2 * Copyright (C) 2013 Felix Fietkau <nbd@openwrt.org>
3 * Copyright (C) 2013 John Crispin <blogic@openwrt.org>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU Lesser General Public License version 2.1
7 * as published by the Free Software Foundation
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
16 #include <sys/resource.h>
17 #include <sys/types.h>
18 #include <sys/socket.h>
29 #include <libubox/md5.h>
38 INSTANCE_ATTR_COMMAND,
43 INSTANCE_ATTR_TRIGGER,
44 INSTANCE_ATTR_RESPAWN,
52 INSTANCE_ATTR_NO_NEW_PRIVS,
55 INSTANCE_ATTR_SECCOMP,
59 static const struct blobmsg_policy instance_attr[__INSTANCE_ATTR_MAX] = {
60 [INSTANCE_ATTR_COMMAND] = { "command", BLOBMSG_TYPE_ARRAY },
61 [INSTANCE_ATTR_ENV] = { "env", BLOBMSG_TYPE_TABLE },
62 [INSTANCE_ATTR_DATA] = { "data", BLOBMSG_TYPE_TABLE },
63 [INSTANCE_ATTR_NETDEV] = { "netdev", BLOBMSG_TYPE_ARRAY },
64 [INSTANCE_ATTR_FILE] = { "file", BLOBMSG_TYPE_ARRAY },
65 [INSTANCE_ATTR_TRIGGER] = { "triggers", BLOBMSG_TYPE_ARRAY },
66 [INSTANCE_ATTR_RESPAWN] = { "respawn", BLOBMSG_TYPE_ARRAY },
67 [INSTANCE_ATTR_NICE] = { "nice", BLOBMSG_TYPE_INT32 },
68 [INSTANCE_ATTR_LIMITS] = { "limits", BLOBMSG_TYPE_TABLE },
69 [INSTANCE_ATTR_WATCH] = { "watch", BLOBMSG_TYPE_ARRAY },
70 [INSTANCE_ATTR_ERROR] = { "error", BLOBMSG_TYPE_ARRAY },
71 [INSTANCE_ATTR_USER] = { "user", BLOBMSG_TYPE_STRING },
72 [INSTANCE_ATTR_STDOUT] = { "stdout", BLOBMSG_TYPE_BOOL },
73 [INSTANCE_ATTR_STDERR] = { "stderr", BLOBMSG_TYPE_BOOL },
74 [INSTANCE_ATTR_NO_NEW_PRIVS] = { "no_new_privs", BLOBMSG_TYPE_BOOL },
75 [INSTANCE_ATTR_JAIL] = { "jail", BLOBMSG_TYPE_TABLE },
76 [INSTANCE_ATTR_TRACE] = { "trace", BLOBMSG_TYPE_BOOL },
77 [INSTANCE_ATTR_SECCOMP] = { "seccomp", BLOBMSG_TYPE_STRING },
91 static const struct blobmsg_policy jail_attr[__JAIL_ATTR_MAX] = {
92 [JAIL_ATTR_NAME] = { "name", BLOBMSG_TYPE_STRING },
93 [JAIL_ATTR_PROCFS] = { "procfs", BLOBMSG_TYPE_BOOL },
94 [JAIL_ATTR_SYSFS] = { "sysfs", BLOBMSG_TYPE_BOOL },
95 [JAIL_ATTR_UBUS] = { "ubus", BLOBMSG_TYPE_BOOL },
96 [JAIL_ATTR_LOG] = { "log", BLOBMSG_TYPE_BOOL },
97 [JAIL_ATTR_RONLY] = { "ronly", BLOBMSG_TYPE_BOOL },
98 [JAIL_ATTR_MOUNT] = { "mount", BLOBMSG_TYPE_TABLE },
101 struct instance_netdev {
102 struct blobmsg_list_node node;
106 struct instance_file {
107 struct blobmsg_list_node node;
116 static const struct rlimit_name rlimit_names[] = {
118 { "core", RLIMIT_CORE },
119 { "cpu", RLIMIT_CPU },
120 { "data", RLIMIT_DATA },
121 { "fsize", RLIMIT_FSIZE },
122 { "memlock", RLIMIT_MEMLOCK },
123 { "msgqueue", RLIMIT_MSGQUEUE },
124 { "nice", RLIMIT_NICE },
125 { "nofile", RLIMIT_NOFILE },
126 { "nproc", RLIMIT_NPROC },
127 { "rss", RLIMIT_RSS },
128 { "rtprio", RLIMIT_RTPRIO },
129 { "sigpending", RLIMIT_SIGPENDING },
130 { "stack", RLIMIT_STACK },
134 static char trace[] = "/sbin/utrace";
136 static void closefd(int fd)
138 if (fd > STDERR_FILENO)
143 instance_limits(const char *limit, const char *value)
147 unsigned long cur, max;
149 for (i = 0; rlimit_names[i].name != NULL; i++) {
150 if (strcmp(rlimit_names[i].name, limit))
152 if (!strcmp(value, "unlimited")) {
153 rlim.rlim_cur = RLIM_INFINITY;
154 rlim.rlim_max = RLIM_INFINITY;
156 if (getrlimit(rlimit_names[i].resource, &rlim))
162 if (sscanf(value, "%lu %lu", &cur, &max) < 1)
169 setrlimit(rlimit_names[i].resource, &rlim);
175 jail_run(struct service_instance *in, char **argv)
177 struct blobmsg_list_node *var;
178 struct jail *jail = &in->jail;
181 argv[argc++] = "/sbin/ujail";
185 argv[argc++] = jail->name;
190 argv[argc++] = in->seccomp;
193 if (in->no_new_privs)
211 blobmsg_list_for_each(&jail->mount, var) {
212 const char *type = blobmsg_data(var->data);
218 argv[argc++] = (char *) blobmsg_name(var->data);
227 instance_run(struct service_instance *in, int _stdout, int _stderr)
229 struct blobmsg_list_node *var;
230 struct blob_attr *cur;
233 int argc = 1; /* NULL terminated */
235 bool seccomp = !in->trace && !in->has_jail && in->seccomp;
236 bool setlbf = _stdout >= 0;
239 setpriority(PRIO_PROCESS, 0, in->nice);
241 blobmsg_for_each_attr(cur, in->command, rem)
244 blobmsg_list_for_each(&in->env, var)
245 setenv(blobmsg_name(var->data), blobmsg_data(var->data), 1);
248 setenv("SECCOMP_FILE", in->seccomp, 1);
250 if ((seccomp || setlbf) && asprintf(&ld_preload, "LD_PRELOAD=%s%s%s",
251 seccomp ? "/lib/libpreload-seccomp.so" : "",
252 seccomp && setlbf ? ":" : "",
253 setlbf ? "/lib/libsetlbf.so" : "") > 0)
256 blobmsg_list_for_each(&in->limits, var)
257 instance_limits(blobmsg_name(var->data), blobmsg_data(var->data));
262 argv = alloca(sizeof(char *) * (argc + in->jail.argc));
266 argv[argc++] = trace;
269 argc = jail_run(in, argv);
271 blobmsg_for_each_attr(cur, in->command, rem)
272 argv[argc++] = blobmsg_data(cur);
276 _stdin = open("/dev/null", O_RDONLY);
279 _stdout = open("/dev/null", O_WRONLY);
282 _stderr = open("/dev/null", O_WRONLY);
285 dup2(_stdin, STDIN_FILENO);
289 dup2(_stdout, STDOUT_FILENO);
293 dup2(_stderr, STDERR_FILENO);
297 if (in->gid && setgid(in->gid)) {
298 ERROR("failed to set group id %d: %d (%s)\n", in->gid, errno, strerror(errno));
301 if (in->uid && setuid(in->uid)) {
302 ERROR("failed to set user id %d: %d (%s)\n", in->uid, errno, strerror(errno));
306 execvp(argv[0], argv);
311 instance_free_stdio(struct service_instance *in)
313 if (in->_stdout.fd.fd > -1) {
314 ustream_free(&in->_stdout.stream);
315 close(in->_stdout.fd.fd);
316 in->_stdout.fd.fd = -1;
319 if (in->_stderr.fd.fd > -1) {
320 ustream_free(&in->_stderr.stream);
321 close(in->_stderr.fd.fd);
322 in->_stderr.fd.fd = -1;
327 instance_start(struct service_instance *in)
330 int opipe[2] = { -1, -1 };
331 int epipe[2] = { -1, -1 };
333 if (!avl_is_empty(&in->errors.avl)) {
334 LOG("Not starting instance %s::%s, an error was indicated\n", in->srv->name, in->name);
338 if (in->proc.pending)
341 instance_free_stdio(in);
342 if (in->_stdout.fd.fd > -2) {
344 ULOG_WARN("pipe() failed: %d (%s)\n", errno, strerror(errno));
345 opipe[0] = opipe[1] = -1;
349 if (in->_stderr.fd.fd > -2) {
351 ULOG_WARN("pipe() failed: %d (%s)\n", errno, strerror(errno));
352 epipe[0] = epipe[1] = -1;
357 in->halt = !in->respawn;
370 instance_run(in, opipe[1], epipe[1]);
374 DEBUG(2, "Started instance %s::%s\n", in->srv->name, in->name);
376 clock_gettime(CLOCK_MONOTONIC, &in->start);
377 uloop_process_add(&in->proc);
380 ustream_fd_init(&in->_stdout, opipe[0]);
385 ustream_fd_init(&in->_stderr, epipe[0]);
389 service_event("instance.start", in->srv->name, in->name);
393 instance_stdio(struct ustream *s, int prio, struct service_instance *in)
395 char *newline, *str, *arg0, ident[32];
398 arg0 = basename(blobmsg_data(blobmsg_data(in->command)));
399 snprintf(ident, sizeof(ident), "%s[%d]", arg0, in->proc.pid);
400 ulog_open(ULOG_SYSLOG, LOG_DAEMON, ident);
403 str = ustream_get_read_buf(s, NULL);
407 newline = strchr(str, '\n');
412 ulog(prio, "%s\n", str);
414 len = newline + 1 - str;
415 ustream_consume(s, len);
418 ulog_open(ULOG_SYSLOG, LOG_DAEMON, "procd");
422 instance_stdout(struct ustream *s, int bytes)
424 instance_stdio(s, LOG_INFO,
425 container_of(s, struct service_instance, _stdout.stream));
429 instance_stderr(struct ustream *s, int bytes)
431 instance_stdio(s, LOG_ERR,
432 container_of(s, struct service_instance, _stderr.stream));
436 instance_timeout(struct uloop_timeout *t)
438 struct service_instance *in;
440 in = container_of(t, struct service_instance, timeout);
442 if (!in->halt && (in->restart || in->respawn))
447 instance_exit(struct uloop_process *p, int ret)
449 struct service_instance *in;
453 in = container_of(p, struct service_instance, proc);
455 clock_gettime(CLOCK_MONOTONIC, &tp);
456 runtime = tp.tv_sec - in->start.tv_sec;
458 DEBUG(2, "Instance %s::%s exit with error code %d after %ld seconds\n", in->srv->name, in->name, ret, runtime);
462 uloop_timeout_cancel(&in->timeout);
465 } else if (in->restart) {
467 } else if (in->respawn) {
468 if (runtime < in->respawn_threshold)
471 in->respawn_count = 0;
472 if (in->respawn_count > in->respawn_retry && in->respawn_retry > 0 ) {
473 LOG("Instance %s::%s s in a crash loop %d crashes, %ld seconds since last crash\n",
474 in->srv->name, in->name, in->respawn_count, runtime);
475 in->restart = in->respawn = 0;
478 uloop_timeout_set(&in->timeout, in->respawn_timeout * 1000);
481 service_event("instance.stop", in->srv->name, in->name);
485 instance_stop(struct service_instance *in)
487 if (!in->proc.pending)
490 in->restart = in->respawn = false;
491 kill(in->proc.pid, SIGTERM);
495 instance_restart(struct service_instance *in)
497 if (!in->proc.pending)
501 kill(in->proc.pid, SIGTERM);
505 instance_config_changed(struct service_instance *in, struct service_instance *in_new)
510 if (!blob_attr_equal(in->command, in_new->command))
513 if (!blobmsg_list_equal(&in->env, &in_new->env))
516 if (!blobmsg_list_equal(&in->data, &in_new->data))
519 if (!blobmsg_list_equal(&in->netdev, &in_new->netdev))
522 if (!blobmsg_list_equal(&in->file, &in_new->file))
525 if (in->nice != in_new->nice)
528 if (in->uid != in_new->uid)
531 if (in->gid != in_new->gid)
534 if (!blobmsg_list_equal(&in->limits, &in_new->limits))
537 if (!blobmsg_list_equal(&in->jail.mount, &in_new->jail.mount))
540 if (!blobmsg_list_equal(&in->errors, &in_new->errors))
547 instance_netdev_cmp(struct blobmsg_list_node *l1, struct blobmsg_list_node *l2)
549 struct instance_netdev *n1 = container_of(l1, struct instance_netdev, node);
550 struct instance_netdev *n2 = container_of(l2, struct instance_netdev, node);
552 return n1->ifindex == n2->ifindex;
556 instance_netdev_update(struct blobmsg_list_node *l)
558 struct instance_netdev *n = container_of(l, struct instance_netdev, node);
560 n->ifindex = if_nametoindex(n->node.avl.key);
564 instance_file_cmp(struct blobmsg_list_node *l1, struct blobmsg_list_node *l2)
566 struct instance_file *f1 = container_of(l1, struct instance_file, node);
567 struct instance_file *f2 = container_of(l2, struct instance_file, node);
569 return !memcmp(f1->md5, f2->md5, sizeof(f1->md5));
573 instance_file_update(struct blobmsg_list_node *l)
575 struct instance_file *f = container_of(l, struct instance_file, node);
580 memset(f->md5, 0, sizeof(f->md5));
582 fd = open(l->avl.key, O_RDONLY);
588 len = read(fd, buf, sizeof(buf));
598 md5_hash(buf, len, &md5);
601 md5_end(f->md5, &md5);
606 instance_fill_any(struct blobmsg_list *l, struct blob_attr *cur)
611 blobmsg_list_fill(l, blobmsg_data(cur), blobmsg_data_len(cur), false);
615 instance_fill_array(struct blobmsg_list *l, struct blob_attr *cur, blobmsg_update_cb cb, bool array)
617 struct blobmsg_list_node *node;
622 if (!blobmsg_check_attr_list(cur, BLOBMSG_TYPE_STRING))
625 blobmsg_list_fill(l, blobmsg_data(cur), blobmsg_data_len(cur), array);
627 blobmsg_list_for_each(l, node)
634 instance_jail_parse(struct service_instance *in, struct blob_attr *attr)
636 struct blob_attr *tb[__JAIL_ATTR_MAX];
637 struct jail *jail = &in->jail;
640 if (stat("/sbin/ujail", &s))
643 blobmsg_parse(jail_attr, __JAIL_ATTR_MAX, tb,
644 blobmsg_data(attr), blobmsg_data_len(attr));
648 if (tb[JAIL_ATTR_NAME]) {
649 jail->name = blobmsg_get_string(tb[JAIL_ATTR_NAME]);
652 if (tb[JAIL_ATTR_PROCFS]) {
653 jail->procfs = blobmsg_get_bool(tb[JAIL_ATTR_PROCFS]);
656 if (tb[JAIL_ATTR_SYSFS]) {
657 jail->sysfs = blobmsg_get_bool(tb[JAIL_ATTR_SYSFS]);
660 if (tb[JAIL_ATTR_UBUS]) {
661 jail->ubus = blobmsg_get_bool(tb[JAIL_ATTR_UBUS]);
664 if (tb[JAIL_ATTR_LOG]) {
665 jail->log = blobmsg_get_bool(tb[JAIL_ATTR_LOG]);
668 if (tb[JAIL_ATTR_RONLY]) {
669 jail->ronly = blobmsg_get_bool(tb[JAIL_ATTR_RONLY]);
672 if (tb[JAIL_ATTR_MOUNT]) {
673 struct blob_attr *cur;
676 blobmsg_for_each_attr(cur, tb[JAIL_ATTR_MOUNT], rem)
678 instance_fill_array(&jail->mount, tb[JAIL_ATTR_MOUNT], NULL, false);
687 instance_config_parse(struct service_instance *in)
689 struct blob_attr *tb[__INSTANCE_ATTR_MAX];
690 struct blob_attr *cur, *cur2;
694 blobmsg_parse(instance_attr, __INSTANCE_ATTR_MAX, tb,
695 blobmsg_data(in->config), blobmsg_data_len(in->config));
697 cur = tb[INSTANCE_ATTR_COMMAND];
701 if (!blobmsg_check_attr_list(cur, BLOBMSG_TYPE_STRING))
704 blobmsg_for_each_attr(cur2, cur, rem) {
713 if (tb[INSTANCE_ATTR_RESPAWN]) {
715 uint32_t vals[3] = { 3600, 5, 5};
717 blobmsg_for_each_attr(cur2, tb[INSTANCE_ATTR_RESPAWN], rem) {
718 if ((i >= 3) && (blobmsg_type(cur2) == BLOBMSG_TYPE_STRING))
720 vals[i] = atoi(blobmsg_get_string(cur2));
724 in->respawn_count = 0;
725 in->respawn_threshold = vals[0];
726 in->respawn_timeout = vals[1];
727 in->respawn_retry = vals[2];
729 if (tb[INSTANCE_ATTR_TRIGGER]) {
730 in->trigger = tb[INSTANCE_ATTR_TRIGGER];
731 trigger_add(in->trigger, in);
734 if (tb[INSTANCE_ATTR_WATCH]) {
735 blobmsg_for_each_attr(cur2, tb[INSTANCE_ATTR_WATCH], rem) {
736 if (blobmsg_type(cur2) != BLOBMSG_TYPE_STRING)
738 DEBUG(3, "watch for %s\n", blobmsg_get_string(cur2));
739 watch_add(blobmsg_get_string(cur2), in);
743 if ((cur = tb[INSTANCE_ATTR_NICE])) {
744 in->nice = (int8_t) blobmsg_get_u32(cur);
745 if (in->nice < -20 || in->nice > 20)
749 if (tb[INSTANCE_ATTR_USER]) {
750 struct passwd *p = getpwnam(blobmsg_get_string(tb[INSTANCE_ATTR_USER]));
757 if (tb[INSTANCE_ATTR_TRACE])
758 in->trace = blobmsg_get_bool(tb[INSTANCE_ATTR_TRACE]);
760 if (tb[INSTANCE_ATTR_NO_NEW_PRIVS])
761 in->no_new_privs = blobmsg_get_bool(tb[INSTANCE_ATTR_NO_NEW_PRIVS]);
763 if (!in->trace && tb[INSTANCE_ATTR_SECCOMP]) {
764 char *seccomp = blobmsg_get_string(tb[INSTANCE_ATTR_SECCOMP]);
767 if (stat(seccomp, &s))
768 ERROR("%s: not starting seccomp as %s is missing\n", in->name, seccomp);
770 in->seccomp = seccomp;
772 if (!in->trace && tb[INSTANCE_ATTR_JAIL])
773 in->has_jail = instance_jail_parse(in, tb[INSTANCE_ATTR_JAIL]);
775 if (tb[INSTANCE_ATTR_STDOUT] && blobmsg_get_bool(tb[INSTANCE_ATTR_STDOUT]))
776 in->_stdout.fd.fd = -1;
778 if (tb[INSTANCE_ATTR_STDERR] && blobmsg_get_bool(tb[INSTANCE_ATTR_STDERR]))
779 in->_stderr.fd.fd = -1;
781 instance_fill_any(&in->data, tb[INSTANCE_ATTR_DATA]);
783 if (!instance_fill_array(&in->env, tb[INSTANCE_ATTR_ENV], NULL, false))
786 if (!instance_fill_array(&in->netdev, tb[INSTANCE_ATTR_NETDEV], instance_netdev_update, true))
789 if (!instance_fill_array(&in->file, tb[INSTANCE_ATTR_FILE], instance_file_update, true))
792 if (!instance_fill_array(&in->limits, tb[INSTANCE_ATTR_LIMITS], NULL, false))
795 if (!instance_fill_array(&in->errors, tb[INSTANCE_ATTR_ERROR], NULL, true))
802 instance_config_cleanup(struct service_instance *in)
804 blobmsg_list_free(&in->env);
805 blobmsg_list_free(&in->data);
806 blobmsg_list_free(&in->netdev);
807 blobmsg_list_free(&in->file);
808 blobmsg_list_free(&in->limits);
809 blobmsg_list_free(&in->errors);
810 blobmsg_list_free(&in->jail.mount);
814 instance_config_move(struct service_instance *in, struct service_instance *in_src)
816 instance_config_cleanup(in);
817 blobmsg_list_move(&in->env, &in_src->env);
818 blobmsg_list_move(&in->data, &in_src->data);
819 blobmsg_list_move(&in->netdev, &in_src->netdev);
820 blobmsg_list_move(&in->file, &in_src->file);
821 blobmsg_list_move(&in->limits, &in_src->limits);
822 blobmsg_list_move(&in->errors, &in_src->errors);
823 blobmsg_list_move(&in->jail.mount, &in_src->jail.mount);
824 in->trigger = in_src->trigger;
825 in->command = in_src->command;
826 in->name = in_src->name;
827 in->node.avl.key = in_src->node.avl.key;
830 in->config = in_src->config;
831 in_src->config = NULL;
835 instance_update(struct service_instance *in, struct service_instance *in_new)
837 bool changed = instance_config_changed(in, in_new);
838 bool running = in->proc.pending;
840 if (!changed && running)
845 instance_config_move(in, in_new);
848 instance_restart(in);
849 instance_config_move(in, in_new);
850 /* restart happens in the child callback handler */
856 instance_free(struct service_instance *in)
858 instance_free_stdio(in);
859 uloop_process_delete(&in->proc);
860 uloop_timeout_cancel(&in->timeout);
863 instance_config_cleanup(in);
869 instance_init(struct service_instance *in, struct service *s, struct blob_attr *config)
871 config = blob_memdup(config);
873 in->name = blobmsg_name(config);
875 in->timeout.cb = instance_timeout;
876 in->proc.cb = instance_exit;
878 in->_stdout.fd.fd = -2;
879 in->_stdout.stream.string_data = true;
880 in->_stdout.stream.notify_read = instance_stdout;
882 in->_stderr.fd.fd = -2;
883 in->_stderr.stream.string_data = true;
884 in->_stderr.stream.notify_read = instance_stderr;
886 blobmsg_list_init(&in->netdev, struct instance_netdev, node, instance_netdev_cmp);
887 blobmsg_list_init(&in->file, struct instance_file, node, instance_file_cmp);
888 blobmsg_list_simple_init(&in->env);
889 blobmsg_list_simple_init(&in->data);
890 blobmsg_list_simple_init(&in->limits);
891 blobmsg_list_simple_init(&in->errors);
892 blobmsg_list_simple_init(&in->jail.mount);
893 in->valid = instance_config_parse(in);
896 void instance_dump(struct blob_buf *b, struct service_instance *in, int verbose)
903 i = blobmsg_open_table(b, in->name);
904 blobmsg_add_u8(b, "running", in->proc.pending);
905 if (in->proc.pending)
906 blobmsg_add_u32(b, "pid", in->proc.pid);
907 blobmsg_add_blob(b, in->command);
909 if (!avl_is_empty(&in->errors.avl)) {
910 struct blobmsg_list_node *var;
911 void *e = blobmsg_open_array(b, "errors");
912 blobmsg_list_for_each(&in->errors, var)
913 blobmsg_add_string(b, NULL, blobmsg_data(var->data));
914 blobmsg_close_table(b, e);
917 if (!avl_is_empty(&in->env.avl)) {
918 struct blobmsg_list_node *var;
919 void *e = blobmsg_open_table(b, "env");
920 blobmsg_list_for_each(&in->env, var)
921 blobmsg_add_string(b, blobmsg_name(var->data), blobmsg_data(var->data));
922 blobmsg_close_table(b, e);
925 if (!avl_is_empty(&in->data.avl)) {
926 struct blobmsg_list_node *var;
927 void *e = blobmsg_open_table(b, "data");
928 blobmsg_list_for_each(&in->data, var)
929 blobmsg_add_blob(b, var->data);
930 blobmsg_close_table(b, e);
933 if (!avl_is_empty(&in->limits.avl)) {
934 struct blobmsg_list_node *var;
935 void *e = blobmsg_open_table(b, "limits");
936 blobmsg_list_for_each(&in->limits, var)
937 blobmsg_add_string(b, blobmsg_name(var->data), blobmsg_data(var->data));
938 blobmsg_close_table(b, e);
942 void *r = blobmsg_open_table(b, "respawn");
943 blobmsg_add_u32(b, "threshold", in->respawn_threshold);
944 blobmsg_add_u32(b, "timeout", in->respawn_timeout);
945 blobmsg_add_u32(b, "retry", in->respawn_retry);
946 blobmsg_close_table(b, r);
950 blobmsg_add_u8(b, "trace", true);
952 if (in->no_new_privs)
953 blobmsg_add_u8(b, "no_new_privs", true);
956 blobmsg_add_string(b, "seccomp", in->seccomp);
959 void *r = blobmsg_open_table(b, "jail");
961 blobmsg_add_string(b, "name", in->jail.name);
962 blobmsg_add_u8(b, "procfs", in->jail.procfs);
963 blobmsg_add_u8(b, "sysfs", in->jail.sysfs);
964 blobmsg_add_u8(b, "ubus", in->jail.ubus);
965 blobmsg_add_u8(b, "log", in->jail.log);
966 blobmsg_add_u8(b, "ronly", in->jail.ronly);
967 blobmsg_close_table(b, r);
968 if (!avl_is_empty(&in->jail.mount.avl)) {
969 struct blobmsg_list_node *var;
970 void *e = blobmsg_open_table(b, "mount");
971 blobmsg_list_for_each(&in->jail.mount, var)
972 blobmsg_add_string(b, blobmsg_name(var->data), blobmsg_data(var->data));
973 blobmsg_close_table(b, e);
977 if (verbose && in->trigger)
978 blobmsg_add_blob(b, in->trigger);
980 blobmsg_close_table(b, i);
projects / project / procd.git / blob