@@ -177,6 +177,23 @@ _procd_add_jail_mount_rw() {
json_select ..
}
+_procd_add_jail_mount_bin() {
+ local _json_no_warning=1
+
+ json_select "jail"
+ [ $? = 0 ] || return
+ json_select "mount"
+ [ $? = 0 ] || {
+ json_select ..
+ return
+ }
+ for a in $@; do
+ json_add_string "$a" "2"
+ done
+ json_select ..
+ json_select ..
+}
+
_procd_set_param() {
local type="$1"; shift
@@ -423,6 +440,7 @@ _procd_wrapper \
procd_add_jail \
procd_add_jail_mount \
procd_add_jail_mount_rw \
+ procd_add_jail_mount_bin \
procd_set_param \
procd_append_param \
procd_add_validation \
new file mode 100644
@@ -0,0 +1,58 @@
+diff --git a/jail/jail.c b/jail/jail.c
+index 2bba292..22fda87 100644
+--- a/jail/jail.c
++++ b/jail/jail.c
+@@ -43,7 +43,7 @@
+ #include <libubox/uloop.h>
+
+ #define STACK_SIZE (1024 * 1024)
+-#define OPT_ARGS "P:S:n:r:w:psuldo"
++#define OPT_ARGS "P:S:n:r:w:b:psuldo"
+
+ struct extra {
+ struct list_head list;
+@@ -260,6 +260,7 @@ static int usage(void)
+ fprintf(stderr, " -n <name>\tthe name of the jail\n");
+ fprintf(stderr, " -r <file>\treadonly files that should be staged\n");
+ fprintf(stderr, " -w <file>\twriteable files that should be staged\n");
++ fprintf(stderr, " -b <file>\tadditional binaries that should be staged\n");
+ fprintf(stderr, " -p\t\tjail has /proc\t\n");
+ fprintf(stderr, " -s\t\tjail has /sys\t\n");
+ fprintf(stderr, " -l\t\tjail has /dev/log\t\n");
+@@ -433,6 +434,12 @@ int main(int argc, char **argv)
+
+ umask(022);
+
++ avl_init(&libraries, avl_strcmp, false, NULL);
++ alloc_library_path("/lib64");
++ alloc_library_path("/lib");
++ alloc_library_path("/usr/lib");
++ load_ldso_conf("/etc/ld.so.conf");
++
+ while ((ch = getopt(argc, argv, OPT_ARGS)) != -1) {
+ switch (ch) {
+ case 'd':
+@@ -457,6 +464,11 @@ int main(int argc, char **argv)
+ case 'l':
+ add_extra(log, 0);
+ break;
++ case 'b':
++ if (elf_load_deps(optarg)) {
++ ERROR("failed to load dependencies for %s\n", optarg);
++ return -1;
++ }
+ }
+ }
+
+@@ -476,11 +488,6 @@ int main(int argc, char **argv)
+ if (name)
+ prctl(PR_SET_NAME, name, NULL, NULL, NULL);
+
+- avl_init(&libraries, avl_strcmp, false, NULL);
+- alloc_library_path("/lib64");
+- alloc_library_path("/lib");
+- alloc_library_path("/usr/lib");
+- load_ldso_conf("/etc/ld.so.conf");
+
+ if (elf_load_deps(argv[optind])) {
+ ERROR("failed to load dependencies\n");
new file mode 100644
@@ -0,0 +1,15 @@
+diff --git a/service/instance.c b/service/instance.c
+index 40ff021..9fec647 100644
+--- a/service/instance.c
++++ b/service/instance.c
+@@ -208,7 +208,9 @@ jail_run(struct service_instance *in, char **argv)
+ blobmsg_list_for_each(&jail->mount, var) {
+ const char *type = blobmsg_data(var->data);
+
+- if (*type == '1')
++ if (*type == '2')
++ argv[argc++] = "-b";
++ else if (*type == '1')
+ argv[argc++] = "-w";
+ else
+ argv[argc++] = "-r";
This allows to build jails with more than a single binary. May be used to run main program with a wrapper, f.e. ionice, or to add helper binaries for the main one (like gzip for tar with no build-in compression support). Usage: directly: ujail ... -b /usr/bin/main ... -- /bin/wrapper ... /usr/bin/main ujail ... -b /usr/bin/helper1 -b /bin/helper2 ... -- /usr/bin/main in init scripts: procd_add_jail_mount_bin /usr/bin/something /bin/helper Signed-off-by: Maxim Storchak <m.storchak@gmail.com> --- package/system/procd/files/procd.sh | 18 +++++++ .../procd/patches/100-ujail-helper-binary.patch | 58 ++++++++++++++++++++++ .../procd/patches/101-service-helper-binary.patch | 15 ++++++ 3 files changed, 91 insertions(+) create mode 100644 package/system/procd/patches/100-ujail-helper-binary.patch create mode 100644 package/system/procd/patches/101-service-helper-binary.patch