[openwrt/openwrt] umdns: convert seccomp filter rules to OCI format
LEDE Commits
lede-commits at lists.infradead.org
Tue Nov 17 08:15:37 EST 2020
dangole pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/01b83040d3a9f6f30199c2fe8f0ceb1bc05e76cf
commit 01b83040d3a9f6f30199c2fe8f0ceb1bc05e76cf
Author: Daniel Golle <daniel at makrotopia.org>
AuthorDate: Tue Nov 17 13:11:16 2020 +0000
umdns: convert seccomp filter rules to OCI format
procd-seccomp switched to OCI-compliant seccomp parser instead of our
(legacy, OpenWrt-specific) format. Convert ruleset to new format.
Signed-off-by: Daniel Golle <daniel at makrotopia.org>
---
package/network/services/umdns/Makefile | 2 +-
package/network/services/umdns/files/umdns.json | 71 ++++++++++++++-----------
2 files changed, 42 insertions(+), 31 deletions(-)
diff --git a/package/network/services/umdns/Makefile b/package/network/services/umdns/Makefile
index f02177dca2..d8cd9ae749 100644
--- a/package/network/services/umdns/Makefile
+++ b/package/network/services/umdns/Makefile
@@ -8,7 +8,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=umdns
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_URL=$(PROJECT_GIT)/project/mdnsd.git
PKG_SOURCE_PROTO:=git
diff --git a/package/network/services/umdns/files/umdns.json b/package/network/services/umdns/files/umdns.json
index c22ba6f5fb..db62f5f36d 100644
--- a/package/network/services/umdns/files/umdns.json
+++ b/package/network/services/umdns/files/umdns.json
@@ -1,32 +1,43 @@
{
- "whitelist": [
- "read",
- "write",
- "open",
- "close",
- "time",
- "brk",
- "ioctl",
- "uname",
- "bind",
- "connect",
- "getsockname",
- "recvmsg",
- "sendmsg",
- "sendto",
- "setsockopt",
- "socket",
- "poll",
- "fcntl64",
- "epoll_create",
- "epoll_ctl",
- "epoll_wait",
- "rt_sigaction",
- "sigreturn",
- "rt_sigreturn",
- "exit_group",
- "exit",
- "clock_gettime"
- ],
- "policy": 1
+ "defaultAction": "SCMP_ACT_KILL_PROCESS",
+ "syscalls": [
+ {
+ "names": [
+ "read",
+ "write",
+ "open",
+ "close",
+ "time",
+ "brk",
+ "ioctl",
+ "uname",
+ "bind",
+ "connect",
+ "getsockname",
+ "recvmsg",
+ "recvfrom",
+ "sendmsg",
+ "sendto",
+ "setsockopt",
+ "socket",
+ "pipe",
+ "poll",
+ "fcntl64",
+ "epoll_create",
+ "epoll_create1",
+ "epoll_ctl",
+ "epoll_wait",
+ "epoll_pwait",
+ "rt_sigaction",
+ "sigreturn",
+ "rt_sigreturn",
+ "rt_sigprocmask",
+ "exit_group",
+ "exit",
+ "fcntl",
+ "clock_gettime"
+ ],
+ "action": "SCMP_ACT_ALLOW"
+ }
+ ]
}
More information about the lede-commits
mailing list