2 * Copyright (C) 2013 Felix Fietkau <nbd@openwrt.org>
3 * Copyright (C) 2013 John Crispin <blogic@openwrt.org>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU Lesser General Public License version 2.1
7 * as published by the Free Software Foundation
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
16 #include <sys/resource.h>
17 #include <sys/types.h>
18 #include <sys/socket.h>
29 #include <libubox/md5.h>
38 INSTANCE_ATTR_COMMAND,
43 INSTANCE_ATTR_TRIGGER,
44 INSTANCE_ATTR_RESPAWN,
52 INSTANCE_ATTR_NO_NEW_PRIVS,
55 INSTANCE_ATTR_SECCOMP,
59 static const struct blobmsg_policy instance_attr[__INSTANCE_ATTR_MAX] = {
60 [INSTANCE_ATTR_COMMAND] = { "command", BLOBMSG_TYPE_ARRAY },
61 [INSTANCE_ATTR_ENV] = { "env", BLOBMSG_TYPE_TABLE },
62 [INSTANCE_ATTR_DATA] = { "data", BLOBMSG_TYPE_TABLE },
63 [INSTANCE_ATTR_NETDEV] = { "netdev", BLOBMSG_TYPE_ARRAY },
64 [INSTANCE_ATTR_FILE] = { "file", BLOBMSG_TYPE_ARRAY },
65 [INSTANCE_ATTR_TRIGGER] = { "triggers", BLOBMSG_TYPE_ARRAY },
66 [INSTANCE_ATTR_RESPAWN] = { "respawn", BLOBMSG_TYPE_ARRAY },
67 [INSTANCE_ATTR_NICE] = { "nice", BLOBMSG_TYPE_INT32 },
68 [INSTANCE_ATTR_LIMITS] = { "limits", BLOBMSG_TYPE_TABLE },
69 [INSTANCE_ATTR_WATCH] = { "watch", BLOBMSG_TYPE_ARRAY },
70 [INSTANCE_ATTR_ERROR] = { "error", BLOBMSG_TYPE_ARRAY },
71 [INSTANCE_ATTR_USER] = { "user", BLOBMSG_TYPE_STRING },
72 [INSTANCE_ATTR_STDOUT] = { "stdout", BLOBMSG_TYPE_BOOL },
73 [INSTANCE_ATTR_STDERR] = { "stderr", BLOBMSG_TYPE_BOOL },
74 [INSTANCE_ATTR_NO_NEW_PRIVS] = { "no_new_privs", BLOBMSG_TYPE_BOOL },
75 [INSTANCE_ATTR_JAIL] = { "jail", BLOBMSG_TYPE_TABLE },
76 [INSTANCE_ATTR_TRACE] = { "trace", BLOBMSG_TYPE_BOOL },
77 [INSTANCE_ATTR_SECCOMP] = { "seccomp", BLOBMSG_TYPE_STRING },
92 static const struct blobmsg_policy jail_attr[__JAIL_ATTR_MAX] = {
93 [JAIL_ATTR_NAME] = { "name", BLOBMSG_TYPE_STRING },
94 [JAIL_ATTR_HOSTNAME] = { "hostname", BLOBMSG_TYPE_STRING },
95 [JAIL_ATTR_PROCFS] = { "procfs", BLOBMSG_TYPE_BOOL },
96 [JAIL_ATTR_SYSFS] = { "sysfs", BLOBMSG_TYPE_BOOL },
97 [JAIL_ATTR_UBUS] = { "ubus", BLOBMSG_TYPE_BOOL },
98 [JAIL_ATTR_LOG] = { "log", BLOBMSG_TYPE_BOOL },
99 [JAIL_ATTR_RONLY] = { "ronly", BLOBMSG_TYPE_BOOL },
100 [JAIL_ATTR_MOUNT] = { "mount", BLOBMSG_TYPE_TABLE },
103 struct instance_netdev {
104 struct blobmsg_list_node node;
108 struct instance_file {
109 struct blobmsg_list_node node;
118 static const struct rlimit_name rlimit_names[] = {
120 { "core", RLIMIT_CORE },
121 { "cpu", RLIMIT_CPU },
122 { "data", RLIMIT_DATA },
123 { "fsize", RLIMIT_FSIZE },
124 { "memlock", RLIMIT_MEMLOCK },
125 { "nofile", RLIMIT_NOFILE },
126 { "nproc", RLIMIT_NPROC },
127 { "rss", RLIMIT_RSS },
128 { "stack", RLIMIT_STACK },
130 { "nice", RLIMIT_NICE },
131 { "rtprio", RLIMIT_RTPRIO },
132 { "msgqueue", RLIMIT_MSGQUEUE },
133 { "sigpending", RLIMIT_SIGPENDING },
138 static char trace[] = "/sbin/utrace";
140 static void closefd(int fd)
142 if (fd > STDERR_FILENO)
147 instance_limits(const char *limit, const char *value)
151 unsigned long cur, max;
153 for (i = 0; rlimit_names[i].name != NULL; i++) {
154 if (strcmp(rlimit_names[i].name, limit))
156 if (!strcmp(value, "unlimited")) {
157 rlim.rlim_cur = RLIM_INFINITY;
158 rlim.rlim_max = RLIM_INFINITY;
160 if (getrlimit(rlimit_names[i].resource, &rlim))
166 if (sscanf(value, "%lu %lu", &cur, &max) < 1)
173 setrlimit(rlimit_names[i].resource, &rlim);
179 jail_run(struct service_instance *in, char **argv)
181 struct blobmsg_list_node *var;
182 struct jail *jail = &in->jail;
185 argv[argc++] = "/sbin/ujail";
189 argv[argc++] = jail->name;
192 if (jail->hostname) {
194 argv[argc++] = jail->hostname;
199 argv[argc++] = in->seccomp;
202 if (in->no_new_privs)
220 blobmsg_list_for_each(&jail->mount, var) {
221 const char *type = blobmsg_data(var->data);
227 argv[argc++] = (char *) blobmsg_name(var->data);
236 instance_run(struct service_instance *in, int _stdout, int _stderr)
238 struct blobmsg_list_node *var;
239 struct blob_attr *cur;
242 int argc = 1; /* NULL terminated */
244 bool seccomp = !in->trace && !in->has_jail && in->seccomp;
245 bool setlbf = _stdout >= 0;
248 setpriority(PRIO_PROCESS, 0, in->nice);
250 blobmsg_for_each_attr(cur, in->command, rem)
253 blobmsg_list_for_each(&in->env, var)
254 setenv(blobmsg_name(var->data), blobmsg_data(var->data), 1);
257 setenv("SECCOMP_FILE", in->seccomp, 1);
259 if ((seccomp || setlbf) && asprintf(&ld_preload, "LD_PRELOAD=%s%s%s",
260 seccomp ? "/lib/libpreload-seccomp.so" : "",
261 seccomp && setlbf ? ":" : "",
262 setlbf ? "/lib/libsetlbf.so" : "") > 0)
265 blobmsg_list_for_each(&in->limits, var)
266 instance_limits(blobmsg_name(var->data), blobmsg_data(var->data));
271 argv = alloca(sizeof(char *) * (argc + in->jail.argc));
275 argv[argc++] = trace;
278 argc = jail_run(in, argv);
280 blobmsg_for_each_attr(cur, in->command, rem)
281 argv[argc++] = blobmsg_data(cur);
285 _stdin = open("/dev/null", O_RDONLY);
288 _stdout = open("/dev/null", O_WRONLY);
291 _stderr = open("/dev/null", O_WRONLY);
294 dup2(_stdin, STDIN_FILENO);
298 dup2(_stdout, STDOUT_FILENO);
302 dup2(_stderr, STDERR_FILENO);
306 if (in->gid && setgid(in->gid)) {
307 ERROR("failed to set group id %d: %d (%s)\n", in->gid, errno, strerror(errno));
310 if (in->uid && setuid(in->uid)) {
311 ERROR("failed to set user id %d: %d (%s)\n", in->uid, errno, strerror(errno));
315 execvp(argv[0], argv);
320 instance_free_stdio(struct service_instance *in)
322 if (in->_stdout.fd.fd > -1) {
323 ustream_free(&in->_stdout.stream);
324 close(in->_stdout.fd.fd);
325 in->_stdout.fd.fd = -1;
328 if (in->_stderr.fd.fd > -1) {
329 ustream_free(&in->_stderr.stream);
330 close(in->_stderr.fd.fd);
331 in->_stderr.fd.fd = -1;
336 instance_start(struct service_instance *in)
339 int opipe[2] = { -1, -1 };
340 int epipe[2] = { -1, -1 };
342 if (!avl_is_empty(&in->errors.avl)) {
343 LOG("Not starting instance %s::%s, an error was indicated\n", in->srv->name, in->name);
347 if (in->proc.pending)
350 instance_free_stdio(in);
351 if (in->_stdout.fd.fd > -2) {
353 ULOG_WARN("pipe() failed: %d (%s)\n", errno, strerror(errno));
354 opipe[0] = opipe[1] = -1;
358 if (in->_stderr.fd.fd > -2) {
360 ULOG_WARN("pipe() failed: %d (%s)\n", errno, strerror(errno));
361 epipe[0] = epipe[1] = -1;
366 in->halt = !in->respawn;
379 instance_run(in, opipe[1], epipe[1]);
383 DEBUG(2, "Started instance %s::%s\n", in->srv->name, in->name);
385 clock_gettime(CLOCK_MONOTONIC, &in->start);
386 uloop_process_add(&in->proc);
389 ustream_fd_init(&in->_stdout, opipe[0]);
394 ustream_fd_init(&in->_stderr, epipe[0]);
398 service_event("instance.start", in->srv->name, in->name);
402 instance_stdio(struct ustream *s, int prio, struct service_instance *in)
404 char *newline, *str, *arg0, ident[32];
407 arg0 = basename(blobmsg_data(blobmsg_data(in->command)));
408 snprintf(ident, sizeof(ident), "%s[%d]", arg0, in->proc.pid);
409 ulog_open(ULOG_SYSLOG, LOG_DAEMON, ident);
412 str = ustream_get_read_buf(s, NULL);
416 newline = strchr(str, '\n');
421 ulog(prio, "%s\n", str);
423 len = newline + 1 - str;
424 ustream_consume(s, len);
427 ulog_open(ULOG_SYSLOG, LOG_DAEMON, "procd");
431 instance_stdout(struct ustream *s, int bytes)
433 instance_stdio(s, LOG_INFO,
434 container_of(s, struct service_instance, _stdout.stream));
438 instance_stderr(struct ustream *s, int bytes)
440 instance_stdio(s, LOG_ERR,
441 container_of(s, struct service_instance, _stderr.stream));
445 instance_timeout(struct uloop_timeout *t)
447 struct service_instance *in;
449 in = container_of(t, struct service_instance, timeout);
451 if (!in->halt && (in->restart || in->respawn))
456 instance_exit(struct uloop_process *p, int ret)
458 struct service_instance *in;
462 in = container_of(p, struct service_instance, proc);
464 clock_gettime(CLOCK_MONOTONIC, &tp);
465 runtime = tp.tv_sec - in->start.tv_sec;
467 DEBUG(2, "Instance %s::%s exit with error code %d after %ld seconds\n", in->srv->name, in->name, ret, runtime);
471 uloop_timeout_cancel(&in->timeout);
474 } else if (in->restart) {
476 } else if (in->respawn) {
477 if (runtime < in->respawn_threshold)
480 in->respawn_count = 0;
481 if (in->respawn_count > in->respawn_retry && in->respawn_retry > 0 ) {
482 LOG("Instance %s::%s s in a crash loop %d crashes, %ld seconds since last crash\n",
483 in->srv->name, in->name, in->respawn_count, runtime);
484 in->restart = in->respawn = 0;
487 uloop_timeout_set(&in->timeout, in->respawn_timeout * 1000);
490 service_event("instance.stop", in->srv->name, in->name);
494 instance_stop(struct service_instance *in)
496 if (!in->proc.pending)
499 in->restart = in->respawn = false;
500 kill(in->proc.pid, SIGTERM);
504 instance_restart(struct service_instance *in)
506 if (!in->proc.pending)
510 kill(in->proc.pid, SIGTERM);
514 instance_config_changed(struct service_instance *in, struct service_instance *in_new)
519 if (!blob_attr_equal(in->command, in_new->command))
522 if (!blobmsg_list_equal(&in->env, &in_new->env))
525 if (!blobmsg_list_equal(&in->data, &in_new->data))
528 if (!blobmsg_list_equal(&in->netdev, &in_new->netdev))
531 if (!blobmsg_list_equal(&in->file, &in_new->file))
534 if (in->nice != in_new->nice)
537 if (in->uid != in_new->uid)
540 if (in->gid != in_new->gid)
543 if (!blobmsg_list_equal(&in->limits, &in_new->limits))
546 if (!blobmsg_list_equal(&in->jail.mount, &in_new->jail.mount))
549 if (!blobmsg_list_equal(&in->errors, &in_new->errors))
556 instance_netdev_cmp(struct blobmsg_list_node *l1, struct blobmsg_list_node *l2)
558 struct instance_netdev *n1 = container_of(l1, struct instance_netdev, node);
559 struct instance_netdev *n2 = container_of(l2, struct instance_netdev, node);
561 return n1->ifindex == n2->ifindex;
565 instance_netdev_update(struct blobmsg_list_node *l)
567 struct instance_netdev *n = container_of(l, struct instance_netdev, node);
569 n->ifindex = if_nametoindex(n->node.avl.key);
573 instance_file_cmp(struct blobmsg_list_node *l1, struct blobmsg_list_node *l2)
575 struct instance_file *f1 = container_of(l1, struct instance_file, node);
576 struct instance_file *f2 = container_of(l2, struct instance_file, node);
578 return !memcmp(f1->md5, f2->md5, sizeof(f1->md5));
582 instance_file_update(struct blobmsg_list_node *l)
584 struct instance_file *f = container_of(l, struct instance_file, node);
589 memset(f->md5, 0, sizeof(f->md5));
591 fd = open(l->avl.key, O_RDONLY);
597 len = read(fd, buf, sizeof(buf));
607 md5_hash(buf, len, &md5);
610 md5_end(f->md5, &md5);
615 instance_fill_any(struct blobmsg_list *l, struct blob_attr *cur)
620 blobmsg_list_fill(l, blobmsg_data(cur), blobmsg_data_len(cur), false);
624 instance_fill_array(struct blobmsg_list *l, struct blob_attr *cur, blobmsg_update_cb cb, bool array)
626 struct blobmsg_list_node *node;
631 if (!blobmsg_check_attr_list(cur, BLOBMSG_TYPE_STRING))
634 blobmsg_list_fill(l, blobmsg_data(cur), blobmsg_data_len(cur), array);
636 blobmsg_list_for_each(l, node)
643 instance_jail_parse(struct service_instance *in, struct blob_attr *attr)
645 struct blob_attr *tb[__JAIL_ATTR_MAX];
646 struct jail *jail = &in->jail;
649 if (stat("/sbin/ujail", &s))
652 blobmsg_parse(jail_attr, __JAIL_ATTR_MAX, tb,
653 blobmsg_data(attr), blobmsg_data_len(attr));
657 if (tb[JAIL_ATTR_NAME]) {
658 jail->name = blobmsg_get_string(tb[JAIL_ATTR_NAME]);
661 if (tb[JAIL_ATTR_HOSTNAME]) {
662 jail->hostname = blobmsg_get_string(tb[JAIL_ATTR_HOSTNAME]);
665 if (tb[JAIL_ATTR_PROCFS]) {
666 jail->procfs = blobmsg_get_bool(tb[JAIL_ATTR_PROCFS]);
669 if (tb[JAIL_ATTR_SYSFS]) {
670 jail->sysfs = blobmsg_get_bool(tb[JAIL_ATTR_SYSFS]);
673 if (tb[JAIL_ATTR_UBUS]) {
674 jail->ubus = blobmsg_get_bool(tb[JAIL_ATTR_UBUS]);
677 if (tb[JAIL_ATTR_LOG]) {
678 jail->log = blobmsg_get_bool(tb[JAIL_ATTR_LOG]);
681 if (tb[JAIL_ATTR_RONLY]) {
682 jail->ronly = blobmsg_get_bool(tb[JAIL_ATTR_RONLY]);
685 if (tb[JAIL_ATTR_MOUNT]) {
686 struct blob_attr *cur;
689 blobmsg_for_each_attr(cur, tb[JAIL_ATTR_MOUNT], rem)
691 instance_fill_array(&jail->mount, tb[JAIL_ATTR_MOUNT], NULL, false);
700 instance_config_parse(struct service_instance *in)
702 struct blob_attr *tb[__INSTANCE_ATTR_MAX];
703 struct blob_attr *cur, *cur2;
707 blobmsg_parse(instance_attr, __INSTANCE_ATTR_MAX, tb,
708 blobmsg_data(in->config), blobmsg_data_len(in->config));
710 cur = tb[INSTANCE_ATTR_COMMAND];
714 if (!blobmsg_check_attr_list(cur, BLOBMSG_TYPE_STRING))
717 blobmsg_for_each_attr(cur2, cur, rem) {
726 if (tb[INSTANCE_ATTR_RESPAWN]) {
728 uint32_t vals[3] = { 3600, 5, 5};
730 blobmsg_for_each_attr(cur2, tb[INSTANCE_ATTR_RESPAWN], rem) {
731 if ((i >= 3) && (blobmsg_type(cur2) == BLOBMSG_TYPE_STRING))
733 vals[i] = atoi(blobmsg_get_string(cur2));
737 in->respawn_count = 0;
738 in->respawn_threshold = vals[0];
739 in->respawn_timeout = vals[1];
740 in->respawn_retry = vals[2];
742 if (tb[INSTANCE_ATTR_TRIGGER]) {
743 in->trigger = tb[INSTANCE_ATTR_TRIGGER];
744 trigger_add(in->trigger, in);
747 if (tb[INSTANCE_ATTR_WATCH]) {
748 blobmsg_for_each_attr(cur2, tb[INSTANCE_ATTR_WATCH], rem) {
749 if (blobmsg_type(cur2) != BLOBMSG_TYPE_STRING)
751 DEBUG(3, "watch for %s\n", blobmsg_get_string(cur2));
752 watch_add(blobmsg_get_string(cur2), in);
756 if ((cur = tb[INSTANCE_ATTR_NICE])) {
757 in->nice = (int8_t) blobmsg_get_u32(cur);
758 if (in->nice < -20 || in->nice > 20)
762 if (tb[INSTANCE_ATTR_USER]) {
763 struct passwd *p = getpwnam(blobmsg_get_string(tb[INSTANCE_ATTR_USER]));
770 if (tb[INSTANCE_ATTR_TRACE])
771 in->trace = blobmsg_get_bool(tb[INSTANCE_ATTR_TRACE]);
773 if (tb[INSTANCE_ATTR_NO_NEW_PRIVS])
774 in->no_new_privs = blobmsg_get_bool(tb[INSTANCE_ATTR_NO_NEW_PRIVS]);
776 if (!in->trace && tb[INSTANCE_ATTR_SECCOMP]) {
777 char *seccomp = blobmsg_get_string(tb[INSTANCE_ATTR_SECCOMP]);
780 if (stat(seccomp, &s))
781 ERROR("%s: not starting seccomp as %s is missing\n", in->name, seccomp);
783 in->seccomp = seccomp;
785 if (!in->trace && tb[INSTANCE_ATTR_JAIL])
786 in->has_jail = instance_jail_parse(in, tb[INSTANCE_ATTR_JAIL]);
788 if (tb[INSTANCE_ATTR_STDOUT] && blobmsg_get_bool(tb[INSTANCE_ATTR_STDOUT]))
789 in->_stdout.fd.fd = -1;
791 if (tb[INSTANCE_ATTR_STDERR] && blobmsg_get_bool(tb[INSTANCE_ATTR_STDERR]))
792 in->_stderr.fd.fd = -1;
794 instance_fill_any(&in->data, tb[INSTANCE_ATTR_DATA]);
796 if (!instance_fill_array(&in->env, tb[INSTANCE_ATTR_ENV], NULL, false))
799 if (!instance_fill_array(&in->netdev, tb[INSTANCE_ATTR_NETDEV], instance_netdev_update, true))
802 if (!instance_fill_array(&in->file, tb[INSTANCE_ATTR_FILE], instance_file_update, true))
805 if (!instance_fill_array(&in->limits, tb[INSTANCE_ATTR_LIMITS], NULL, false))
808 if (!instance_fill_array(&in->errors, tb[INSTANCE_ATTR_ERROR], NULL, true))
815 instance_config_cleanup(struct service_instance *in)
817 blobmsg_list_free(&in->env);
818 blobmsg_list_free(&in->data);
819 blobmsg_list_free(&in->netdev);
820 blobmsg_list_free(&in->file);
821 blobmsg_list_free(&in->limits);
822 blobmsg_list_free(&in->errors);
823 blobmsg_list_free(&in->jail.mount);
827 instance_config_move(struct service_instance *in, struct service_instance *in_src)
829 instance_config_cleanup(in);
830 blobmsg_list_move(&in->env, &in_src->env);
831 blobmsg_list_move(&in->data, &in_src->data);
832 blobmsg_list_move(&in->netdev, &in_src->netdev);
833 blobmsg_list_move(&in->file, &in_src->file);
834 blobmsg_list_move(&in->limits, &in_src->limits);
835 blobmsg_list_move(&in->errors, &in_src->errors);
836 blobmsg_list_move(&in->jail.mount, &in_src->jail.mount);
837 in->trigger = in_src->trigger;
838 in->command = in_src->command;
839 in->name = in_src->name;
840 in->node.avl.key = in_src->node.avl.key;
843 in->config = in_src->config;
844 in_src->config = NULL;
848 instance_update(struct service_instance *in, struct service_instance *in_new)
850 bool changed = instance_config_changed(in, in_new);
851 bool running = in->proc.pending;
853 if (!changed && running)
858 instance_config_move(in, in_new);
861 instance_restart(in);
862 instance_config_move(in, in_new);
863 /* restart happens in the child callback handler */
869 instance_free(struct service_instance *in)
871 instance_free_stdio(in);
872 uloop_process_delete(&in->proc);
873 uloop_timeout_cancel(&in->timeout);
876 instance_config_cleanup(in);
882 instance_init(struct service_instance *in, struct service *s, struct blob_attr *config)
884 config = blob_memdup(config);
886 in->name = blobmsg_name(config);
888 in->timeout.cb = instance_timeout;
889 in->proc.cb = instance_exit;
891 in->_stdout.fd.fd = -2;
892 in->_stdout.stream.string_data = true;
893 in->_stdout.stream.notify_read = instance_stdout;
895 in->_stderr.fd.fd = -2;
896 in->_stderr.stream.string_data = true;
897 in->_stderr.stream.notify_read = instance_stderr;
899 blobmsg_list_init(&in->netdev, struct instance_netdev, node, instance_netdev_cmp);
900 blobmsg_list_init(&in->file, struct instance_file, node, instance_file_cmp);
901 blobmsg_list_simple_init(&in->env);
902 blobmsg_list_simple_init(&in->data);
903 blobmsg_list_simple_init(&in->limits);
904 blobmsg_list_simple_init(&in->errors);
905 blobmsg_list_simple_init(&in->jail.mount);
906 in->valid = instance_config_parse(in);
909 void instance_dump(struct blob_buf *b, struct service_instance *in, int verbose)
916 i = blobmsg_open_table(b, in->name);
917 blobmsg_add_u8(b, "running", in->proc.pending);
918 if (in->proc.pending)
919 blobmsg_add_u32(b, "pid", in->proc.pid);
920 blobmsg_add_blob(b, in->command);
922 if (!avl_is_empty(&in->errors.avl)) {
923 struct blobmsg_list_node *var;
924 void *e = blobmsg_open_array(b, "errors");
925 blobmsg_list_for_each(&in->errors, var)
926 blobmsg_add_string(b, NULL, blobmsg_data(var->data));
927 blobmsg_close_table(b, e);
930 if (!avl_is_empty(&in->env.avl)) {
931 struct blobmsg_list_node *var;
932 void *e = blobmsg_open_table(b, "env");
933 blobmsg_list_for_each(&in->env, var)
934 blobmsg_add_string(b, blobmsg_name(var->data), blobmsg_data(var->data));
935 blobmsg_close_table(b, e);
938 if (!avl_is_empty(&in->data.avl)) {
939 struct blobmsg_list_node *var;
940 void *e = blobmsg_open_table(b, "data");
941 blobmsg_list_for_each(&in->data, var)
942 blobmsg_add_blob(b, var->data);
943 blobmsg_close_table(b, e);
946 if (!avl_is_empty(&in->limits.avl)) {
947 struct blobmsg_list_node *var;
948 void *e = blobmsg_open_table(b, "limits");
949 blobmsg_list_for_each(&in->limits, var)
950 blobmsg_add_string(b, blobmsg_name(var->data), blobmsg_data(var->data));
951 blobmsg_close_table(b, e);
955 void *r = blobmsg_open_table(b, "respawn");
956 blobmsg_add_u32(b, "threshold", in->respawn_threshold);
957 blobmsg_add_u32(b, "timeout", in->respawn_timeout);
958 blobmsg_add_u32(b, "retry", in->respawn_retry);
959 blobmsg_close_table(b, r);
963 blobmsg_add_u8(b, "trace", true);
965 if (in->no_new_privs)
966 blobmsg_add_u8(b, "no_new_privs", true);
969 blobmsg_add_string(b, "seccomp", in->seccomp);
972 void *r = blobmsg_open_table(b, "jail");
974 blobmsg_add_string(b, "name", in->jail.name);
975 if (in->jail.hostname)
976 blobmsg_add_string(b, "hostname", in->jail.hostname);
977 blobmsg_add_u8(b, "procfs", in->jail.procfs);
978 blobmsg_add_u8(b, "sysfs", in->jail.sysfs);
979 blobmsg_add_u8(b, "ubus", in->jail.ubus);
980 blobmsg_add_u8(b, "log", in->jail.log);
981 blobmsg_add_u8(b, "ronly", in->jail.ronly);
982 blobmsg_close_table(b, r);
983 if (!avl_is_empty(&in->jail.mount.avl)) {
984 struct blobmsg_list_node *var;
985 void *e = blobmsg_open_table(b, "mount");
986 blobmsg_list_for_each(&in->jail.mount, var)
987 blobmsg_add_string(b, blobmsg_name(var->data), blobmsg_data(var->data));
988 blobmsg_close_table(b, e);
992 if (verbose && in->trigger)
993 blobmsg_add_blob(b, in->trigger);
995 blobmsg_close_table(b, i);
projects / project / procd.git / blob