[OpenWrt-Devel] [PATCH procd 2/2] Allow disabling seccomp or changing the whitelist
Michal Sojka
sojkam1 at fel.cvut.cz
Mon Jul 30 03:32:19 EDT 2018
From: Michal Sojka <michal.sojka at cvut.cz>
Without this change, once a service is started with seccomp, it is
impossible to restart it without seccomp or change the whitelist file
name. This commit fixes that. Disabling seccomp is as easy as
commenting out the "procd_set_param seccomp" line in init.d script.
Signed-off-by: Michal Sojka <michal.sojka at cvut.cz>
---
service/instance.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/service/instance.c b/service/instance.c
index 917b003..c14d348 100644
--- a/service/instance.c
+++ b/service/instance.c
@@ -637,6 +637,11 @@ instance_config_changed(struct service_instance *in, struct service_instance *in
if (in->respawn_timeout != in_new->respawn_timeout)
return true;
+ if ((!in->seccomp && in_new->seccomp) ||
+ (in->seccomp && !in_new->seccomp) ||
+ (in->seccomp && in_new->seccomp && strcmp(in->seccomp, in_new->seccomp)))
+ return true;
+
if (!blobmsg_list_equal(&in->limits, &in_new->limits))
return true;
@@ -957,6 +962,7 @@ instance_config_move(struct service_instance *in, struct service_instance *in_sr
in->respawn_timeout = in_src->respawn_timeout;
in->name = in_src->name;
in->trace = in_src->trace;
+ in->seccomp = in_src->seccomp;
in->node.avl.key = in_src->node.avl.key;
free(in->config);
--
2.18.0
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list