Daniel Golle [Wed, 13 Nov 2024 21:22:48 +0000 (22:22 +0100)]
initd: mount /sys and /proc with MS_RELATIME
Despite access timestamps not being needed on /sys and /proc, using
MS_NOATIME leads to many container tools not working because the new
mounts of /proc or /sys are more revealing than the original ones.
This results in not being able to mount /proc inside a user namespace
with procd's uxc, but also other tools like bubblewrap, podman or lxd.
Fix this by setting MS_RELATIME instead.
The problem has been present in procd since commit
9fcc900 ("fix up the
mount options to match what openwrt had before using procd as pid 1") but
also in pre-procd OpenWrt releases.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Florian Eckert [Fri, 25 Oct 2024 09:04:10 +0000 (11:04 +0200)]
system: fix description value from os-release
When changing the read file from '/etc/openwrt_release' to
'/usr/lib/os-release', the correct variable for reading the description
was not selected. The correct variable from the file ‘/usr/lib/os-release’
is 'OPENWRT_RELEASE'.
Fixes: 0f88a52dc8a5 ("system: replace openwrt_release with os-release")
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
[ add fixes tag ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Florian Eckert [Mon, 22 Jul 2024 09:24:18 +0000 (11:24 +0200)]
system: add build date to ubus output
In the buildsystm the value 'SOURCE_DATE_EPOCH' is used for reproducible
builds. This commit adds the new information to the system board ubus call.
This information must also be added during the openwrt build to the
'/usr/lib/os-release' file so that this can be read.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Florian Eckert [Thu, 20 Jun 2024 07:53:12 +0000 (09:53 +0200)]
system: replace openwrt_release with os-release
The information required for output via the ubus is currently read from
the file '/etc/openwrt_release'. The same information can also be found
under '/usr/lib/os-release'. This file contains further information and is
also the most common used file in other Linux distributions.
So let´s use this file.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Daniel Golle [Sun, 7 Jul 2024 16:54:49 +0000 (17:54 +0100)]
utils: use strlcpy when appropriate
For util functions called with a buffer and length parameter we should
use strlcpy() instead of strncpy(), as those functions are called with
sizeof(buffer) as parameter.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 1 Jul 2024 17:16:47 +0000 (18:16 +0100)]
jail: fix copy & paste error in parseOCIlinux()
blobmsg entry OCI_LINUX_GIDMAPPINGS is wrongly applied as
uidmappings because of a copy & paste error. Fix that.
Coverity CID
1605920: Incorrect expression (COPY_PASTE_ERROR)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sat, 30 Mar 2024 13:07:29 +0000 (13:07 +0000)]
utils: get_cmdline_val: add missing error check
Add check to prevent read() in case open() has failed.
Coverity CID:
1595922: Error handling issues (NEGATIVE_RETURNS)
Fixes: 6f52ef3 ("get_cmdline_val: search for entire name, not just suffix")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Tony Ambardar [Wed, 6 Mar 2024 00:27:42 +0000 (16:27 -0800)]
trace: use standard POSIX header for basename()
The musl libc only implements POSIX basename() but provided a GNU header
kludge in <string.h>, which was removed in musl 1.2.5 [1]. Use the standard
<libgen.h> header to avoid compilation errors like:
trace/trace.c: In function 'main':
trace/trace.c:435:64: error: implicit declaration of function 'basename';
did you mean 'rename'? [-Werror=implicit-function-declaration]
435 | if (asprintf(&json, "/tmp/%s.%u.json", basename(*argv), child) < 0)
| ^~~~~~~~
| rename
cc1: all warnings being treated as errors
Link 1: https://git.musl-libc.org/cgit/musl/log/?qt=grep&q=basename
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Dragan Milenkovic [Mon, 1 May 2023 11:11:02 +0000 (13:11 +0200)]
watchdog: always close fd on watchdog stop
The user may asks for procd watchdog handler to be stopped
with or without disabling it, by specifying the magicclose flag.
If the flag is set, the watchdog will be disabled and the fd closed,
allowing the user to take control over the watchdog.
There is a race in this scenario. If the system fails before
the user re-enables the watchdog, the system might hang
without a proper reset.
To prevent this, the user should ask the procd handler to be stopped
without disabling the watchdog, by specifying magicclose as false.
However, in this case, the procd will only stop refreshing the watchdog,
but will leave the fd open. At least on Raspberry Pi, this prevents
anyone else from opening the watchdog device, resulting in EBUSY.
With this patch, watchdog fd will always be closed, regardless
of the magicclose flag, allowing for the described safe use-case.
For user that previously stopped the watchdog handler
with the magicclose flag, the functionality remains unchanged.
Signed-off-by: Dragan Milenkovic <strpbrk@tesla.rcub.bg.ac.rs>
INAGAKI Hiroshi [Tue, 12 Mar 2024 04:14:24 +0000 (13:14 +0900)]
inittab: fallback when multiple "console=" is detected
Linux Kernel uses a console in the last "console=" parameter in bootargs
as /dev/console, so falllback to /dev/console or get_active_console()
when multiple "console=" parameter is found in bootargs, instead of
using the first console.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
INAGAKI Hiroshi [Tue, 12 Mar 2024 04:05:46 +0000 (13:05 +0900)]
utils: add key-value offset support to get_cmdline_val()
Add offset support of key-value pairs to get_cmdline_val() for getting
multiple values of the same keys.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Paul Spooren [Thu, 26 Oct 2023 07:31:18 +0000 (09:31 +0200)]
ci: enable ujail builds
Signed-off-by: Paul Spooren <mail@aparcar.org>
Paul Spooren [Thu, 26 Oct 2023 07:28:11 +0000 (09:28 +0200)]
test commit fixing warnings
Signed-off-by: Paul Spooren <mail@aparcar.org>
Paul Spooren [Thu, 26 Oct 2023 07:21:28 +0000 (09:21 +0200)]
ci: add github test workflow
Signed-off-by: Paul Spooren <mail@aparcar.org>
Daniel Golle [Wed, 21 Feb 2024 00:10:53 +0000 (00:10 +0000)]
system: break infite loop resolving rootfs type
When running procd outside of OpenWrt, e.g. for debugging or research
situations inside a container environment, an inifite loop can occur
when trying to determine the rootfs type. Make sure that doesn't
happen.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 21 Feb 2024 00:06:37 +0000 (00:06 +0000)]
hotplug-dispatch: don't filter empty env variables
Empty environment variables are a valid case and are needed to
override (or remove) existing variables such as HOSTNAME.
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
John Crispin [Tue, 28 Nov 2023 07:48:33 +0000 (08:48 +0100)]
udebug: add support for logging via udebug
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Markus Gothe [Mon, 28 Aug 2023 14:12:01 +0000 (14:12 +0000)]
service: Fix retriggering of init.d-scripts.
Fix retriggering of init.d-scripts which calls
commands dependent on functional STDIN/STDOUT/STDERR.
If we just close these file descriptors those commands
will not work as expected leading to unwanted
consequences. If we instead redirect the file descriptors
to /dev/null, we will end up the same end-result and these
commands will work as expected.
Signed-off-by: Markus Gothe <markus.gothe@genexis.eu>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [refactor]
Yu Chien Peter Lin [Thu, 15 Jun 2023 03:32:33 +0000 (11:32 +0800)]
system: add RISC-V CPU info
This patch adds the missing information about RISC-V architecture,
which has been supported by OpenWrt. Currently, LuCI shows "?" at the
field of Architecture, we add "RISC-V" with isa string parsed from
/proc/cpuinfo.
For example, the following platform generates "RISC-V (rv64imafdc)":
root@OpenWrt:/# cat /proc/cpuinfo
processor : 0
hart : 0
isa : rv64imafdc
mmu : sv48
mvendorid : 0x31e
marchid : 0x8000000000008a45
mimpid : 0x820
Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Stijn Tintel [Wed, 23 Nov 2022 15:20:43 +0000 (17:20 +0200)]
Revert "sysupgrade: print errno on failure"
This commit was taken from one of my staging branches without my
knowledge. Testing exposed problems with strerror, and the commit
message was not updated to reflect the use of strerror either.
Failed to exec upgraded: No error information
This reverts commit
039b88f75367203e540009cc97603b1bce3fafa6.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Daniel Golle [Fri, 13 Jan 2023 23:17:06 +0000 (23:17 +0000)]
init: attempt to mount efivarfs
Mount efivarfs to /sys/firmware/efi/efivars if available.
Tested-by: Oskari Rauta <oskari.rauta@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Fri, 13 Jan 2023 18:53:07 +0000 (18:53 +0000)]
jail: don't assume positive return value of creat
Handle a (theoretical) error case when calling creat in
create_dev_console function.
Coverity CID:
1490100 (Argument cannot be negative)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Thu, 12 Jan 2023 17:57:51 +0000 (17:57 +0000)]
jail: fs: don't overwrite existing mount target
Using the creat() function overwrites existing files which is
unintended when it comes to making sure the target of a single-file
mount exists. Instead, use open() with the O_EXCL flag to make sure
mount targets are only created if actually needed.
While at it also clean up various error paths of the do_mounts
function, making sure the additionally allocated string being created
for the path inside the jail's root filesystem is always freed
and also making it a bit more readable and less bloated.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Stijn Tintel [Tue, 8 Nov 2022 12:43:25 +0000 (14:43 +0200)]
sysupgrade: print errno on failure
The error message "Failed to exec upgraded." is not very informative.
Add errno to the message to make it more useful.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Yuteng Zhong [Sun, 9 Oct 2022 14:53:27 +0000 (22:53 +0800)]
jail: ignore missing .dynamic sect
A static-linked binary doesn't have a .dynamic section, but when
starting ujail with -r or -w will automatically search for PT_DYNAMIC in
ELF and exit with failure if it is not found.
github issue: https://github.com/openwrt/openwrt/issues/10933
Signed-off-by: Yuteng Zhong <zonyitoo@qq.com>
Philipp Meier [Tue, 8 Nov 2022 13:38:37 +0000 (14:38 +0100)]
jail: correctly check for null pointer
Handle case where opts.sysctl is not used.
Signed-off-by: Philipp Meier <philipp.meier@westermo.com>
Stijn Tintel [Mon, 26 Sep 2022 17:42:32 +0000 (20:42 +0300)]
instance: dump netdev params
Add the netdev param to the instance_dump function to make it possible
to verify this for an existing instance.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: John Crispin <john@phrozen.org>
Christian Marangi [Sun, 17 Jul 2022 11:11:36 +0000 (13:11 +0200)]
jail: fix various ignoring return value compilation warning
This fix the following compilation error:
jail/jail.c: In function 'main':
jail/jail.c:2733:33: error: ignoring return value of 'asprintf' declared with attribute 'warn_unused_result' [-Werror=unused-result]
2733 | asprintf(&opts.envp[envc++], "%s=%s", enve->envarg, tmp);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jail/jail.c: In function 'build_jail_fs':
jail/jail.c:740:24: error: ignoring return value of 'symlink' declared with attribute 'warn_unused_result' [-Werror=unused-result]
740 | (void) symlink("../dev/resolv.conf.d/resolv.conf.auto", jaillink);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jail/jail.c: In function 'create_devices':
jail/jail.c:643:16: error: ignoring return value of 'symlink' declared with attribute 'warn_unused_result' [-Werror=unused-result]
643 | (void) symlink("/dev/pts/ptmx", "/dev/ptmx");
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jail/jail.c:644:16: error: ignoring return value of 'symlink' declared with attribute 'warn_unused_result' [-Werror=unused-result]
644 | (void) symlink("/proc/self/fd", "/dev/fd");
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jail/jail.c:645:16: error: ignoring return value of 'symlink' declared with attribute 'warn_unused_result' [-Werror=unused-result]
645 | (void) symlink("/proc/self/fd/0", "/dev/stdin");
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jail/jail.c:646:16: error: ignoring return value of 'symlink' declared with attribute 'warn_unused_result' [-Werror=unused-result]
646 | (void) symlink("/proc/self/fd/1", "/dev/stdout");
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jail/jail.c:647:16: error: ignoring return value of 'symlink' declared with attribute 'warn_unused_result' [-Werror=unused-result]
647 | (void) symlink("/proc/self/fd/2", "/dev/stderr");
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Christian Marangi [Sun, 17 Jul 2022 11:09:47 +0000 (13:09 +0200)]
jail: add WARNING macro to log non critical warning message
Add an additional WARNING macro to log non critical warning message.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Junnan Xu [Fri, 17 Jun 2022 07:20:04 +0000 (15:20 +0800)]
utrace: fix memory leak
Fixes following memory leak:
14 bytes in 1 blocks are definitely lost in loss record 1 of 5
at 0x4079514: malloc (vg_replace_malloc.c:309)
by 0x4049A04: vasprintf (vasprintf.c:13)
by 0x4046354: asprintf (asprintf.c:10)
by 0x80491A9: main (in /root/utrace)
134 bytes in 1 blocks are definitely lost in loss record 3 of 5
at 0x4079514: malloc (vg_replace_malloc.c:309)
by 0x4049A04: vasprintf (vasprintf.c:13)
by 0x4046354: asprintf (asprintf.c:10)
by 0x8049208: main (in /root/utrace)
Signed-off-by: Junnan Xu <junnanx.xu@gmail.com>
Reviewed-by: Rui Salvaterra <rsalvaterra@gmail.com>
Daniel Golle [Tue, 31 May 2022 16:14:37 +0000 (17:14 +0100)]
init: only relabel rootfs if started from initramfs
Do not relabel all the filesystem if not running from initramfs, it
should only be needed in this case.
Read-write (ext4) labels should be set when generating the filesystem
just like it's done for squashfs.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sat, 7 May 2022 12:15:30 +0000 (13:15 +0100)]
init: selinux: don't relabel virtual filesystems
Attempting to relabel /dev/console, /proc or /sys results in an error
message. Avoid that by excluding them when relabeling rootfs on boot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Tue, 3 May 2022 00:12:04 +0000 (01:12 +0100)]
init: restore SELinux labels after policy is loaded
Introduce an additional SELinux init step to calling restorecon to
label the filesystem. This fixes SELinux on initramfs or systems
with ext4 or ubifs read-write root filesystem.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Tue, 12 Apr 2022 23:11:23 +0000 (00:11 +0100)]
jail: include necessary files for per-netns netifd instance
Up to now only proto 'static' and 'none' have been supported for
in-jail interfaces as Shell-based protocol handlers needed some more
utilities, PATH set in the environment and /var/ubus/ubus.sock to be
mounted on the per-netns-jail ubus socket.
Include files needed by shell proto handler, set PATH in env and bend
ubus socket path to get DHCP client to work for per-jail netns.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 20 Feb 2022 12:43:36 +0000 (12:43 +0000)]
uxc: fix potential NULL-pointer dereference
Check for NULL returned by strrchr() and return error in that case.
It should not be reachable as the string should always contain a '/'
character, but follow best practices anyway.
Coverity CID:
1500356 Dereference null return value
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Rui Salvaterra [Mon, 29 Jun 2020 10:24:35 +0000 (11:24 +0100)]
procd: completely remove tmp-on-zram support
The configuration settings were removed from the package, this is now dead code.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Daniel Golle [Fri, 18 Feb 2022 20:41:02 +0000 (20:41 +0000)]
instance: exit in case asprintf() fails
If asprintf returns -1 we are most likely out of memory, so just exit
in that case.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Fri, 18 Feb 2022 20:01:32 +0000 (20:01 +0000)]
uxc: remove unused printf parameter
Remove unused string paramter from asprintf.
Fixes build with glibc because warnings are treated as errors.
Fixes: df1123e ("uxc: add support for user-defined settings")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Fri, 18 Feb 2022 02:31:37 +0000 (02:31 +0000)]
uxc: clean up error handling
Use negative return value to indicate errors and positive return value
for quantitative information.
Use 'bool' return type for some functions which never throw an error.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Fri, 18 Feb 2022 01:16:50 +0000 (01:16 +0000)]
uxc: allow editing settings using 'create'
Users may want to change settings of a container other than just
whether it is being started on boot or not.
Allow changing the user-defined settings by utilizing the existing
command line parameters in combination with the 'create' call.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Thu, 17 Feb 2022 20:43:34 +0000 (20:43 +0000)]
uxc: add support for user-defined settings
Instead of keeping both, the container defintion and settings in the
same file, split-off the user-defined settings into a separate file.
This has the advantage that user-defined settings are retained in case
the container definition is replaced or updated.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Peter Lundkvist [Sun, 23 Jan 2022 10:25:04 +0000 (11:25 +0100)]
procd: seccomp/jail: Fix build error on arm with glibc
This fixes the make_syscall_h.sh script to recognize both
__NR_Linux, used by mips, and __NR_SYSCALL_BASE and
__ARM_NR_BASE used by arm.
Run-tested on arm (ipq806x) and mips (ath79), both with glibc.
Compile-tested and checked resulting syscall_names.h file wuth
glibc: aarch64, powerpc, x86_64, i486
musl: arm, mips
Fixes: FS#4194, FS#4195
Signed-off-by: Peter Lundkvist <peter.lundkvist@gmail.com>
Rui Salvaterra [Sun, 9 Jan 2022 23:27:28 +0000 (23:27 +0000)]
procd: clean up /dev/pts mounts
The default mode is already 600, no need to specify it. Access times are also
irrelevant.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Rui Salvaterra [Sun, 9 Jan 2022 23:27:27 +0000 (23:27 +0000)]
procd: mount /dev with noexec
/dev is writable. Allowing execution inside it makes it a possible attack
vector. Kees Cook recently sent a kernel patch [1] in order to mount /dev as
noexec and nosuid for systems which rely on CONFIG_DEVTMPFS_MOUNT=y to
create/populate /dev, which isn't our case (it's procd's responsibility).
Add noexec to the /dev mount flags, since we already use nosuid (and keep the
coldplug flags symmetric, while at it). This carries the risk of breaking very
old, pre-KMS graphics drivers [2], but it shouldn't be a problem for systems
built in the last ~15 years. The vast majority of our targets doesn't have a
GPU, anyway. :)
[1] https://lore.kernel.org/all/YcMfDOyrg647RCmd@debian-BULLSEYE-live-builder-AMD64/
[2] https://lore.kernel.org/all/CAPXgP12e5LpN6XVxaXOHhH=u8XXN==2reTaJDCoCk4tP4QduDQ@mail.gmail.com/
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Roman Azarenko [Tue, 11 Jan 2022 15:45:51 +0000 (16:45 +0100)]
procd: jail/cgroups: correctly enable "rdma" when requested
Fixes a copy-paste error, where "pids" cgroup was enabled instead of "rdma".
Signed-off-by: Roman Azarenko <roman.azarenko@iopsys.eu>
Daniel Golle [Sun, 26 Dec 2021 12:06:38 +0000 (12:06 +0000)]
uxc: fix two minor issues reported by Coverity
Fixes CID
1496022 (UNINIT) and CID
1496023 (RESOURCE_LEAK).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 20 Dec 2021 02:28:07 +0000 (02:28 +0000)]
uxc: usage message cosmetics
Fix tabs in usage message.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 20 Dec 2021 01:44:41 +0000 (01:44 +0000)]
remove ujail-console
ujail-console is now integrated in uxc.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 19 Dec 2021 22:38:16 +0000 (22:38 +0000)]
uxc: integrate console into uxc
Prepare to get rid of ujail-console by integrating console features
into uxc.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 19 Dec 2021 19:56:14 +0000 (19:56 +0000)]
uxc: consider uvol and etc location for configurations
Rather than switching to consider only uvol location for configuration
files once that path is existing, consider both locations.
Plus some small style fixes here and there while at it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Fri, 10 Dec 2021 13:48:59 +0000 (13:48 +0000)]
jail: make sure jailed process is terminated
Don't ever send SIGKILL to ujail, as that will kill ujail but not the
jailed process.
Instead, let ujail send SIGKILL in case of SIGTERM not succeeding after
the term_timeout which procd now passes down to ujail.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Tue, 16 Nov 2021 03:06:36 +0000 (03:06 +0000)]
procd: service_stop_all: also kill inittab actions
Also send SIGKILL to all actions spawned by inittab.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
John Crispin [Fri, 12 Nov 2021 18:59:29 +0000 (19:59 +0100)]
procd: add full service shutdown prior to sysupgrade
Currently OpenWrt will use the kill loop in stage2 to stop tasks. This can
fail as seen with wpa_supplicant not properly shutting down with certain
mesh configurations. Trigger the existing service_stop() code path for all
services just before exec'ing to upgraded.
Signed-off-by: John Crispin <john@phrozen.org>
[make use of *_safe function now introduced for that purpose, also stop
container instances]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sat, 20 Nov 2021 16:13:23 +0000 (16:13 +0000)]
service: move jail parsing to end of instance parser
Generating parameters for ujail assumes that other instance attributes
such as 'env' have already been populated.
Move parsing jail to end of the instance parser to make that assumption
hold true.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Florian Eckert [Wed, 17 Nov 2021 10:41:17 +0000 (11:41 +0100)]
system: add diskfree infos to ubus
This change adds the missing information about how much space is available
on the root directory and in the temp directory. I took this
implementation from the luci2 repository and adapted it for the procd
service.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Daniel Golle [Thu, 11 Nov 2021 11:53:58 +0000 (11:53 +0000)]
jail: allow passing environment variable to procd jailed process
Introduce new option '-e' to ujail which can be stated multiple times
to import environment variables to the jailed process environment.
Use that option to import selected environment variables defined for
a jailed service instance to its environment.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Stijn Tintel [Thu, 4 Nov 2021 10:37:10 +0000 (12:37 +0200)]
trigger: use uloop_timeout_remaining64
The uloop_timeout_remaining function is being deprecated.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Hauke Mehrtens [Mon, 1 Nov 2021 13:52:55 +0000 (14:52 +0100)]
jail: elf: Remove MIPS 64 warning
Revert commit
33b799b ("ujail: elf: work around GCC bug on MIPS64")
The procd jails are working fine on MIPS64 too now.
I saw this error message when add_path_and_deps() was called which calls
elf_load_deps() again under some conditions. This is happening because
gcc_mips64_bug_work_around is stored in the data segment.
We have a call trace like this:
elf_load_deps()
gcc_mips64_bug_work_around = 1;
call add_path_and_deps()
call elf_load_deps()
gcc_mips64_bug_work_around = 1;
error if gcc_mips64_bug_work_around =! 1
gcc_mips64_bug_work_around = 0;
return;
return;
error if gcc_mips64_bug_work_around =! 1
return;
I got the same error messages on MIPS 32 BE, when I removed the compile
check.
This was tested in qemu on MIPS 64 BE and MIPS64 LE.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Mon, 1 Nov 2021 13:52:54 +0000 (14:52 +0100)]
jail: elf: Use 64 bit variables for elf offsets
The members p_offset, p_filesz and p_vaddr of the structure Elf64_Phdr
are all uint64_t. This structure is used for 64 bit applications.
Without this change we would convert the 64 bit values into 32 bit
values and an overflow could happen in this conversion.
On MIPS 64 BE the variable load_vaddr has the value 0x120000000 which
sets the 32th bit which will overflow when converted to a 32 bit value.
On 32 bit systems Elf32_Phdr is used with uint32_t, converting this to
64 bit values too should not cause problems as this is not in the hot
path.
Without this fix I am getting error messages like this at bootup on MIPS 64 BE:
[ 16.622602] do_page_fault(): sending SIGSEGV to ujail for invalid read access from
00000100f37251e3
[ 16.622907] epc =
000000aaab4ed0e0 in ujail[
aaab4e0000+18000]
[ 16.623237] ra =
000000aaab4ed694 in ujail[
aaab4e0000+18000]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Fri, 22 Oct 2021 20:53:32 +0000 (22:53 +0200)]
jail: Fix build with glibc
Add missing include for open(). This fixes the build with glibc.
Fixes: 82dd39024f63 ("jail: make use of per-container netifd via ubus")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Daniel Golle [Sun, 17 Oct 2021 16:22:56 +0000 (17:22 +0100)]
uxc: add missing 'break' statement
Without the break statement the next element in the iteration will
overwrite the found attributes.
Stop iterating once entry has been found, so matching attributes will
be used.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 17 Oct 2021 08:34:55 +0000 (09:34 +0100)]
jail: netifd: check target netns fd before using it
Make sure filehandler is non-negative before using it.
Coverity CID:
1492888 Negative returns
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sat, 16 Oct 2021 23:29:08 +0000 (00:29 +0100)]
jail: netifd: fix error handling issue reported by coverity
Check asprintf return value instead of checking for NULL-pointer.
Coverity CID:
1492158 Unchecked return value
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sat, 16 Oct 2021 23:24:29 +0000 (00:24 +0100)]
jail: netifd: code cosmetics
Make code more readable by renaming ambigous variable name 'ctx' to
'host_ubus_ctx' (global) or 'uci_ctx' (local in gen_jail_uci_network).
Rename 'netifd_ubus_ctx' to 'jail_ubus_ctx' to make the jail vs. host
roles more obvious.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Tue, 12 Oct 2021 00:30:38 +0000 (01:30 +0100)]
jail: make use of per-container netifd via ubus
Make ujail expose 'network_reload' function on ubus so we can
reconfigure network interfaces inside containers.
Automatically call that function on network config changes by
subscribing to ubus 'service' object and waiting for 'config.change'
events concerning the network configuration.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 11 Oct 2021 22:04:38 +0000 (23:04 +0100)]
jail: netifd: generate netifd uci config and mount it
Generate /etc/config/network by filtering the host config for
uci sections which are marked for that specific jail.
Feed that configuration to the per-container netifd instance.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Tue, 5 Oct 2021 20:23:37 +0000 (21:23 +0100)]
jail: fs: add support for asymmetric mount bind
Allow mounting absolute path on host to defined mountpoint inside
container using ':' character in argument of '-r' and '-w' parameters.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Tue, 12 Oct 2021 22:59:10 +0000 (23:59 +0100)]
uxc: don't free the stack
It's generally a bad idea to free variables which are stored on stack.
Better don't do that ;)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 4 Oct 2021 00:31:39 +0000 (01:31 +0100)]
uxc: fix segfault caused by use-after-free
Don't free blob_buf which was sent via ubus.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 8 Sep 2021 01:00:50 +0000 (02:00 +0100)]
jail: start ubus and netifd instances for container with netns
Start per-container instances of ubusd and netifd for containers with
private network namespace. This netifd instance will be used in future
to configure networking inside the container.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 8 Sep 2021 00:39:18 +0000 (01:39 +0100)]
Revert "jail: do not hack /etc/resolv.conf on container rootfs"
This reverts commit
b0a8ea1c3fa844d1006764fae3f0d8382351313b.
Daniel Golle [Sat, 4 Sep 2021 21:32:36 +0000 (22:32 +0100)]
instance: allow jailed service to join namespace(s)
Parse new jail attribute 'setns'.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sat, 4 Sep 2021 20:42:43 +0000 (21:42 +0100)]
jail: prepare for adding process to existing namespace
Introduce '-j' option to ujail which allows joining namespaces of
(a) existing process(es). Usage:
ujail -j <pid>:<nstype>[,<nstype>[,...]]
In order to join namespaces of different processes the '-j' option can
be used multiple times.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 13 Sep 2021 10:51:12 +0000 (11:51 +0100)]
uxc: add JSON output option for 'list' command
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 15 Sep 2021 20:29:23 +0000 (21:29 +0100)]
procd: fix container deletion
Deleting a container could lead to an attempt NULL-pointer dereference
crashing procd and triggering a reboot of the system.
Properly handle service deletion to avoid that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 5 Sep 2021 13:22:33 +0000 (14:22 +0100)]
trace: don't leak file descriptor in error path
Coverity CID:
1491022 Resource leak
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Nick Hainke [Tue, 31 Aug 2021 09:09:19 +0000 (11:09 +0200)]
initd: fix off-by-one error in mkdev.c
Substract 1 from bufsize so len can not be out of bounds. Same
hanling as in "udevtrigger.c" in "sysfs_resolve_link".
Replaces:
8eb1d783
Coverity CID:
1330087 Readlink used insecurely
Signed-off-by: Nick Hainke <vincent@systemli.org>
Nick Hainke [Tue, 31 Aug 2021 09:09:18 +0000 (11:09 +0200)]
Revert "initd: fix off-by-one error in mkdev.c"
This reverts commit
8eb1d783cca6e0d501dd3a2f94262ffc36ae6482.
This line reads a symbolic link into the string buffer "buf".
len = readlink(buf2, buf, sizeof(buf));
The commit replaced now
buf[len] = 0;
with
buf[sizeof(buf) - 1] = '\0';
However, that does not work since readlink does not null-terminate
the string written into "buf" and "buf[len] = 0" was used for that.
What happens if the buffer is to small?
"If the buf argument is not large enough to contain the link content,
the first bufsize bytes shall be placed in buf."
(Source: https://pubs.opengroup.org/onlinepubs/
009695399/functions/readlink.htm)
Signed-off-by: Nick Hainke <vincent@systemli.org>
Daniel Golle [Mon, 30 Aug 2021 23:44:29 +0000 (00:44 +0100)]
trace: preload: avoid NULL-dereference here as well
Fix potential NULL-pointer derefence in trace/preload.c similar to how
it was fixed in jail/preload.c by commit
b824a89
("jail: preload: avoid NULL-dereference in case things go wrong").
Coverity CID:
1446096 Dereference after null check
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 30 Aug 2021 23:39:12 +0000 (00:39 +0100)]
jail: actually check calloc return value
Instead of checking the return value of calloc(), the check intended
for that would rather check if the pointer passed as an argument.
As that doesn't make much sense, rather actually check calloc()
return value.
Coverity CID:
1490071 Dereference before null check
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 30 Aug 2021 23:35:53 +0000 (00:35 +0100)]
utils: don't ignore open() return value
In case active console cannot be opened, return NULL early instead
of trying to read from errornous file descriptor.
Coverity CID:
1490087 Argument cannot be negative
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 30 Aug 2021 21:20:30 +0000 (22:20 +0100)]
initd: fix off-by-one error in mkdev.c
Actually make sure buffer is 0-terminated intead of writing the 0-byte
out of bounds.
Coverity CID:
1330087 Readlink used insecurely
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Nick Hainke [Mon, 30 Aug 2021 20:37:10 +0000 (22:37 +0200)]
trace: fix potential use-after-free occurence
char* tmp is used in the fprintf function altough it is already freed.
Fixes: e5b38fd1 ("trace: free memory allocated by blobmsg_format_json_indent()")
Signed-off-by: Nick Hainke <vincent@systemli.org>
Daniel Golle [Mon, 30 Aug 2021 19:20:49 +0000 (20:20 +0100)]
trace: free memory allocated by blobmsg_format_json_indent()
Only one out of two occurances have been addressed previously.
Close the other one now.
Coverity CID:
1446205
Fixes: 51f1cd23 ("trace: free string returned by blobmsg_format_json_indent()")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 30 Aug 2021 19:03:23 +0000 (20:03 +0100)]
uxc: move mountpoint of persistent config to /var/run/uxc
Using /var/state/uxc turns out to be not the smartest thing to do, use
/var/run/uxc instead.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 23 Aug 2021 17:34:32 +0000 (18:34 +0100)]
jail: protect against strcat buffer overflows
Coverity CID:
1490012 Copy into fixed size buffer
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 23 Aug 2021 17:15:20 +0000 (18:15 +0100)]
jail: preload: avoid NULL-dereference in case things go wrong
Coverity CID:
1446096 Dereference after null check
Coverity CID:
1446070 Dereference after null check
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 23 Aug 2021 17:11:08 +0000 (18:11 +0100)]
trace: handle open() return value and make sure string is terminated
Coverity CID:
1446154 Argument cannot be negative
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 23 Aug 2021 17:07:19 +0000 (18:07 +0100)]
trace: free string returned by blobmsg_format_json_indent()
Coverity CID:
1446205 Resource leak
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 23 Aug 2021 17:04:55 +0000 (18:04 +0100)]
uxc: free string returned by blobmsg_format_json_indent()
Coverity ID:
1490068 Resource leak
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 23 Aug 2021 17:01:28 +0000 (18:01 +0100)]
utils: make sure read() string is 0 terminated
Coverity CID:
1490062 String not null terminated
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 23 Aug 2021 16:49:31 +0000 (17:49 +0100)]
jail: use portable sizeof(void *)
Coverity CID:
1490010 Sizeof not portable
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 23 Aug 2021 16:47:23 +0000 (17:47 +0100)]
jail: check return value when opening console
Coverity CID:
1490048 Argument cannot be negative
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 23 Aug 2021 16:41:57 +0000 (17:41 +0100)]
jail: return to hook callback instead of just calling it
Avoid stack pollution and potentially worse things.
Coverity CID:
1490056 Dereference after null check
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 23 Aug 2021 14:22:31 +0000 (15:22 +0100)]
jail: devices: create parent folder when creating devices
Some device nodes live in subdirectories like /dev/dri.
Create those folders when populating /dev.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Kevin Darbyshire-Bryant [Sun, 22 Aug 2021 08:46:03 +0000 (09:46 +0100)]
uxc.c: fix coverity resource leak warning
707 blob_buf_free(&req);
708
CID
1490412: (RESOURCE_LEAK)
Handle variable "f" going out of scope leaks the handle.
709 return 0;
Add a close before we return
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Daniel Golle [Sun, 15 Aug 2021 13:06:39 +0000 (14:06 +0100)]
uxc: support config in uvol
In case '/var/state/uxc' exists and is a directory (or symlink pointing
to a directory), use that instead of '/etc/uxc'.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 15 Aug 2021 11:56:34 +0000 (12:56 +0100)]
uxc: fix help output
CLI option 'mounts' is wrongly called 'volumes' in help output.
Fix that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 15 Aug 2021 11:41:34 +0000 (12:41 +0100)]
uxc: fix a bunch of issues discovered by Coverity
Coverity CID:
1490024 Resource leak
Coverity CID:
1490032 Resource leak
Coverity CID:
1490039 Resource leak
Coverity CID:
1490051 Resource leak
Coverity CID:
1490055 Resource leak
Coverity CID:
1490061 Resource leak
Coverity CID:
1490068 Resource leak
Coverity CID:
1490104 Resource leak
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 15 Aug 2021 11:34:05 +0000 (12:34 +0100)]
service: make sure string read is null terminated
Coverity CID:
1490007 String not null terminated
Signed-off-by: Daniel Golle <daniel@makrotopia.org>