[OpenWrt-Devel] [PATCH] procd: add helper binaries to jail
Maxim Storchak
m.storchak at gmail.com
Wed Aug 12 07:24:09 EDT 2015
This allows to build jails with more than a single binary.
May be used to run main program with a wrapper, f.e. ionice,
or to add helper binaries for the main one (like gzip for tar with no
build-in compression support).
Usage:
directly:
ujail ... -b /usr/bin/main ... -- /bin/wrapper ... /usr/bin/main
ujail ... -b /usr/bin/helper1 -b /bin/helper2 ... -- /usr/bin/main
in init scripts:
procd_add_jail_mount_bin /usr/bin/something /bin/helper
Signed-off-by: Maxim Storchak <m.storchak at gmail.com>
---
package/system/procd/files/procd.sh | 18 +++++++
.../procd/patches/100-ujail-helper-binary.patch | 58 ++++++++++++++++++++++
.../procd/patches/101-service-helper-binary.patch | 15 ++++++
3 files changed, 91 insertions(+)
create mode 100644 package/system/procd/patches/100-ujail-helper-binary.patch
create mode 100644 package/system/procd/patches/101-service-helper-binary.patch
diff --git a/package/system/procd/files/procd.sh b/package/system/procd/files/procd.sh
index e83e75c..bc9f78d 100644
--- a/package/system/procd/files/procd.sh
+++ b/package/system/procd/files/procd.sh
@@ -177,6 +177,23 @@ _procd_add_jail_mount_rw() {
json_select ..
}
+_procd_add_jail_mount_bin() {
+ local _json_no_warning=1
+
+ json_select "jail"
+ [ $? = 0 ] || return
+ json_select "mount"
+ [ $? = 0 ] || {
+ json_select ..
+ return
+ }
+ for a in $@; do
+ json_add_string "$a" "2"
+ done
+ json_select ..
+ json_select ..
+}
+
_procd_set_param() {
local type="$1"; shift
@@ -423,6 +440,7 @@ _procd_wrapper \
procd_add_jail \
procd_add_jail_mount \
procd_add_jail_mount_rw \
+ procd_add_jail_mount_bin \
procd_set_param \
procd_append_param \
procd_add_validation \
diff --git a/package/system/procd/patches/100-ujail-helper-binary.patch b/package/system/procd/patches/100-ujail-helper-binary.patch
new file mode 100644
index 0000000..dd7ab64
--- /dev/null
+++ b/package/system/procd/patches/100-ujail-helper-binary.patch
@@ -0,0 +1,58 @@
+diff --git a/jail/jail.c b/jail/jail.c
+index 2bba292..22fda87 100644
+--- a/jail/jail.c
++++ b/jail/jail.c
+@@ -43,7 +43,7 @@
+ #include <libubox/uloop.h>
+
+ #define STACK_SIZE (1024 * 1024)
+-#define OPT_ARGS "P:S:n:r:w:psuldo"
++#define OPT_ARGS "P:S:n:r:w:b:psuldo"
+
+ struct extra {
+ struct list_head list;
+@@ -260,6 +260,7 @@ static int usage(void)
+ fprintf(stderr, " -n <name>\tthe name of the jail\n");
+ fprintf(stderr, " -r <file>\treadonly files that should be staged\n");
+ fprintf(stderr, " -w <file>\twriteable files that should be staged\n");
++ fprintf(stderr, " -b <file>\tadditional binaries that should be staged\n");
+ fprintf(stderr, " -p\t\tjail has /proc\t\n");
+ fprintf(stderr, " -s\t\tjail has /sys\t\n");
+ fprintf(stderr, " -l\t\tjail has /dev/log\t\n");
+@@ -433,6 +434,12 @@ int main(int argc, char **argv)
+
+ umask(022);
+
++ avl_init(&libraries, avl_strcmp, false, NULL);
++ alloc_library_path("/lib64");
++ alloc_library_path("/lib");
++ alloc_library_path("/usr/lib");
++ load_ldso_conf("/etc/ld.so.conf");
++
+ while ((ch = getopt(argc, argv, OPT_ARGS)) != -1) {
+ switch (ch) {
+ case 'd':
+@@ -457,6 +464,11 @@ int main(int argc, char **argv)
+ case 'l':
+ add_extra(log, 0);
+ break;
++ case 'b':
++ if (elf_load_deps(optarg)) {
++ ERROR("failed to load dependencies for %s\n", optarg);
++ return -1;
++ }
+ }
+ }
+
+@@ -476,11 +488,6 @@ int main(int argc, char **argv)
+ if (name)
+ prctl(PR_SET_NAME, name, NULL, NULL, NULL);
+
+- avl_init(&libraries, avl_strcmp, false, NULL);
+- alloc_library_path("/lib64");
+- alloc_library_path("/lib");
+- alloc_library_path("/usr/lib");
+- load_ldso_conf("/etc/ld.so.conf");
+
+ if (elf_load_deps(argv[optind])) {
+ ERROR("failed to load dependencies\n");
diff --git a/package/system/procd/patches/101-service-helper-binary.patch b/package/system/procd/patches/101-service-helper-binary.patch
new file mode 100644
index 0000000..0b4a274
--- /dev/null
+++ b/package/system/procd/patches/101-service-helper-binary.patch
@@ -0,0 +1,15 @@
+diff --git a/service/instance.c b/service/instance.c
+index 40ff021..9fec647 100644
+--- a/service/instance.c
++++ b/service/instance.c
+@@ -208,7 +208,9 @@ jail_run(struct service_instance *in, char **argv)
+ blobmsg_list_for_each(&jail->mount, var) {
+ const char *type = blobmsg_data(var->data);
+
+- if (*type == '1')
++ if (*type == '2')
++ argv[argc++] = "-b";
++ else if (*type == '1')
+ argv[argc++] = "-w";
+ else
+ argv[argc++] = "-r";
--
2.1.4
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list