From: Daniel Golle <daniel@makrotopia.org>
Date: Tue, 17 Nov 2020 13:11:16 +0000 (+0000)
Subject: umdns: convert seccomp filter rules to OCI format
X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=01b83040d3a9f6f30199c2fe8f0ceb1bc05e76cf;p=openwrt%2Fstaging%2Fnbd.git

umdns: convert seccomp filter rules to OCI format

procd-seccomp switched to OCI-compliant seccomp parser instead of our
(legacy, OpenWrt-specific) format. Convert ruleset to new format.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
---

diff --git a/package/network/services/umdns/Makefile b/package/network/services/umdns/Makefile
index f02177dca2..d8cd9ae749 100644
--- a/package/network/services/umdns/Makefile
+++ b/package/network/services/umdns/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=umdns
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/mdnsd.git
 PKG_SOURCE_PROTO:=git
diff --git a/package/network/services/umdns/files/umdns.json b/package/network/services/umdns/files/umdns.json
index c22ba6f5fb..db62f5f36d 100644
--- a/package/network/services/umdns/files/umdns.json
+++ b/package/network/services/umdns/files/umdns.json
@@ -1,32 +1,43 @@
 {
-	"whitelist": [
-		"read",
-		"write",
-		"open",
-		"close",
-		"time",
-		"brk",
-		"ioctl",
-		"uname",
-		"bind",
-		"connect",
-		"getsockname",
-		"recvmsg",
-		"sendmsg",
-		"sendto",
-		"setsockopt",
-		"socket",
-		"poll",
-		"fcntl64",
-		"epoll_create",
-		"epoll_ctl",
-		"epoll_wait",
-		"rt_sigaction",
-		"sigreturn",
-		"rt_sigreturn",
-		"exit_group",
-		"exit",
-		"clock_gettime"
-	],
-	"policy": 1
+	"defaultAction": "SCMP_ACT_KILL_PROCESS",
+	"syscalls": [
+		{
+			"names": [
+				"read",
+				"write",
+				"open",
+				"close",
+				"time",
+				"brk",
+				"ioctl",
+				"uname",
+				"bind",
+				"connect",
+				"getsockname",
+				"recvmsg",
+				"recvfrom",
+				"sendmsg",
+				"sendto",
+				"setsockopt",
+				"socket",
+				"pipe",
+				"poll",
+				"fcntl64",
+				"epoll_create",
+				"epoll_create1",
+				"epoll_ctl",
+				"epoll_wait",
+				"epoll_pwait",
+				"rt_sigaction",
+				"sigreturn",
+				"rt_sigreturn",
+				"rt_sigprocmask",
+				"exit_group",
+				"exit",
+				"fcntl",
+				"clock_gettime"
+			],
+			"action": "SCMP_ACT_ALLOW"
+		}
+	]
 }