From a8df73ce7277134c5bd318b3e63cc14e2c70e9a7 Mon Sep 17 00:00:00 2001 From: "S. Brusch" Date: Sat, 21 Oct 2023 19:22:13 +0200 Subject: [PATCH] crowdsec-firewall-bouncer: add ujail MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * added ujail for crowdsec-firewall-bouncer * set nice to reduce priority for process Signed-off-by: S. Brusch Maintainer: Kerma GĂ©rald Run tested: mediatek/filogic, BPI-R3, Openwrt 23.05.0 --- net/crowdsec-firewall-bouncer/Makefile | 2 +- .../files/crowdsec-firewall-bouncer.initd | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/net/crowdsec-firewall-bouncer/Makefile b/net/crowdsec-firewall-bouncer/Makefile index ee8c732233..3f1464099b 100644 --- a/net/crowdsec-firewall-bouncer/Makefile +++ b/net/crowdsec-firewall-bouncer/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=crowdsec-firewall-bouncer PKG_VERSION:=0.0.28 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/crowdsecurity/cs-firewall-bouncer/tar.gz/v$(PKG_VERSION)? diff --git a/net/crowdsec-firewall-bouncer/files/crowdsec-firewall-bouncer.initd b/net/crowdsec-firewall-bouncer/files/crowdsec-firewall-bouncer.initd index 04acd16173..eb5b79b7b0 100755 --- a/net/crowdsec-firewall-bouncer/files/crowdsec-firewall-bouncer.initd +++ b/net/crowdsec-firewall-bouncer/files/crowdsec-firewall-bouncer.initd @@ -210,6 +210,13 @@ run_bouncer() { procd_set_param command "$PROG" -c "$VARCONFIG" procd_set_param stdout 1 procd_set_param stderr 1 + procd_set_param nice 10 + if [ -x "/sbin/ujail" ]; then + procd_add_jail cs-bouncer log + procd_add_jail_mount $VARCONFIG + procd_add_jail_mount_rw /var/log/ + procd_set_param no_new_privs 1 + fi procd_close_instance fi }