Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/627552/?format=api
{ "id": 627552, "url": "http://patchwork.ozlabs.org/api/patches/627552/?format=api", "web_url": "http://patchwork.ozlabs.org/project/lede/patch/1464565158-18043-4-git-send-email-champetier.etienne@gmail.com/", "project": { "id": 54, "url": "http://patchwork.ozlabs.org/api/projects/54/?format=api", "name": "LEDE development", "link_name": "lede", "list_id": "lede-dev.lists.infradead.org", "list_email": "lede-dev@lists.infradead.org", "web_url": "http://lede-project.org/", "scm_url": "", "webscm_url": "http://git.lede-project.org/", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<1464565158-18043-4-git-send-email-champetier.etienne@gmail.com>", "list_archive_url": null, "date": "2016-05-29T23:39:15", "name": "[LEDE-DEV,procd,4/7] jail: don't include capabilities config (-C) inside the jail", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "1e27b29c8f3a740168b94a0183b51ce93e5acf92", "submitter": { "id": 65689, "url": "http://patchwork.ozlabs.org/api/people/65689/?format=api", "name": "Etienne Champetier", "email": "champetier.etienne@gmail.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/lede/patch/1464565158-18043-4-git-send-email-champetier.etienne@gmail.com/mbox/", "series": [], "comments": "http://patchwork.ozlabs.org/api/patches/627552/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/627552/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@bilbo.ozlabs.org", "Received": [ "from bombadil.infradead.org (bombadil.infradead.org\n\t[IPv6:2001:1868:205::9])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3rHx8W1f9Sz9t3q\n\tfor <incoming@patchwork.ozlabs.org>;\n\tMon, 30 May 2016 09:40:59 +1000 (AEST)", "from localhost ([127.0.0.1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))\n\tid 1b7AJJ-00080d-SI; Sun, 29 May 2016 23:39:57 +0000", "from mail-wm0-x241.google.com ([2a00:1450:400c:c09::241])\n\tby bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat\n\tLinux)) id 1b7AJA-0007w8-GY\n\tfor lede-dev@lists.infradead.org; Sun, 29 May 2016 23:39:50 +0000", "by mail-wm0-x241.google.com with SMTP id a136so17615804wme.0\n\tfor <lede-dev@lists.infradead.org>;\n\tSun, 29 May 2016 16:39:29 -0700 (PDT)", "from ubuntu1404.lxcnattst (ns623510.ovh.net. [5.135.134.9])\n\tby smtp.gmail.com with ESMTPSA id\n\t124sm20721292wml.12.2016.05.29.16.39.27\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);\n\tSun, 29 May 2016 16:39:27 -0700 (PDT)" ], "Authentication-Results": "ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com header.b=VvChwAcv;\n\tdkim-atps=neutral", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;\n\th=from:to:cc:subject:date:message-id:in-reply-to:references;\n\tbh=DoOIm22wJI8mtd2bqKcbxcZt5yh3kg8f5MmJS4pgXfQ=;\n\tb=VvChwAcvShAFLGmEazOqWd0NUyVoClSfSgMN/wdrXjfJrvjj65OTISmDTyK+z+ghmz\n\t33eI4UV6UFQYD7fma/AqVWdv0jB0iioSF5F2xJ2W4/+zL6tY2R0agaH5YFr+mf0lh+IJ\n\t48ZjdesO48juPZ6Fv7PMnR8uYIgN3AtgIJgbKt5omF2BdO7k6HUTW4tefLsb5q5n7pRy\n\tlqeUxd5wGdvmODdgt0xMxk3CJfiYvIofZYu+FFCBWnfqV7X+rq+3tjnAhcu4nJBpq2z/\n\tf8JiRb7lhHRlIP5rVycr6NEBCnaivI97ZW+mMK1SE9Yhp5qmN3T/4tD90oxhWrHb3Nue\n\tQASw==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20130820;\n\th=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to\n\t:references;\n\tbh=DoOIm22wJI8mtd2bqKcbxcZt5yh3kg8f5MmJS4pgXfQ=;\n\tb=gluBFl27sFF4kd8aWyTpulE3KzuMAgmrBAqxYzvU+4D/DkVpBEoLTnjQtuKDAnKOtT\n\tmXwRdjLKaOlJ5rK27kybLYR/blLgP++yYzNM5+w9lhk2E+mjaLeNG/eBt7AKLyzPFM4/\n\tPccNCtBQUDKf8DHFzN+JIXw1b9npEdkDJJSE59il3RcL2IhQvYByI9S6fkavI94DSPra\n\tGbMZujASdmy0BKEnqg2n2Qop2ukjClA7SREl4RYHhjJygdDPJx9I39M2Ivt+JJQNU8db\n\tvDTMI6+q0K7hjF5RKeJEE2YoFCrOxuKaKome8LlNsCIiOatgAXIKBFoUkWCDeWBM/l6m\n\tZraw==", "X-Gm-Message-State": "ALyK8tK8sXw1MbpLzSyquHsaw4MuiXurcBzmn2HJPXgOdhl1RlfhpGND/WOGK3+4kKWXCw==", "X-Received": "by 10.28.54.150 with SMTP id y22mr7762562wmh.70.1464565168157;\n\tSun, 29 May 2016 16:39:28 -0700 (PDT)", "From": "Etienne CHAMPETIER <champetier.etienne@gmail.com>", "To": "lede-dev@lists.infradead.org", "Date": "Sun, 29 May 2016 23:39:15 +0000", "Message-Id": "<1464565158-18043-4-git-send-email-champetier.etienne@gmail.com>", "X-Mailer": "git-send-email 1.9.1", "In-Reply-To": "<1464565158-18043-1-git-send-email-champetier.etienne@gmail.com>", "References": "<1464565158-18043-1-git-send-email-champetier.etienne@gmail.com>", "X-CRM114-Version": "20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ", "X-CRM114-CacheID": "sfid-20160529_163948_794327_41F954FD ", "X-CRM114-Status": "GOOD ( 12.94 )", "X-Spam-Score": "-2.7 (--)", "X-Spam-Report": "SpamAssassin version 3.4.0 on bombadil.infradead.org summary:\n\tContent analysis details: (-2.7 points)\n\tpts rule name description\n\t---- ----------------------\n\t--------------------------------------------------\n\t-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/,\n\tlow\n\ttrust [2a00:1450:400c:c09:0:0:0:241 listed in] [list.dnswl.org]\n\t-0.0 SPF_PASS SPF: sender matches SPF record\n\t0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail\n\tprovider (champetier.etienne[at]gmail.com)\n\t-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n\t[score: 0.0000]\n\t-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature\n\t-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from\n\tauthor's domain\n\t0.1 DKIM_SIGNED Message has a DKIM or DK signature,\n\tnot necessarily valid", "Subject": "[LEDE-DEV] [PATCH procd 4/7] jail: don't include capabilities\n\tconfig (-C) inside the jail", "X-BeenThere": "lede-dev@lists.infradead.org", "X-Mailman-Version": "2.1.20", "Precedence": "list", "List-Id": "<lede-dev.lists.infradead.org>", "List-Unsubscribe": "<http://lists.infradead.org/mailman/options/lede-dev>,\n\t<mailto:lede-dev-request@lists.infradead.org?subject=unsubscribe>", "List-Archive": "<http://lists.infradead.org/pipermail/lede-dev/>", "List-Post": "<mailto:lede-dev@lists.infradead.org>", "List-Help": "<mailto:lede-dev-request@lists.infradead.org?subject=help>", "List-Subscribe": "<http://lists.infradead.org/mailman/listinfo/lede-dev>,\n\t<mailto:lede-dev-request@lists.infradead.org?subject=subscribe>", "Cc": "Etienne CHAMPETIER <champetier.etienne@gmail.com>", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Sender": "\"Lede-dev\" <lede-dev-bounces@lists.infradead.org>", "Errors-To": "lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org" }, "content": "Removing capabilities from the capability bounding set doesn't change\nthe capability effective set, so we can \"drop capabilities\" before we\nbuild the jail fs, so we don't need to include the capabilities config\nfile into the jail.\n\nSigned-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>\n---\n jail/jail.c | 32 ++++++++++++++------------------\n 1 file changed, 14 insertions(+), 18 deletions(-)", "diff": "diff --git a/jail/jail.c b/jail/jail.c\nindex e86ee14..03ff66c 100644\n--- a/jail/jail.c\n+++ b/jail/jail.c\n@@ -228,7 +228,7 @@ ujail will not use namespace/build a jail,\\n\\\n and will only drop capabilities/apply seccomp filter.\\n\\n\");\n }\n \n-static int exec_jail(void)\n+static int exec_jail(void *_notused)\n {\n \tif (opts.capabilities && drop_capabilities(opts.capabilities))\n \t\texit(EXIT_FAILURE);\n@@ -238,6 +238,17 @@ static int exec_jail(void)\n \t\texit(EXIT_FAILURE);\n \t}\n \n+\tif (opts.namespace && opts.hostname\n+\t\t\t&& sethostname(opts.hostname, strlen(opts.hostname))) {\n+\t\tERROR(\"sethostname(%s) failed: %s\\n\", opts.hostname, strerror(errno));\n+\t\texit(EXIT_FAILURE);\n+\t}\n+\n+\tif (opts.namespace && build_jail_fs()) {\n+\t\tERROR(\"failed to build jail fs\\n\");\n+\t\texit(EXIT_FAILURE);\n+\t}\n+\n \tchar **envp = build_envp(opts.seccomp);\n \tif (!envp)\n \t\texit(EXIT_FAILURE);\n@@ -249,20 +260,6 @@ static int exec_jail(void)\n \texit(EXIT_FAILURE);\n }\n \n-static int spawn_jail(void *_notused)\n-{\n-\tif (opts.hostname && sethostname(opts.hostname, strlen(opts.hostname))) {\n-\t\tERROR(\"sethostname(%s) failed: %s\\n\", opts.hostname, strerror(errno));\n-\t}\n-\n-\tif (build_jail_fs()) {\n-\t\tERROR(\"failed to build jail fs\");\n-\t\texit(EXIT_FAILURE);\n-\t}\n-\n-\treturn exec_jail();\n-}\n-\n static int jail_running = 1;\n static int jail_return_code = 0;\n \n@@ -322,7 +319,6 @@ int main(int argc, char **argv)\n \t\t\tbreak;\n \t\tcase 'C':\n \t\t\topts.capabilities = optarg;\n-\t\t\tadd_mount(optarg, 1, -1);\n \t\t\tbreak;\n \t\tcase 'c':\n \t\t\topts.no_new_privs = 1;\n@@ -384,7 +380,7 @@ int main(int argc, char **argv)\n \n \tuloop_init();\n \tif (opts.namespace) {\n-\t\tjail_process.pid = clone(spawn_jail,\n+\t\tjail_process.pid = clone(exec_jail,\n \t\t\tchild_stack + STACK_SIZE,\n \t\t\tCLONE_NEWUTS | CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWIPC | SIGCHLD, NULL);\n \t} else {\n@@ -404,7 +400,7 @@ int main(int argc, char **argv)\n \t\treturn jail_return_code;\n \t} else if (jail_process.pid == 0) {\n \t\t/* fork child process */\n-\t\treturn exec_jail();\n+\t\treturn exec_jail(NULL);\n \t} else {\n \t\tERROR(\"failed to clone/fork: %s\\n\", strerror(errno));\n \t\treturn EXIT_FAILURE;\n", "prefixes": [ "LEDE-DEV", "procd", "4/7" ] }