| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Handle a (theoretical) error case when calling creat in
create_dev_console function.
Coverity CID: 1490100 (Argument cannot be negative)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using the creat() function overwrites existing files which is
unintended when it comes to making sure the target of a single-file
mount exists. Instead, use open() with the O_EXCL flag to make sure
mount targets are only created if actually needed.
While at it also clean up various error paths of the do_mounts
function, making sure the additionally allocated string being created
for the path inside the jail's root filesystem is always freed
and also making it a bit more readable and less bloated.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
| |
A static-linked binary doesn't have a .dynamic section, but when
starting ujail with -r or -w will automatically search for PT_DYNAMIC in
ELF and exit with failure if it is not found.
github issue: https://github.com/openwrt/openwrt/issues/10933
Signed-off-by: Yuteng Zhong <zonyitoo@qq.com>
|
|
|
|
|
|
| |
Handle case where opts.sysctl is not used.
Signed-off-by: Philipp Meier <philipp.meier@westermo.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fix the following compilation error:
jail/jail.c: In function 'main':
jail/jail.c:2733:33: error: ignoring return value of 'asprintf' declared with attribute 'warn_unused_result' [-Werror=unused-result]
2733 | asprintf(&opts.envp[envc++], "%s=%s", enve->envarg, tmp);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jail/jail.c: In function 'build_jail_fs':
jail/jail.c:740:24: error: ignoring return value of 'symlink' declared with attribute 'warn_unused_result' [-Werror=unused-result]
740 | (void) symlink("../dev/resolv.conf.d/resolv.conf.auto", jaillink);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jail/jail.c: In function 'create_devices':
jail/jail.c:643:16: error: ignoring return value of 'symlink' declared with attribute 'warn_unused_result' [-Werror=unused-result]
643 | (void) symlink("/dev/pts/ptmx", "/dev/ptmx");
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jail/jail.c:644:16: error: ignoring return value of 'symlink' declared with attribute 'warn_unused_result' [-Werror=unused-result]
644 | (void) symlink("/proc/self/fd", "/dev/fd");
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jail/jail.c:645:16: error: ignoring return value of 'symlink' declared with attribute 'warn_unused_result' [-Werror=unused-result]
645 | (void) symlink("/proc/self/fd/0", "/dev/stdin");
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jail/jail.c:646:16: error: ignoring return value of 'symlink' declared with attribute 'warn_unused_result' [-Werror=unused-result]
646 | (void) symlink("/proc/self/fd/1", "/dev/stdout");
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
jail/jail.c:647:16: error: ignoring return value of 'symlink' declared with attribute 'warn_unused_result' [-Werror=unused-result]
647 | (void) symlink("/proc/self/fd/2", "/dev/stderr");
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
|
|
|
|
|
| |
Add an additional WARNING macro to log non critical warning message.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Up to now only proto 'static' and 'none' have been supported for
in-jail interfaces as Shell-based protocol handlers needed some more
utilities, PATH set in the environment and /var/ubus/ubus.sock to be
mounted on the per-netns-jail ubus socket.
Include files needed by shell proto handler, set PATH in env and bend
ubus socket path to get DHCP client to work for per-jail netns.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
| |
Fixes a copy-paste error, where "pids" cgroup was enabled instead of "rdma".
Signed-off-by: Roman Azarenko <roman.azarenko@iopsys.eu>
|
|
|
|
|
|
| |
ujail-console is now integrated in uxc.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
| |
Don't ever send SIGKILL to ujail, as that will kill ujail but not the
jailed process.
Instead, let ujail send SIGKILL in case of SIGTERM not succeeding after
the term_timeout which procd now passes down to ujail.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
| |
Introduce new option '-e' to ujail which can be stated multiple times
to import environment variables to the jailed process environment.
Use that option to import selected environment variables defined for
a jailed service instance to its environment.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Revert commit 33b799b ("ujail: elf: work around GCC bug on MIPS64")
The procd jails are working fine on MIPS64 too now.
I saw this error message when add_path_and_deps() was called which calls
elf_load_deps() again under some conditions. This is happening because
gcc_mips64_bug_work_around is stored in the data segment.
We have a call trace like this:
elf_load_deps()
gcc_mips64_bug_work_around = 1;
call add_path_and_deps()
call elf_load_deps()
gcc_mips64_bug_work_around = 1;
error if gcc_mips64_bug_work_around =! 1
gcc_mips64_bug_work_around = 0;
return;
return;
error if gcc_mips64_bug_work_around =! 1
return;
I got the same error messages on MIPS 32 BE, when I removed the compile
check.
This was tested in qemu on MIPS 64 BE and MIPS64 LE.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The members p_offset, p_filesz and p_vaddr of the structure Elf64_Phdr
are all uint64_t. This structure is used for 64 bit applications.
Without this change we would convert the 64 bit values into 32 bit
values and an overflow could happen in this conversion.
On MIPS 64 BE the variable load_vaddr has the value 0x120000000 which
sets the 32th bit which will overflow when converted to a 32 bit value.
On 32 bit systems Elf32_Phdr is used with uint32_t, converting this to
64 bit values too should not cause problems as this is not in the hot
path.
Without this fix I am getting error messages like this at bootup on MIPS 64 BE:
[ 16.622602] do_page_fault(): sending SIGSEGV to ujail for invalid read access from 00000100f37251e3
[ 16.622907] epc = 000000aaab4ed0e0 in ujail[aaab4e0000+18000]
[ 16.623237] ra = 000000aaab4ed694 in ujail[aaab4e0000+18000]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
| |
Add missing include for open(). This fixes the build with glibc.
Fixes: 82dd39024f63 ("jail: make use of per-container netifd via ubus")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
| |
Make sure filehandler is non-negative before using it.
Coverity CID: 1492888 Negative returns
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
| |
Check asprintf return value instead of checking for NULL-pointer.
Coverity CID: 1492158 Unchecked return value
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
| |
Make code more readable by renaming ambigous variable name 'ctx' to
'host_ubus_ctx' (global) or 'uci_ctx' (local in gen_jail_uci_network).
Rename 'netifd_ubus_ctx' to 'jail_ubus_ctx' to make the jail vs. host
roles more obvious.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
| |
Make ujail expose 'network_reload' function on ubus so we can
reconfigure network interfaces inside containers.
Automatically call that function on network config changes by
subscribing to ubus 'service' object and waiting for 'config.change'
events concerning the network configuration.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
| |
Generate /etc/config/network by filtering the host config for
uci sections which are marked for that specific jail.
Feed that configuration to the per-container netifd instance.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
| |
Allow mounting absolute path on host to defined mountpoint inside
container using ':' character in argument of '-r' and '-w' parameters.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
| |
Start per-container instances of ubusd and netifd for containers with
private network namespace. This netifd instance will be used in future
to configure networking inside the container.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
| |
This reverts commit b0a8ea1c3fa844d1006764fae3f0d8382351313b.
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce '-j' option to ujail which allows joining namespaces of
(a) existing process(es). Usage:
ujail -j <pid>:<nstype>[,<nstype>[,...]]
In order to join namespaces of different processes the '-j' option can
be used multiple times.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
| |
Instead of checking the return value of calloc(), the check intended
for that would rather check if the pointer passed as an argument.
As that doesn't make much sense, rather actually check calloc()
return value.
Coverity CID: 1490071 Dereference before null check
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
| |
Coverity CID: 1490012 Copy into fixed size buffer
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
| |
Coverity CID: 1446096 Dereference after null check
Coverity CID: 1446070 Dereference after null check
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
| |
Coverity CID: 1490010 Sizeof not portable
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
| |
Coverity CID: 1490048 Argument cannot be negative
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
| |
Avoid stack pollution and potentially worse things.
Coverity CID: 1490056 Dereference after null check
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
| |
Some device nodes live in subdirectories like /dev/dri.
Create those folders when populating /dev.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
| |
Coverity CID: 1490106
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Coverity CID: 1430874 Untrusted pointer read
Coverity CID: 1490028 Resource leak
Coverity CID: 1490029 Resource leak
Coverity CID: 1490057 Uninitialized scalar variable
Coverity CID: 1490069 Resource leak
Coverity CID: 1490074 Resource leak
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
| |
musl 1.2 no longer ships with <sys/cdefs.h>. Use it only on
glibc, musl provides __WORDSIZE macro in <sys/regs.h>.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
| |
Check return value of write() call when writing to sysctl.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
| |
In most cases, what we should do is exit(ENOMEM). In some cases like
when checking for filehandlers, handle errors appropriately.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
| |
Just to silence compiler warning, as failure to create these symlinks
doesn't indicate an error in all cases, e.g. in case mount is already
defined in place of the symlink.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
| |
Error out in case seteuid() fails.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
| |
To access __WORDSIZE with glibc sys/cdefs.h is included now.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Resolve symlinks and check if directories exist before clone() call,
it's more clean and allows for more code reuse.
This partially reverts commits 0114c6fc8b ("jail: open() extroot folder
before mounting") as well as 05459054fb ("jail: make use of realpath()
for rootfs and overlaydir") and replaces them with a more generic
solution.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
| |
Use realpath() to resolve rootfs and read/write-overlay as they are
potentially (and likely, as we are going to use blockd with autofs)
symlinks.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
| |
Use open() to trigger autofs mount and check extroot folder exists
before mount-binding it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
| |
Follow symbolic link to rootfs so we can use autofs symlinks in /mnt
to reference volumes in config.json.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
| |
In the Docker world, people pass a lot of things using env variables
it turns out. Increase to 64 for now as a hot fix, will have to be
created dynamically in future to support unlimited number of env
variables.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
| |
While useful for slim containers, this violates OCI spec and breaks
containers like pihole.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement eBPF generator to emulate cgroup-v1 devices.{allow,deny}
as we got only cgroup-v2 available while the spec was written having
cgroups-v1 in mind.
Instead of literally emulating the legacy behavior, do like other
runtimes do as well when running on cgroup-v2: simply translate each
device rule into a bunch of eBPF instructions and then execute them
in reverse order, prepended by some default rules covering /dev/null,
/dev/random, /dev/tty, ...
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
| |
Add support for Aarch64 in utrace and ujail.
Sort and unify architecture-specific definitions in headers.
Use new PTRACE_GET_SYSCALL_INFO call (available since Linux 5.3), for
now only for aarch64, but this may potentially unify things and get
rid of some #ifdef'ery for other platforms as well.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
| |
An open bracket was missing.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
|
|
|
|
|
|
| |
Make sure 'limit' is initialized to -1 (==max) when translating
cgroups-1 memory controller spec to cgroups-2.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
| |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
| |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|