procd/initd, branch master

initd: mount /sys and /proc with MS_RELATIME

2024-11-13T21:48:05Z

Despite access timestamps not being needed on /sys and /proc, using MS_NOATIME leads to many container tools not working because the new mounts of /proc or /sys are more revealing than the original ones. This results in not being able to mount /proc inside a user namespace with procd's uxc, but also other tools like bubblewrap, podman or lxd. Fix this by setting MS_RELATIME instead. The problem has been present in procd since commit 9fcc900 ("fix up the mount options to match what openwrt had before using procd as pid 1") but also in pre-procd OpenWrt releases. Signed-off-by: Daniel Golle

init: attempt to mount efivarfs

2023-01-16T21:07:54Z

Mount efivarfs to /sys/firmware/efi/efivars if available. Tested-by: Oskari Rauta Signed-off-by: Daniel Golle

init: only relabel rootfs if started from initramfs

2022-06-01T19:40:23Z

Do not relabel all the filesystem if not running from initramfs, it should only be needed in this case. Read-write (ext4) labels should be set when generating the filesystem just like it's done for squashfs. Signed-off-by: Daniel Golle

init: selinux: don't relabel virtual filesystems

2022-06-01T19:40:23Z

Attempting to relabel /dev/console, /proc or /sys results in an error message. Avoid that by excluding them when relabeling rootfs on boot. Signed-off-by: Daniel Golle

init: restore SELinux labels after policy is loaded

2022-05-03T01:05:16Z

Introduce an additional SELinux init step to calling restorecon to label the filesystem. This fixes SELinux on initramfs or systems with ext4 or ubifs read-write root filesystem. Signed-off-by: Daniel Golle

procd: completely remove tmp-on-zram support

2022-03-03T20:25:56Z

The configuration settings were removed from the package, this is now dead code. Signed-off-by: Rui Salvaterra

procd: clean up /dev/pts mounts

2022-01-11T16:23:25Z

The default mode is already 600, no need to specify it. Access times are also irrelevant. Signed-off-by: Rui Salvaterra

procd: mount /dev with noexec

2022-01-11T16:23:05Z

/dev is writable. Allowing execution inside it makes it a possible attack vector. Kees Cook recently sent a kernel patch [1] in order to mount /dev as noexec and nosuid for systems which rely on CONFIG_DEVTMPFS_MOUNT=y to create/populate /dev, which isn't our case (it's procd's responsibility). Add noexec to the /dev mount flags, since we already use nosuid (and keep the coldplug flags symmetric, while at it). This carries the risk of breaking very old, pre-KMS graphics drivers [2], but it shouldn't be a problem for systems built in the last ~15 years. The vast majority of our targets doesn't have a GPU, anyway. :) [1] https://lore.kernel.org/all/YcMfDOyrg647RCmd@debian-BULLSEYE-live-builder-AMD64/ [2] https://lore.kernel.org/all/CAPXgP12e5LpN6XVxaXOHhH=u8XXN==2reTaJDCoCk4tP4QduDQ@mail.gmail.com/ Signed-off-by: Rui Salvaterra

initd: fix off-by-one error in mkdev.c

2021-08-31T11:24:14Z

Substract 1 from bufsize so len can not be out of bounds. Same hanling as in "udevtrigger.c" in "sysfs_resolve_link". Replaces: 8eb1d783 Coverity CID: 1330087 Readlink used insecurely Signed-off-by: Nick Hainke

Revert "initd: fix off-by-one error in mkdev.c"

2021-08-31T11:24:14Z

This reverts commit 8eb1d783cca6e0d501dd3a2f94262ffc36ae6482. This line reads a symbolic link into the string buffer "buf". len = readlink(buf2, buf, sizeof(buf)); The commit replaced now buf[len] = 0; with buf[sizeof(buf) - 1] = '\0'; However, that does not work since readlink does not null-terminate the string written into "buf" and "buf[len] = 0" was used for that. What happens if the buffer is to small? "If the buf argument is not large enough to contain the link content, the first bufsize bytes shall be placed in buf." (Source: https://pubs.opengroup.org/onlinepubs/009695399/functions/readlink.htm) Signed-off-by: Nick Hainke