| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
This commit was taken from one of my staging branches without my
knowledge. Testing exposed problems with strerror, and the commit
message was not updated to reflect the use of strerror either.
Failed to exec upgraded: No error information
This reverts commit 039b88f75367203e540009cc97603b1bce3fafa6.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| |
|
|
|
|
|
| |
Mount efivarfs to /sys/firmware/efi/efivars if available.
Tested-by: Oskari Rauta <oskari.rauta@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
| |
Handle a (theoretical) error case when calling creat in
create_dev_console function.
Coverity CID: 1490100 (Argument cannot be negative)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using the creat() function overwrites existing files which is
unintended when it comes to making sure the target of a single-file
mount exists. Instead, use open() with the O_EXCL flag to make sure
mount targets are only created if actually needed.
While at it also clean up various error paths of the do_mounts
function, making sure the additionally allocated string being created
for the path inside the jail's root filesystem is always freed
and also making it a bit more readable and less bloated.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
| |
The error message "Failed to exec upgraded." is not very informative.
Add errno to the message to make it more useful.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| |
|
|
|
|
|
|
|
|
| |
A static-linked binary doesn't have a .dynamic section, but when
starting ujail with -r or -w will automatically search for PT_DYNAMIC in
ELF and exit with failure if it is not found.
github issue: https://github.com/openwrt/openwrt/issues/10933
Signed-off-by: Yuteng Zhong <zonyitoo@qq.com>
|
| |
|
|
|
|
| |
Handle case where opts.sysctl is not used.
Signed-off-by: Philipp Meier <philipp.meier@westermo.com>
|
| |
|
|
|
|
|
|
| |
Add the netdev param to the instance_dump function to make it possible
to verify this for an existing instance.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: John Crispin <john@phrozen.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fix the following compilation error:
jail/jail.c: In function 'main':
jail/jail.c:2733:33: error: ignoring return value of 'asprintf' declared with attribute 'warn_unused_result' [-Werror=unused-result]
2733 | asprintf(&opts.envp[envc++], "%s=%s", enve->envarg, tmp);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jail/jail.c: In function 'build_jail_fs':
jail/jail.c:740:24: error: ignoring return value of 'symlink' declared with attribute 'warn_unused_result' [-Werror=unused-result]
740 | (void) symlink("../dev/resolv.conf.d/resolv.conf.auto", jaillink);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jail/jail.c: In function 'create_devices':
jail/jail.c:643:16: error: ignoring return value of 'symlink' declared with attribute 'warn_unused_result' [-Werror=unused-result]
643 | (void) symlink("/dev/pts/ptmx", "/dev/ptmx");
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jail/jail.c:644:16: error: ignoring return value of 'symlink' declared with attribute 'warn_unused_result' [-Werror=unused-result]
644 | (void) symlink("/proc/self/fd", "/dev/fd");
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jail/jail.c:645:16: error: ignoring return value of 'symlink' declared with attribute 'warn_unused_result' [-Werror=unused-result]
645 | (void) symlink("/proc/self/fd/0", "/dev/stdin");
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jail/jail.c:646:16: error: ignoring return value of 'symlink' declared with attribute 'warn_unused_result' [-Werror=unused-result]
646 | (void) symlink("/proc/self/fd/1", "/dev/stdout");
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jail/jail.c:647:16: error: ignoring return value of 'symlink' declared with attribute 'warn_unused_result' [-Werror=unused-result]
647 | (void) symlink("/proc/self/fd/2", "/dev/stderr");
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
|
| |
Add an additional WARNING macro to log non critical warning message.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes following memory leak:
14 bytes in 1 blocks are definitely lost in loss record 1 of 5
at 0x4079514: malloc (vg_replace_malloc.c:309)
by 0x4049A04: vasprintf (vasprintf.c:13)
by 0x4046354: asprintf (asprintf.c:10)
by 0x80491A9: main (in /root/utrace)
134 bytes in 1 blocks are definitely lost in loss record 3 of 5
at 0x4079514: malloc (vg_replace_malloc.c:309)
by 0x4049A04: vasprintf (vasprintf.c:13)
by 0x4046354: asprintf (asprintf.c:10)
by 0x8049208: main (in /root/utrace)
Signed-off-by: Junnan Xu <junnanx.xu@gmail.com>
Reviewed-by: Rui Salvaterra <rsalvaterra@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Do not relabel all the filesystem if not running from initramfs, it
should only be needed in this case.
Read-write (ext4) labels should be set when generating the filesystem
just like it's done for squashfs.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
| |
Attempting to relabel /dev/console, /proc or /sys results in an error
message. Avoid that by excluding them when relabeling rootfs on boot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
| |
Introduce an additional SELinux init step to calling restorecon to
label the filesystem. This fixes SELinux on initramfs or systems
with ext4 or ubifs read-write root filesystem.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Up to now only proto 'static' and 'none' have been supported for
in-jail interfaces as Shell-based protocol handlers needed some more
utilities, PATH set in the environment and /var/ubus/ubus.sock to be
mounted on the per-netns-jail ubus socket.
Include files needed by shell proto handler, set PATH in env and bend
ubus socket path to get DHCP client to work for per-jail netns.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
| |
Check for NULL returned by strrchr() and return error in that case.
It should not be reachable as the string should always contain a '/'
character, but follow best practices anyway.
Coverity CID: 1500356 Dereference null return value
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
The configuration settings were removed from the package, this is now dead code.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
|
| |
|
|
|
|
|
| |
If asprintf returns -1 we are most likely out of memory, so just exit
in that case.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
| |
Remove unused string paramter from asprintf.
Fixes build with glibc because warnings are treated as errors.
Fixes: df1123e ("uxc: add support for user-defined settings")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
| |
Use negative return value to indicate errors and positive return value
for quantitative information.
Use 'bool' return type for some functions which never throw an error.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
| |
Users may want to change settings of a container other than just
whether it is being started on boot or not.
Allow changing the user-defined settings by utilizing the existing
command line parameters in combination with the 'create' call.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
| |
Instead of keeping both, the container defintion and settings in the
same file, split-off the user-defined settings into a separate file.
This has the advantage that user-defined settings are retained in case
the container definition is replaced or updated.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the make_syscall_h.sh script to recognize both
__NR_Linux, used by mips, and __NR_SYSCALL_BASE and
__ARM_NR_BASE used by arm.
Run-tested on arm (ipq806x) and mips (ath79), both with glibc.
Compile-tested and checked resulting syscall_names.h file wuth
glibc: aarch64, powerpc, x86_64, i486
musl: arm, mips
Fixes: FS#4194, FS#4195
Signed-off-by: Peter Lundkvist <peter.lundkvist@gmail.com>
|
| |
|
|
|
|
|
| |
The default mode is already 600, no need to specify it. Access times are also
irrelevant.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
/dev is writable. Allowing execution inside it makes it a possible attack
vector. Kees Cook recently sent a kernel patch [1] in order to mount /dev as
noexec and nosuid for systems which rely on CONFIG_DEVTMPFS_MOUNT=y to
create/populate /dev, which isn't our case (it's procd's responsibility).
Add noexec to the /dev mount flags, since we already use nosuid (and keep the
coldplug flags symmetric, while at it). This carries the risk of breaking very
old, pre-KMS graphics drivers [2], but it shouldn't be a problem for systems
built in the last ~15 years. The vast majority of our targets doesn't have a
GPU, anyway. :)
[1] https://lore.kernel.org/all/YcMfDOyrg647RCmd@debian-BULLSEYE-live-builder-AMD64/
[2] https://lore.kernel.org/all/CAPXgP12e5LpN6XVxaXOHhH=u8XXN==2reTaJDCoCk4tP4QduDQ@mail.gmail.com/
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
|
| |
|
|
|
|
| |
Fixes a copy-paste error, where "pids" cgroup was enabled instead of "rdma".
Signed-off-by: Roman Azarenko <roman.azarenko@iopsys.eu>
|
| |
|
|
|
|
| |
Fixes CID 1496022 (UNINIT) and CID 1496023 (RESOURCE_LEAK).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
Fix tabs in usage message.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
ujail-console is now integrated in uxc.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
| |
Prepare to get rid of ujail-console by integrating console features
into uxc.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
| |
Rather than switching to consider only uvol location for configuration
files once that path is existing, consider both locations.
Plus some small style fixes here and there while at it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
| |
Don't ever send SIGKILL to ujail, as that will kill ujail but not the
jailed process.
Instead, let ujail send SIGKILL in case of SIGTERM not succeeding after
the term_timeout which procd now passes down to ujail.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
Also send SIGKILL to all actions spawned by inittab.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently OpenWrt will use the kill loop in stage2 to stop tasks. This can
fail as seen with wpa_supplicant not properly shutting down with certain
mesh configurations. Trigger the existing service_stop() code path for all
services just before exec'ing to upgraded.
Signed-off-by: John Crispin <john@phrozen.org>
[make use of *_safe function now introduced for that purpose, also stop
container instances]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
| |
Generating parameters for ujail assumes that other instance attributes
such as 'env' have already been populated.
Move parsing jail to end of the instance parser to make that assumption
hold true.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
| |
This change adds the missing information about how much space is available
on the root directory and in the temp directory. I took this
implementation from the luci2 repository and adapted it for the procd
service.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
|
|
| |
Introduce new option '-e' to ujail which can be stated multiple times
to import environment variables to the jailed process environment.
Use that option to import selected environment variables defined for
a jailed service instance to its environment.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
| |
The uloop_timeout_remaining function is being deprecated.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Revert commit 33b799b ("ujail: elf: work around GCC bug on MIPS64")
The procd jails are working fine on MIPS64 too now.
I saw this error message when add_path_and_deps() was called which calls
elf_load_deps() again under some conditions. This is happening because
gcc_mips64_bug_work_around is stored in the data segment.
We have a call trace like this:
elf_load_deps()
gcc_mips64_bug_work_around = 1;
call add_path_and_deps()
call elf_load_deps()
gcc_mips64_bug_work_around = 1;
error if gcc_mips64_bug_work_around =! 1
gcc_mips64_bug_work_around = 0;
return;
return;
error if gcc_mips64_bug_work_around =! 1
return;
I got the same error messages on MIPS 32 BE, when I removed the compile
check.
This was tested in qemu on MIPS 64 BE and MIPS64 LE.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The members p_offset, p_filesz and p_vaddr of the structure Elf64_Phdr
are all uint64_t. This structure is used for 64 bit applications.
Without this change we would convert the 64 bit values into 32 bit
values and an overflow could happen in this conversion.
On MIPS 64 BE the variable load_vaddr has the value 0x120000000 which
sets the 32th bit which will overflow when converted to a 32 bit value.
On 32 bit systems Elf32_Phdr is used with uint32_t, converting this to
64 bit values too should not cause problems as this is not in the hot
path.
Without this fix I am getting error messages like this at bootup on MIPS 64 BE:
[ 16.622602] do_page_fault(): sending SIGSEGV to ujail for invalid read access from 00000100f37251e3
[ 16.622907] epc = 000000aaab4ed0e0 in ujail[aaab4e0000+18000]
[ 16.623237] ra = 000000aaab4ed694 in ujail[aaab4e0000+18000]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
| |
Add missing include for open(). This fixes the build with glibc.
Fixes: 82dd39024f63 ("jail: make use of per-container netifd via ubus")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
| |
Without the break statement the next element in the iteration will
overwrite the found attributes.
Stop iterating once entry has been found, so matching attributes will
be used.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
| |
Make sure filehandler is non-negative before using it.
Coverity CID: 1492888 Negative returns
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
| |
Check asprintf return value instead of checking for NULL-pointer.
Coverity CID: 1492158 Unchecked return value
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
| |
Make code more readable by renaming ambigous variable name 'ctx' to
'host_ubus_ctx' (global) or 'uci_ctx' (local in gen_jail_uci_network).
Rename 'netifd_ubus_ctx' to 'jail_ubus_ctx' to make the jail vs. host
roles more obvious.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
| |
Make ujail expose 'network_reload' function on ubus so we can
reconfigure network interfaces inside containers.
Automatically call that function on network config changes by
subscribing to ubus 'service' object and waiting for 'config.change'
events concerning the network configuration.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
| |
Generate /etc/config/network by filtering the host config for
uci sections which are marked for that specific jail.
Feed that configuration to the per-container netifd instance.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
| |
Allow mounting absolute path on host to defined mountpoint inside
container using ':' character in argument of '-r' and '-w' parameters.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
| |
It's generally a bad idea to free variables which are stored on stack.
Better don't do that ;)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
Don't free blob_buf which was sent via ubus.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
