[OpenWrt-Devel] [PATCH] package/utils/busybox: Jail sysntpd

openwrt at daniel.thecshore.com openwrt at daniel.thecshore.com
Wed Dec 16 17:34:02 EST 2015

From: Daniel Dickinson <openwrt at daniel.thecshore.com>

Note that not all of procfs sysfs log and ubus may be required for actual
operation, they are just what strace reveals attempting to make accesses.

Signed-off-by: Daniel Dickinson <openwrt at daniel.thecshore.com>
 package/utils/busybox/files/sysntpd | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/package/utils/busybox/files/sysntpd b/package/utils/busybox/files/sysntpd
index f73bb83..e61c9fc 100755
--- a/package/utils/busybox/files/sysntpd
+++ b/package/utils/busybox/files/sysntpd
@@ -31,7 +31,11 @@ start_service() {
 	for peer in $server; do
 		procd_append_param command -p $peer
+	touch /var/run/ntpd.pid
 	procd_set_param respawn
+	procd_add_jail sysntpd procfs sysfs log ubus
+	procd_add_jail_mount "$HOTPLUG_SCRIPT" /etc/resolv.conf /tmp/resolv.conf /etc/hosts /etc/TZ
+	procd_add_jail_mount_rw /var/run/ntpd.pid
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list