[OpenWrt-Devel] [PATCH] package/utils/busybox: Jail sysntpd
openwrt at daniel.thecshore.com
openwrt at daniel.thecshore.com
Wed Dec 16 17:34:02 EST 2015
From: Daniel Dickinson <openwrt at daniel.thecshore.com>
Note that not all of procfs sysfs log and ubus may be required for actual
operation, they are just what strace reveals attempting to make accesses.
Signed-off-by: Daniel Dickinson <openwrt at daniel.thecshore.com>
---
package/utils/busybox/files/sysntpd | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/package/utils/busybox/files/sysntpd b/package/utils/busybox/files/sysntpd
index f73bb83..e61c9fc 100755
--- a/package/utils/busybox/files/sysntpd
+++ b/package/utils/busybox/files/sysntpd
@@ -31,7 +31,11 @@ start_service() {
for peer in $server; do
procd_append_param command -p $peer
done
+ touch /var/run/ntpd.pid
procd_set_param respawn
+ procd_add_jail sysntpd procfs sysfs log ubus
+ procd_add_jail_mount "$HOTPLUG_SCRIPT" /etc/resolv.conf /tmp/resolv.conf /etc/hosts /etc/TZ
+ procd_add_jail_mount_rw /var/run/ntpd.pid
procd_close_instance
}
--
2.4.3
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list