[PATCH 0/2] enable procd security features by default

Etienne Champetier champetier.etienne at gmail.com
Thu Nov 26 12:03:52 EST 2020


Hi Petr, Daniel,

Le jeu. 26 nov. 2020 à 11:45, Petr Štetiar <ynezz at true.cz> a écrit :
>
> Daniel Golle <daniel at makrotopia.org> [2020-11-07 14:17:12]:
>
> Hi,
>
> > Please report back
>
> testing now the latest master on rtl8382 booted from initramfs and seeing following:
>
>  Thu Nov 26 14:45:35 2020 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
>  Thu Nov 26 14:45:36 2020 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
>  Thu Nov 26 14:45:42 2020 user.err : jail: pivot_root(/tmp/ujail-CgOmPF, /tmp/ujail-CgOmPF/old) failed: Invalid argument
>  Thu Nov 26 14:45:42 2020 daemon.info procd: Instance dnsmasq::cfg01411c s in a crash loop 14 crashes, 0 seconds since last crash
>  Thu Nov 26 14:45:45 2020 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
>  Thu Nov 26 14:45:45 2020 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
>  Thu Nov 26 14:45:46 2020 user.err : jail: pivot_root(/tmp/ujail-kfIjBM, /tmp/ujail-kfIjBM/old) failed: Invalid argument
>  Thu Nov 26 14:45:46 2020 daemon.info procd: Instance dnsmasq::cfg01411c s in a crash loop 15 crashes, 0 seconds since last crash

https://man7.org/linux/man-pages/man2/pivot_root.2.html
> The rootfs (initial ramfs) cannot be pivot_root()ed.

A possible solution
https://patchwork.ozlabs.org/project/openwrt/patch/9231D502B07C5E4A8B32D5115C9F19991F9A9D55@IRSMSX108.ger.corp.intel.com/

>
> -- ynezz



More information about the openwrt-devel mailing list