| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Mount efivarfs to /sys/firmware/efi/efivars if available.
Tested-by: Oskari Rauta <oskari.rauta@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
| |
Do not relabel all the filesystem if not running from initramfs, it
should only be needed in this case.
Read-write (ext4) labels should be set when generating the filesystem
just like it's done for squashfs.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
| |
Attempting to relabel /dev/console, /proc or /sys results in an error
message. Avoid that by excluding them when relabeling rootfs on boot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
| |
Introduce an additional SELinux init step to calling restorecon to
label the filesystem. This fixes SELinux on initramfs or systems
with ext4 or ubifs read-write root filesystem.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
| |
The configuration settings were removed from the package, this is now dead code.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
|
|
|
|
|
|
|
| |
The default mode is already 600, no need to specify it. Access times are also
irrelevant.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
/dev is writable. Allowing execution inside it makes it a possible attack
vector. Kees Cook recently sent a kernel patch [1] in order to mount /dev as
noexec and nosuid for systems which rely on CONFIG_DEVTMPFS_MOUNT=y to
create/populate /dev, which isn't our case (it's procd's responsibility).
Add noexec to the /dev mount flags, since we already use nosuid (and keep the
coldplug flags symmetric, while at it). This carries the risk of breaking very
old, pre-KMS graphics drivers [2], but it shouldn't be a problem for systems
built in the last ~15 years. The vast majority of our targets doesn't have a
GPU, anyway. :)
[1] https://lore.kernel.org/all/YcMfDOyrg647RCmd@debian-BULLSEYE-live-builder-AMD64/
[2] https://lore.kernel.org/all/CAPXgP12e5LpN6XVxaXOHhH=u8XXN==2reTaJDCoCk4tP4QduDQ@mail.gmail.com/
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Substract 1 from bufsize so len can not be out of bounds. Same
hanling as in "udevtrigger.c" in "sysfs_resolve_link".
Replaces: 8eb1d783
Coverity CID: 1330087 Readlink used insecurely
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 8eb1d783cca6e0d501dd3a2f94262ffc36ae6482.
This line reads a symbolic link into the string buffer "buf".
len = readlink(buf2, buf, sizeof(buf));
The commit replaced now
buf[len] = 0;
with
buf[sizeof(buf) - 1] = '\0';
However, that does not work since readlink does not null-terminate
the string written into "buf" and "buf[len] = 0" was used for that.
What happens if the buffer is to small?
"If the buf argument is not large enough to contain the link content,
the first bufsize bytes shall be placed in buf."
(Source: https://pubs.opengroup.org/onlinepubs/009695399/functions/readlink.htm)
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
|
|
|
|
|
|
|
| |
Actually make sure buffer is 0-terminated intead of writing the 0-byte
out of bounds.
Coverity CID: 1330087 Readlink used insecurely
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It can be good for UI to show to the user that the system was booted
from initramfs ie. no writable permanent storage is available.
I imagine LuCI only serving applications which are explicitely marked
as being shown even in initramfs mode, ie. nothing but status,
network->interfaces, network->wireless, system->upgrade,
system->backup, system->backuprestore tabs.
Also sysupgrade could take into account we are running on initramfs
and perform offline backup/restore of whatever is in the flash.
In that way OpenWrt-generated initramfs-images can serve as recovery
OS on devices with dual-boot in a meaningful way.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to support SELinux in OpenWrt, this commit introduces minimal
support for loading the SELinux policy in the init code. The logic is
very much inspired from what Busybox is doing: call
selinux_init_load_policy() from libselinux, and then re-execute init
so that it runs with the SELinux policy in place and enforced.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
[fix spelling of OpenWrt]
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
|
|
|
|
|
| |
Prepare for using cgroup2 in procd and ujail.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
| |
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
|
|
|
|
|
|
|
|
|
| |
usleep has been deprecated by POSIX.1-2001 and removed in POSIX.1-2008.
Fixes compilation when libc does not include usleep (optional with
uClibc-ng).
nanosleep also has the advantage of being more accurate.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
|
|
|
|
|
|
|
| |
This new attribute allows passing path of the backup archive. It
provides much more flexibility than hardcoding /tmp/sysupgrade.tgz. It
may help avoiding some cp/mv for user-provided backup archive.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Object passed as "options" gets translated into environment variables
UPGRADE_OPT_*. E.g.
"options": { "foo": 5 }
will result in setting UPGRADE_OPT_FOO=5.
This allows stage2 sysupgrade to get options explicitly. So far it was
guessing what to do by checking for existence of some files (e.g.
sysupgrade.tgz).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
meaning to not mount some specific parts witch cause trouble.
The patch is based on previous work of @mikma to combine OpenWrt with
lxd[0]. This patch however adds a detection copied from *virt-what* to
check /proc/1/environment for the string "container".
Thanks to @dangowrt for the cleanup.
[0]: https://github.com/containercraft/openwrt-lxd/blob/master/patches/procd-openwrt-18.06/001_lxd_no_mounts.patch
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
|
|
|
|
|
| |
to use procd in LXC containers they have to support SIGPWR to shutdown.
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
|
|
|
|
|
|
|
|
| |
In case ramfs is used as tmpfs it creates /tmp with permissions 755
which are the the default permissions.
Therefore when mounting tmp set permissions explicitly to 1777
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: John Crispin <john@phrozen.org>
|
|
|
|
|
|
| |
Might help with debugging. No size impact.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
|
|
|
|
|
| |
Saves 1496 bytes from compiled size under glibc. No functional difference.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Noticed that /tmp was not being created on /dev/zram0. This was on
ixp4xx (nslu2) using GCC 6.3 and musl.
The allocation should be using the length of the passed string
(module path), not the size of the pointer to the string.
Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>
|
|
|
|
|
|
|
| |
In uClibc getdelim is only defined if _GNU_SOURCE is defined; fix
compilation issue by defining _GNU_SOURCE
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
| |
This will allow to add support for sysupgrades via upgraded from failsafe
mode.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
|
|
|
| |
Commit 81aeba9b7f619ee1af1a64f355ae8001fa147d03 in LEDE source.git moved
modprobe to the "/sbin" directory. Update procd with the new path.
Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>
|
|
|
|
|
|
| |
Including sys/sysmacros.h is now necessary for makedev() on glibc 2.25.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
mkfs.ext4 will create the filesystem with 755, we need to chmod to 1777
explicitly.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
| |
Signed-off by: Rosen Penev <rosenp@gmail.com>
|
|
|
|
|
|
|
|
|
| |
since commit be950c5e56b86509e1e237931d0ac8203372be82 (09/03/2013)
/var/{run,lock,state} are world writable (0777) which is a security issue
before that they were created by /etc/init.d/boot with normal
permissions (0755), so revert to that state
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
|
|
|
|
|
|
|
| |
Close the descriptor to /tmp/.preinit returned by creat() in order to avoid
an fd leak in the init process.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
| |
Signed-off-by: John Crispin <john@phrozen.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
|
|
|
|
|
|
|
|
| |
Changeset r47080 globally unified the executable search path in OpenWrt,
now update procd to use the same path value.
This fixes diverging path values observed in programs launched by netifd
which inherits the early path value from procd.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
glibc sets __attribute_warn_unused_result__ on symlink(3) if
FORTIFY_SOURCE is set. This breaks procd which deliberately ignores
the result of the symlink(3) call early during init as there wouldn't
be anything better to do in that case other than ignoring the error and
trying to survive.
Introduce libc-compat.h to work-around libc anomalities.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These options aren't mandatory, but can prevent some future
bugs from being exploited. Good reading:
http://lwn.net/Articles/647757/
Value chosen by looking at fedora 22 / ubuntu 14.04
Not tested yet (away from my tests routers)
Not touching jail/jail.c as this conflict with
my pending patch serie
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
|
|
|
|
|
|
|
| |
Since the /dev filesystem is tiny, /dev/shm needs to live somewhere
else.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
|
|
|
|
|
|
| |
Previous patch did not account for umask, now adding that.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
|
|
|
|
|
|
|
|
|
| |
On my Ubuntu system, the permissions are 1777. They are incorrect in
procd, leading to this:
https://forum.openwrt.org/viewtopic.php?id=57073
This in intended for both CC and DD.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
|
|
|
|
|
|
| |
[ 1.240000] init: failed to symlink /tmp -> /var
Signed-off-by: John Crispin <blogic@openwrt.org>
|
|
|
|
| |
Signed-off-by: John Crispin <blogic@openwrt.org>
|
|
|
|
| |
Signed-off-by: Jeff Waugh <jdub@bethesignal.org>
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
|
|
|
|
|
|
|
| |
Devices with <= 32MB of ram get half of memory allocated to zram (up to 16MB).
Devices with > 32MB of ram get just 8MB of memory allocated to zram.
Increase memory allocated to devices with > 32MB ram to 16MB.
Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>
|
|
|
|
| |
Signed-off-by: John Crispin <blogic@openwrt.org>
|
|
|
|
| |
Signed-off-by: John Crispin <blogic@openwrt.org>
|
|
|
|
|
|
|
| |
If kernel is compiled with cgroup support it should be mounted. This change
does not effect kernels without cgroup support.
Signed-off-by: Luka Perkov <luka@openwrt.org>
|