From 2bab58cdcb38ab57095d64f8f216631027266a69 Mon Sep 17 00:00:00 2001 From: Lars Gierth Date: Tue, 12 May 2015 02:09:23 +0200 Subject: [PATCH] cjdns: add seccomp config flag Signed-off-by: Lars Gierth --- cjdns/lua/cjdns/uci.lua | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/cjdns/lua/cjdns/uci.lua b/cjdns/lua/cjdns/uci.lua index 70c33bc..0127f44 100644 --- a/cjdns/lua/cjdns/uci.lua +++ b/cjdns/lua/cjdns/uci.lua @@ -10,7 +10,14 @@ common.uci = UCI -- @return table with configuration defaults function UCI.defaults() return { - security = { { exemptAngel = 1, setuser = "nobody" } }, + security = { + { setuser = "nobody", keepNetAdmin = 1 }, + { chroot = "/var/run/" }, + { nofiles = 0 }, + { noforks = 1 }, + { seccomp = 0 }, + { setupComplete = 1 } + }, router = { ipTunnel = { outgoingConnections = {}, allowedConnections = {} }, interface = { type = "TUNInterface" } @@ -45,6 +52,12 @@ function UCI.get() obj.router.interface.tunDevice = config.tun_device end + for i,section in pairs(obj.security) do + if type(section.seccomp) == "number" then + obj.security[i].seccomp = tonumber(config.seccomp) + end + end + cursor:foreach("cjdns", "iptunnel_outgoing", function(outgoing) table.insert(obj.router.ipTunnel.outgoingConnections, outgoing.public_key) end) @@ -127,7 +140,7 @@ function UCI.set(obj) private_key = obj.privateKey, admin_password = obj.admin.password, admin_address = admin_address, - admin_port = admin_port, + admin_port = admin_port }) if obj.router.interface.tunDevice then @@ -136,6 +149,18 @@ function UCI.set(obj) }) end + if obj.security then + for i,section in pairs(obj.security) do + for key,value in pairs(section) do + if key == "seccomp" then + UCI.cursor_section(cursor, "cjdns", "cjdns", "cjdns", { + seccomp = tonumber(value) + }) + end + end + end + end + if obj.router.ipTunnel.outgoingConnections then for i,public_key in pairs(obj.router.ipTunnel.outgoingConnections) do UCI.cursor_section(cursor, "cjdns", "iptunnel_outgoing", nil, { -- 2.30.2