procd, branch master

jail: chown rootfs overlay dir to mapped root in user namespace

2026-06-17T09:45:14Z

When a persistent overlay directory is provided in a user namespace, the jail userns root (mapped to root_map_uid on the host) needs to create the upper and work directories inside it. Chown the overlay directory to the mapped root uid so these can be created. Signed-off-by: John Crispin Signed-off-by: Felix Fietkau

jail: mount rootfs overlay with userxattr in user namespace

2026-06-17T09:45:13Z

In a user namespace the overlay is mounted by the mapped root, which lacks CAP_SYS_ADMIN in the init user namespace and thus cannot use the default trusted.overlay.* xattrs. Add the userxattr mount option in that case so overlayfs uses the user.overlay.* xattrs instead. Signed-off-by: John Crispin Signed-off-by: Felix Fietkau

service: notify instance exit details via ubus

2026-06-17T09:45:09Z

Add service_event_instance_exit() which broadcasts a ubus notification including the service and instance name, pid, exit code, respawn count and the command. Use it for the instance.fail and instance.respawn events instead of the plain service_event() broadcast. Signed-off-by: John Crispin Signed-off-by: Felix Fietkau

service: fix calloc_a argument

2026-05-22T17:22:59Z

Use size_t instead of int, in order to avoid garbage values being used inside calloc_a. Signed-off-by: Felix Fietkau

jail: make /dev/tty accessible by others

2026-05-04T11:29:42Z

Required for e.g. `scp`, which fails otherwise: debug1: read_passphrase: can't open /dev/tty: Permission denied Signed-off-by: Andre Heider

jail: fix reading the oci device gid value

2026-05-04T11:29:02Z

Fix the typo to properly set the device group in the container namespace. Signed-off-by: Andre Heider

jail: mount tools used by dhcp.sh in the netifd jail

2026-05-04T11:28:59Z

./dhcp.sh: eval: line 33: md5sum: not found ./dhcp.sh: eval: line 33: cut: not found ./dhcp.sh: eval: line 107: /sbin/uci: not found Signed-off-by: Andre Heider

instance: disable console logging

2026-05-04T11:28:32Z

This spams the logs with every in- and outcoming byte. Signed-off-by: Andre Heider

jail: mount ucode related bits into netifd jail

2026-05-04T11:28:32Z

netifd gained ucode support, mount the required pieces to fix the errors: daemon.crit netifd: Error loading ucode script: Syntax error: Unable to resolve path for module 'uci' In line 1, byte 27: `import * as uci from "uci";` Near here ----------------^ Syntax error: Unable to resolve path for module 'uloop' In line 2, byte 31: `import * as uloop from "uloop";` Near here --------------------^ Syntax error: Unable to resolve path for module 'ubus' In line 3, byte 32: `import * as libubus from "ubus";` Near here ---------------------^ Syntax error: Unable to resolve path for module 'fs' In line 4, byte 37: `import { access, dirname } from "fs";` Near here --------------------------^ Signed-off-by: Andre Heider

jail: mount /lib/config into netifd jail

2026-03-24T23:48:23Z

The DHCP and DHCPv6 protocol scripts in netifd source /lib/config/uci.sh during initialization. Without /lib/config/uci.sh bind-mounted into the jail, the netifd instance running inside a container's network namespace fails to start the DHCP client: ./dhcp.sh: .: line 8: can't open '/lib/config/uci.sh' ./dhcpv6.sh: .: line 5: can't open '/lib/config/uci.sh' Add /lib/config/uci.sh to the jail netifd mount list alongside the existing /lib/functions and /lib/functions.sh entries. Signed-off-by: Paul Spooren Signed-off-by: Daniel Golle