include $(TOPDIR)/rules.mk
PKG_NAME:=procd
-PKG_VERSION:=2015-02-27
+PKG_VERSION:=2015-03-30
PKG_RELEASE=$(PKG_SOURCE_VERSION)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=git://nbd.name/luci2/procd.git
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=b6777a45becef915d6a99f01e044ad508bb278c6
+PKG_SOURCE_VERSION:=91da63d3d3fd680c805dd1a1b78df5b8731a8173
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
CMAKE_INSTALL:=1
PKG_MAINTAINER:=John Crispin <blogic@openwrt.org>
+PKG_CONFIG_DEPENDS:= CONFIG_KERNEL_SECCOMP CONFIG_NAND_SUPPORT CONFIG_PROCD_SHOW_BOOT CONFIG_PROCD_ZRAM_TMPFS CONFIG_PROCD_JAIL_SUPPORT
+
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
-TARGET_LDFLAGS += $(if $(CONFIG_USE_EGLIBC),-lrt)
+TARGET_LDFLAGS += $(if $(CONFIG_USE_GLIBC),-lrt)
define Package/procd
SECTION:=base
CATEGORY:=Base system
- DEPENDS:=+ubusd +ubus +libjson-script +ubox +USE_EGLIBC:librt +libubox +libubus +NAND_SUPPORT:procd-nand
+ DEPENDS:=+ubusd +ubus +libjson-script +ubox +USE_GLIBC:librt +libubox +libubus +NAND_SUPPORT:procd-nand
TITLE:=OpenWrt system process manager
endef
+define Package/procd-jail
+ SECTION:=base
+ CATEGORY:=Base system
+ DEPENDS:=procd +@KERNEL_NAMESPACES +@KERNEL_UTS_NS +@KERNEL_IPC_NS +@KERNEL_PID_NS @PROCD_JAIL_SUPPORT
+ TITLE:=OpenWrt process jail
+ DEFAULT:=n
+endef
+
define Package/procd-nand
SECTION:=utils
CATEGORY:=Utilities
bool
default n
prompt "Mount /tmp using zram."
+
+config PROCD_JAIL_SUPPORT
+ bool
+ default y
+ depends on (mips || mipsel || i386 || x86_64) && PROCD_SECCOMP_SUPPORT
+
+config PROCD_SECCOMP_SUPPORT
+ bool
+ default y
+ depends on (mips || mipsel || i386 || x86_64) && !TARGET_uml && @KERNEL_SECCOMP
endmenu
endef
-PKG_CONFIG_DEPENDS:= CONFIG_NAND_SUPPORT CONFIG_PROCD_SHOW_BOOT CONFIG_PROCD_ZRAM_TMPFS
ifeq ($(CONFIG_NAND_SUPPORT),y)
CMAKE_OPTIONS += -DBUILD_UPGRADED=1
CMAKE_OPTIONS += -DZRAM_TMPFS=1
endif
+ifeq ($(CONFIG_PROCD_JAIL_SUPPORT),y)
+ CMAKE_OPTIONS += -DJAIL_SUPPORT=1
+endif
+
+ifeq ($(CONFIG_PROCD_SECCOMP_SUPPORT),y)
+ CMAKE_OPTIONS += -DSECCOMP_SUPPORT=1
+endif
+
define Package/procd/install
$(INSTALL_DIR) $(1)/sbin $(1)/etc $(1)/lib/functions
- $(CP) $(PKG_INSTALL_DIR)/usr/sbin/{init,procd,askfirst,udevtrigger} $(1)/sbin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/{init,procd,askfirst,udevtrigger} $(1)/sbin/
$(INSTALL_BIN) ./files/reload_config $(1)/sbin/
$(INSTALL_DATA) ./files/hotplug*.json $(1)/etc/
$(INSTALL_DATA) ./files/procd.sh $(1)/lib/functions/
+ifeq ($(CONFIG_PROCD_SECCOMP_SUPPORT),y)
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libpreload-seccomp.so $(1)/lib
+endif
+endef
+
+define Package/procd-jail/install
+ $(INSTALL_DIR) $(1)/sbin $(1)/lib
+
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/{utrace,ujail} $(1)/sbin/
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libpreload-trace.so $(1)/lib
endef
define Package/procd-nand/install
$(INSTALL_DIR) $(1)/sbin $(1)/lib/upgrade
- $(CP) $(PKG_INSTALL_DIR)/usr/sbin/upgraded $(1)/sbin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/upgraded $(1)/sbin/
$(INSTALL_DATA) ./files/nand.sh $(1)/lib/upgrade/
endef
endef
$(eval $(call BuildPackage,procd))
+$(eval $(call BuildPackage,procd-jail))
$(eval $(call BuildPackage,procd-nand))
$(eval $(call BuildPackage,procd-nand-firstboot))