[OpenWrt-Devel] [PATCH] package/utils/busybox: Jail sysntpd

[openwrt]

From: Daniel Dickinson <open...@daniel.thecshore.com>

Note that not all of procfs sysfs log and ubus may be required for actual
operation, they are just what strace reveals attempting to make accesses.

Signed-off-by: Daniel Dickinson <open...@daniel.thecshore.com>
---
 package/utils/busybox/files/sysntpd | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/package/utils/busybox/files/sysntpd 
b/package/utils/busybox/files/sysntpd
index f73bb83..e61c9fc 100755
--- a/package/utils/busybox/files/sysntpd
+++ b/package/utils/busybox/files/sysntpd
@@ -31,7 +31,11 @@ start_service() {
        for peer in $server; do
                procd_append_param command -p $peer
        done
+       touch /var/run/ntpd.pid
        procd_set_param respawn
+       procd_add_jail sysntpd procfs sysfs log ubus
+       procd_add_jail_mount "$HOTPLUG_SCRIPT" /etc/resolv.conf 
/tmp/resolv.conf /etc/hosts /etc/TZ
+       procd_add_jail_mount_rw /var/run/ntpd.pid
        procd_close_instance
 }
 
-- 
2.4.3
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel