enum {
JAIL_ATTR_NAME,
- JAIL_ATTR_ROOT,
JAIL_ATTR_PROCFS,
JAIL_ATTR_SYSFS,
JAIL_ATTR_UBUS,
JAIL_ATTR_LOG,
+ JAIL_ATTR_RONLY,
JAIL_ATTR_MOUNT,
__JAIL_ATTR_MAX,
};
static const struct blobmsg_policy jail_attr[__JAIL_ATTR_MAX] = {
[JAIL_ATTR_NAME] = { "name", BLOBMSG_TYPE_STRING },
- [JAIL_ATTR_ROOT] = { "root", BLOBMSG_TYPE_STRING },
[JAIL_ATTR_PROCFS] = { "procfs", BLOBMSG_TYPE_BOOL },
[JAIL_ATTR_SYSFS] = { "sysfs", BLOBMSG_TYPE_BOOL },
[JAIL_ATTR_UBUS] = { "ubus", BLOBMSG_TYPE_BOOL },
[JAIL_ATTR_LOG] = { "log", BLOBMSG_TYPE_BOOL },
+ [JAIL_ATTR_RONLY] = { "ronly", BLOBMSG_TYPE_BOOL },
[JAIL_ATTR_MOUNT] = { "mount", BLOBMSG_TYPE_TABLE },
};
argv[argc++] = jail->name;
}
- if (jail->root) {
- argv[argc++] = "-P";
- argv[argc++] = jail->root;
- }
-
if (in->seccomp) {
argv[argc++] = "-S";
argv[argc++] = in->seccomp;
if (jail->log)
argv[argc++] = "-l";
+ if (jail->ronly)
+ argv[argc++] = "-o";
+
blobmsg_list_for_each(&jail->mount, var) {
const char *type = blobmsg_data(var->data);
jail->name = blobmsg_get_string(tb[JAIL_ATTR_NAME]);
jail->argc += 2;
}
- if (tb[JAIL_ATTR_ROOT]) {
- jail->root = blobmsg_get_string(tb[JAIL_ATTR_ROOT]);
- jail->argc += 2;
- }
if (tb[JAIL_ATTR_PROCFS]) {
jail->procfs = blobmsg_get_bool(tb[JAIL_ATTR_PROCFS]);
jail->argc++;
jail->log = blobmsg_get_bool(tb[JAIL_ATTR_LOG]);
jail->argc++;
}
+ if (tb[JAIL_ATTR_RONLY]) {
+ jail->ronly = blobmsg_get_bool(tb[JAIL_ATTR_RONLY]);
+ jail->argc++;
+ }
if (tb[JAIL_ATTR_MOUNT]) {
struct blob_attr *cur;
int rem;
void *r = blobmsg_open_table(b, "jail");
if (in->jail.name)
blobmsg_add_string(b, "name", in->jail.name);
- if (in->jail.root)
- blobmsg_add_string(b, "root", in->jail.root);
blobmsg_add_u8(b, "procfs", in->jail.procfs);
blobmsg_add_u8(b, "sysfs", in->jail.sysfs);
blobmsg_add_u8(b, "ubus", in->jail.ubus);
blobmsg_add_u8(b, "log", in->jail.log);
+ blobmsg_add_u8(b, "ronly", in->jail.ronly);
blobmsg_close_table(b, r);
if (!avl_is_empty(&in->jail.mount.avl)) {
struct blobmsg_list_node *var;
projects / project / procd.git / blobdiff