[OpenWrt-Devel] procd/ujail docs

Etienne Champetier champetier.etienne at gmail.com
Fri Dec 11 13:06:46 EST 2015


Hi,

2015-12-11 12:03 GMT+01:00 John Crispin <blogic at openwrt.org>:
>
> Hi,
>
> with you adding lots of new features i am starting to not know what
> ujail can now do ;)
>
> how about if we start creating man page style docs and put them into the
> source tree and maintain them int he git. so whenever we add a new
> option we add some docs to explain how it works.
>
> we could use standard asciidoc syntax

I totally agree, my TODO (wish) list for ujail:

- small patch to not use CLONE_NEWUTS when -h isn't present, so when we
change "host" hostname, jail hostname also changes

- doc doc doc / jail some openwrt daemon (ntpd, ...)

- merge ujail into procd:
some feature like changing user are already in procd, but not in ujail, and
we need to apply/drop everything in the right order.
jail should be the default, so i prefer to merge ujail functionality into
procd than to duplicate procd into ujail
(i will discuss it more before starting)

- options for read only /sys or /proc

- use uci instead of json?

- add PR_SET_KEEPCAPS support,
so we can launch a http server as user nobody but with CAP_NET_BIND_SERVICE
(to bind on port 80)
(and without file capabilities)

- take a look at ambient capabilities (kernel 4.3+)

- ...

Can you put on your todo list:
- write code-style guidelines (no c++ style comments, no function() but
function(void), ...)

>
>         John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20151211/553601d8/attachment.htm>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list