aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Golle <daniel@makrotopia.org>2020-11-17 13:11:16 +0000
committerDaniel Golle <daniel@makrotopia.org>2020-11-17 13:12:37 +0000
commit01b83040d3a9f6f30199c2fe8f0ceb1bc05e76cf (patch)
treecbe9b79eb816eff836b9125a89750004a2871aa6
parent62a3430f9ba648ec2508e8f539b2e1dc1797668a (diff)
downloadupstream-01b83040d3a9f6f30199c2fe8f0ceb1bc05e76cf.tar.gz
upstream-01b83040d3a9f6f30199c2fe8f0ceb1bc05e76cf.tar.bz2
upstream-01b83040d3a9f6f30199c2fe8f0ceb1bc05e76cf.zip
umdns: convert seccomp filter rules to OCI format
procd-seccomp switched to OCI-compliant seccomp parser instead of our (legacy, OpenWrt-specific) format. Convert ruleset to new format. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
-rw-r--r--package/network/services/umdns/Makefile2
-rw-r--r--package/network/services/umdns/files/umdns.json71
2 files changed, 42 insertions, 31 deletions
diff --git a/package/network/services/umdns/Makefile b/package/network/services/umdns/Makefile
index f02177dca2..d8cd9ae749 100644
--- a/package/network/services/umdns/Makefile
+++ b/package/network/services/umdns/Makefile
@@ -8,7 +8,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=umdns
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_URL=$(PROJECT_GIT)/project/mdnsd.git
PKG_SOURCE_PROTO:=git
diff --git a/package/network/services/umdns/files/umdns.json b/package/network/services/umdns/files/umdns.json
index c22ba6f5fb..db62f5f36d 100644
--- a/package/network/services/umdns/files/umdns.json
+++ b/package/network/services/umdns/files/umdns.json
@@ -1,32 +1,43 @@
{
- "whitelist": [
- "read",
- "write",
- "open",
- "close",
- "time",
- "brk",
- "ioctl",
- "uname",
- "bind",
- "connect",
- "getsockname",
- "recvmsg",
- "sendmsg",
- "sendto",
- "setsockopt",
- "socket",
- "poll",
- "fcntl64",
- "epoll_create",
- "epoll_ctl",
- "epoll_wait",
- "rt_sigaction",
- "sigreturn",
- "rt_sigreturn",
- "exit_group",
- "exit",
- "clock_gettime"
- ],
- "policy": 1
+ "defaultAction": "SCMP_ACT_KILL_PROCESS",
+ "syscalls": [
+ {
+ "names": [
+ "read",
+ "write",
+ "open",
+ "close",
+ "time",
+ "brk",
+ "ioctl",
+ "uname",
+ "bind",
+ "connect",
+ "getsockname",
+ "recvmsg",
+ "recvfrom",
+ "sendmsg",
+ "sendto",
+ "setsockopt",
+ "socket",
+ "pipe",
+ "poll",
+ "fcntl64",
+ "epoll_create",
+ "epoll_create1",
+ "epoll_ctl",
+ "epoll_wait",
+ "epoll_pwait",
+ "rt_sigaction",
+ "sigreturn",
+ "rt_sigreturn",
+ "rt_sigprocmask",
+ "exit_group",
+ "exit",
+ "fcntl",
+ "clock_gettime"
+ ],
+ "action": "SCMP_ACT_ALLOW"
+ }
+ ]
}