# procd_set_param(type, [value...])
# Available types:
# command: command line (array).
-# respawn info: array with 3 values $restart_timeout $fail_hreshold $max_fail
+# respawn info: array with 3 values $fail_threshold $restart_timeout $max_fail
# env: environment variable (passed to the process)
# data: arbitrary name/value pairs for detecting config changes (table)
# file: configuration files (array)
# netdev: bound network device (detects ifindex changes)
# limits: resource limits (passed to the process)
+# user info: array with 1 values $username
#
# No space separation is done for arrays/tables - use one function argument per command line argument
#
while [ -n "$1" ]; do
local var="${1%%=*}"
local val="${1#*=}"
- [[ "$1" == "$val" ]] && val=
+ [ "$1" = "$val" ] && val=
json_add_string "$var" "$val"
shift
done
_PROCD_INSTANCE_SEQ="$(($_PROCD_INSTANCE_SEQ + 1))"
name="${name:-instance$_PROCD_INSTANCE_SEQ}"
json_add_object "$name"
+ [ -n "$TRACE_SYSCALLS" ] && json_add_boolean trace "1"
}
_procd_open_trigger() {
json_add_array "validate"
}
+_procd_add_jail() {
+ json_add_object "jail"
+ json_add_string name "$1"
+
+ shift
+
+ for a in $@; do
+ case $a in
+ log) json_add_boolean "log" "1";;
+ ubus) json_add_boolean "ubus" "1";;
+ procfs) json_add_boolean "procfs" "1";;
+ sysfs) json_add_boolean "sysfs" "1";;
+ ronly) json_add_boolean "ronly" "1";;
+ esac
+ done
+ json_add_object "mount"
+ json_close_object
+ json_close_object
+}
+
+_procd_add_jail_mount() {
+ local _json_no_warning=1
+
+ json_select "jail"
+ [ $? = 0 ] || return
+ json_select "mount"
+ [ $? = 0 ] || {
+ json_select ..
+ return
+ }
+ for a in $@; do
+ json_add_string "$a" "0"
+ done
+ json_select ..
+ json_select ..
+}
+
+_procd_add_jail_mount_rw() {
+ local _json_no_warning=1
+
+ json_select "jail"
+ [ $? = 0 ] || return
+ json_select "mount"
+ [ $? = 0 ] || {
+ json_select ..
+ return
+ }
+ for a in $@; do
+ json_add_string "$a" "1"
+ done
+ json_select ..
+ json_select ..
+}
+
_procd_set_param() {
local type="$1"; shift
nice)
json_add_int "$type" "$1"
;;
+ user|seccomp|capabilities)
+ json_add_string "$type" "$1"
+ ;;
+ stdout|stderr|no_new_privs)
+ json_add_boolean "$type" "$1"
+ ;;
esac
}
json_close_array
json_close_array
-
json_close_array
}
procd_add_interface_trigger \
procd_add_reload_trigger \
procd_add_reload_interface_trigger \
- procd_add_interface_reload \
procd_open_trigger \
procd_close_trigger \
procd_open_instance \
procd_close_instance \
procd_open_validate \
procd_close_validate \
+ procd_add_jail \
+ procd_add_jail_mount \
+ procd_add_jail_mount_rw \
procd_set_param \
procd_append_param \
procd_add_validation \