umdns: convert seccomp filter rules to OCI format

procd-seccomp switched to OCI-compliant seccomp parser instead of our (legacy, OpenWrt-specific) format. Convert ruleset to new format. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-17 13:11:16 +00:00 · 2020-11-17 13:11:16 +00:00 · 01b83040d3
parent 62a3430f9b
commit 01b83040d3
2 changed files with 42 additions and 31 deletions
--- a/package/network/services/umdns/Makefile
+++ b/package/network/services/umdns/Makefile
@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=umdns
-PKG_RELEASE:=1
+PKG_RELEASE:=2

 PKG_SOURCE_URL=$(PROJECT_GIT)/project/mdnsd.git
 PKG_SOURCE_PROTO:=git
--- a/package/network/services/umdns/files/umdns.json
+++ b/package/network/services/umdns/files/umdns.json
@ -1,32 +1,43 @@
 {
-	"whitelist": [
-		"read",
-		"write",
-		"open",
-		"close",
-		"time",
-		"brk",
-		"ioctl",
-		"uname",
-		"bind",
-		"connect",
-		"getsockname",
-		"recvmsg",
-		"sendmsg",
-		"sendto",
-		"setsockopt",
-		"socket",
-		"poll",
-		"fcntl64",
-		"epoll_create",
-		"epoll_ctl",
-		"epoll_wait",
-		"rt_sigaction",
-		"sigreturn",
-		"rt_sigreturn",
-		"exit_group",
-		"exit",
-		"clock_gettime"
-	],
-	"policy": 1
+	"defaultAction": "SCMP_ACT_KILL_PROCESS",
+	"syscalls": [
+		{
+			"names": [
+				"read",
+				"write",
+				"open",
+				"close",
+				"time",
+				"brk",
+				"ioctl",
+				"uname",
+				"bind",
+				"connect",
+				"getsockname",
+				"recvmsg",
+				"recvfrom",
+				"sendmsg",
+				"sendto",
+				"setsockopt",
+				"socket",
+				"pipe",
+				"poll",
+				"fcntl64",
+				"epoll_create",
+				"epoll_create1",
+				"epoll_ctl",
+				"epoll_wait",
+				"epoll_pwait",
+				"rt_sigaction",
+				"sigreturn",
+				"rt_sigreturn",
+				"rt_sigprocmask",
+				"exit_group",
+				"exit",
+				"fcntl",
+				"clock_gettime"
+			],
+			"action": "SCMP_ACT_ALLOW"
+		}
+	]
 }