From patchwork Mon Jul 30 07:32:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michal Sojka X-Patchwork-Id: 950730 X-Patchwork-Delegate: blogic@openwrt.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=fel.cvut.cz Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="CaxjqdPx"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41fB9s4Y7mz9ryt for ; Mon, 30 Jul 2018 17:32:49 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=FqLlE7pcBR0xNdo8gEEIxWBfN2KlYaEanonWmOgHbv4=; b=CaxjqdPxH64xY+ nmNbcvzVavCz+cjvEdPwxWgi64AglyeWi1teEOF6HklhOY/ot744wMFb9XjGX+3aE4Fh1dj9BvDHg xSrbuLeg9vxlJYKBKyUKWjNM1ej7+oWQux6K9XtYEkvxTIQMXSDMsTpEsAeYZ1Cvc775JVS1QITtv Doxi9AkWJ4bWFAk15bsb/I9iJGB6v8VIX8MVBS5tbjxJfv53I/dBlZaTnXBuwDz778wQK3Ubt//7R iu0fXmy2+RyQouyZGJs75pnj/T2PlSKhKrhzPVL4p4rGiz/q/e5EhSpxi+25S59Xlc7AVoTK2H/ww quphm75TZH9p9brHXozQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fk2fc-0006do-HL; Mon, 30 Jul 2018 07:32:44 +0000 Received: from smtpx.feld.cvut.cz ([147.32.192.33]) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fk2fQ-0006So-NG for openwrt-devel@lists.openwrt.org; Mon, 30 Jul 2018 07:32:35 +0000 Received: from localhost (unknown [192.168.200.7]) by smtpx.feld.cvut.cz (Postfix) with ESMTP id D7BF3DC625; Mon, 30 Jul 2018 09:32:28 +0200 (CEST) X-Virus-Scanned: IMAP STYX AMAVIS Received: from smtpx.feld.cvut.cz ([192.168.200.6]) by localhost (styx.feld.cvut.cz [192.168.200.7]) (amavisd-new, port 10054) with ESMTP id kAeurtlAciXS; Mon, 30 Jul 2018 09:32:27 +0200 (CEST) Received: from imap.feld.cvut.cz (imap.feld.cvut.cz [147.32.192.34]) by smtpx.feld.cvut.cz (Postfix) with ESMTP id 78104DC5DB; Mon, 30 Jul 2018 09:32:27 +0200 (CEST) Received: from wsh by steelpick.2x.cz with local (Exim 4.91) (envelope-from ) id 1fk2fK-0007RL-Vx; Mon, 30 Jul 2018 09:32:27 +0200 From: Michal Sojka To: openwrt-devel@lists.openwrt.org Date: Mon, 30 Jul 2018 09:32:19 +0200 Message-Id: <20180730073219.28553-2-sojkam1@fel.cvut.cz> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180730073219.28553-1-sojkam1@fel.cvut.cz> References: <20180730073219.28553-1-sojkam1@fel.cvut.cz> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180730_003234_534208_635D82A3 X-CRM114-Status: UNSURE ( 6.78 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -2.3 (--) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-2.3 points) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium trust [147.32.192.33 listed in list.dnswl.org] Subject: [OpenWrt-Devel] [PATCH procd 2/2] Allow disabling seccomp or changing the whitelist X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michal Sojka MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org From: Michal Sojka Without this change, once a service is started with seccomp, it is impossible to restart it without seccomp or change the whitelist file name. This commit fixes that. Disabling seccomp is as easy as commenting out the "procd_set_param seccomp" line in init.d script. Signed-off-by: Michal Sojka --- service/instance.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/service/instance.c b/service/instance.c index 917b003..c14d348 100644 --- a/service/instance.c +++ b/service/instance.c @@ -637,6 +637,11 @@ instance_config_changed(struct service_instance *in, struct service_instance *in if (in->respawn_timeout != in_new->respawn_timeout) return true; + if ((!in->seccomp && in_new->seccomp) || + (in->seccomp && !in_new->seccomp) || + (in->seccomp && in_new->seccomp && strcmp(in->seccomp, in_new->seccomp))) + return true; + if (!blobmsg_list_equal(&in->limits, &in_new->limits)) return true; @@ -957,6 +962,7 @@ instance_config_move(struct service_instance *in, struct service_instance *in_sr in->respawn_timeout = in_src->respawn_timeout; in->name = in_src->name; in->trace = in_src->trace; + in->seccomp = in_src->seccomp; in->node.avl.key = in_src->node.avl.key; free(in->config);