From 8097fd4d5f7f0e995db2a80aca03d8258907f85b Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Mon, 13 Apr 2020 03:19:01 +0100 Subject: [PATCH] procd: jail: fix segfault and add console feature 2e73848 jail: SIGSEGV must not be forwarded to the child process 7e150f6 jail: unnamed jails can not have netns (fix segfault) 1ab539b jail: add option to provide /dev/console to containers Signed-off-by: Daniel Golle --- package/system/procd/Makefile | 19 ++++++++++++++++--- package/system/procd/files/procd.sh | 1 + 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/package/system/procd/Makefile b/package/system/procd/Makefile index 8ae1e3f12ff..51e4bf279ad 100644 --- a/package/system/procd/Makefile +++ b/package/system/procd/Makefile @@ -12,9 +12,9 @@ PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/procd.git -PKG_SOURCE_DATE:=2020-04-25 -PKG_SOURCE_VERSION:=17e7ae769a4739e4b41a93f588d52cfd216b8eb2 -PKG_MIRROR_HASH:=6763cb63a53222d44be3b1ef238f3b9198d31fd533534abbbdc02202d3ef88e0 +PKG_SOURCE_DATE:=2020-05-15 +PKG_SOURCE_VERSION:=1ab539b3a8a0070b493112c8263ab380a689db66 +PKG_MIRROR_HASH:=fcc9fb1a046dbbea776ab1ca616c885e73d6a0a35c2278b8fddcc7e42d6b8647 CMAKE_INSTALL:=1 PKG_LICENSE:=GPL-2.0 @@ -56,6 +56,13 @@ define Package/procd-ujail TITLE:=OpenWrt process jail helper endef +define Package/procd-ujail-console + SECTION:=base + CATEGORY:=Base system + DEPENDS:=+procd-ujail +libubus +libubox + TITLE:=OpenWrt process jail console +endef + define Package/procd-seccomp SECTION:=base CATEGORY:=Base system @@ -110,6 +117,11 @@ define Package/procd-ujail/install $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ujail $(1)/sbin/ endef +define Package/procd-ujail-console/install + $(INSTALL_DIR) $(1)/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ujail-console $(1)/sbin/ +endef + define Package/procd-seccomp/install $(INSTALL_DIR) $(1)/sbin $(1)/lib $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libpreload-seccomp.so $(1)/lib @@ -120,4 +132,5 @@ endef $(eval $(call BuildPackage,procd)) $(eval $(call BuildPackage,procd-ujail)) +$(eval $(call BuildPackage,procd-ujail-console)) $(eval $(call BuildPackage,procd-seccomp)) diff --git a/package/system/procd/files/procd.sh b/package/system/procd/files/procd.sh index b8605396e9b..dd6dc1c58df 100644 --- a/package/system/procd/files/procd.sh +++ b/package/system/procd/files/procd.sh @@ -198,6 +198,7 @@ _procd_add_jail() { netns) json_add_boolean "netns" "1";; userns) json_add_boolean "userns" "1";; cgroupsns) json_add_boolean "cgroupsns" "1";; + console) json_add_boolean "console" "1";; esac done json_add_object "mount" -- 2.30.2