ujail commit (dfcfcca7)

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: fixup code style: "func()" -> "func(void)"
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:11 +0000 (16:27 +0000)]
ujail: fixup code style: "func()" -> "func(void)"

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: add init_library_search()
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:10 +0000 (16:27 +0000)]
ujail: add init_library_search()

move all libraries search initialisation stuff
into elf.c / init_library_search()

for now we don't handle musl specific files

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: use PATH_MAX for path related buffers
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:09 +0000 (16:27 +0000)]
ujail: use PATH_MAX for path related buffers

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: search libs in /lib before /lib64
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:08 +0000 (16:27 +0000)]
ujail: search libs in /lib before /lib64

musl (openwrt DD r47603 x86-64) looks for lib only in /lib,
not in /lib64, and /lib64 is a symlink to /lib, so ujail find
all the libs in /lib64, add them in the jail (only under /lib64)
and then musl fails to find the libs.

uClibc (openwrt CC r47608 x86-64) looks for lib in /lib and
/usr/lib, not in /lib64 (/lib64 is also a symlink to /lib)

/lib64 is before /lib since the first commit, i don't know
if it was on purpose

this partly fixes
https://dev.openwrt.org/ticket/20785

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: remove "#include log.h" from elf.h
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:07 +0000 (16:27 +0000)]
ujail: remove "#include log.h" from elf.h

headers must include all there dependencies, no more, no less

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
8 years agoujail: add <stdio.h> and <syslog.h> to seccomp.h
Etienne CHAMPETIER [Fri, 27 Nov 2015 16:27:06 +0000 (16:27 +0000)]
ujail: add <stdio.h> and <syslog.h> to seccomp.h

headers must include all there dependencies, no more, no less

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>