| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If docker-ce handles the firewall and fw3 is not envolved because the
rules get not proceed, then not only docker0 should be handled but also
other interfaces and therefore other docker networks.
This commit extends the handling and introduces a new uci option
`device` in the docker config firewall section. This can be used to specify
which device is allowed to access the container. Up to now only docker0
is covert.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
As the protocol is set to none, this makes no sense here, as it cannot
be controlled and thus processed by the netifd.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Set proto from `static` to `none`. This makes it clear that this
interface is not handled by the netifd.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Openwrt has a own firewall service called fw3, that supports firewall zones.
Docker can bypass the handling of the zone rules in openwrt via custom
tables. These are "always" processed before the openwrt firewall.
Which is prone to errors!
Since not everyone is aware that the firewall of openwrt will
not be passed. And this is a security problem because a mapped port is
visible on all interfaces and so also on the WAN side.
If the firewall handling in docker is switched off, then the port in
fw3 must be explicitly released and it cannot happen that the
port is accidentally exported to the outside world via the interfaces on
the WAN zone.
So all rules for the containers should and so must be made in fw3.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Up to now only the docker0 interface and bridge is created by default.
In order to create other interfaces and to integrate them into the
openwrt these functions can now be called with arguments.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |\ \ \ \
| | | | |
| | | | | |
hwinfo: update to version 21.71
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
update to upstream version 21.71
Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Now that runc builds according to available kernel features and there
is no longer a sub-menu to select them manually, also drop the MENU:=1
statement from the package Makefile.
Fixes: 3a06ce559 ("runc: Updated to v1.0.0-rc92 for dockerd")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Remove garbage files introduced with 3a06ce5595
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* adds the canon_lide70 backend
* avision: adds support for the KODAK i1120, fixes thread cancellation issues,
disables exposure option for non-filmscanners
* canon_dr: improves error reporting
* dmc: fixes compiler warnings on the scan area options
* epsonds: rewrites the network I/O following changes made to the
* epson2 backend in 1.0.30 to fix security issues. Network support is still
unsupported.
* fujitsu: adds support for the fi-800R and a card scanning slot, fixes a bug
when reading hardware sensors on the first invocation. Adds USB IDs for
fi-7800 and fi-7900.
* genesys: adds support for the Canon 5600F, Canon LiDE 90, Plustek OpticFilm
7200 and 7200 (v2), 7400, 7600i, 8100 and 8200i. Fixes several issues with the
Canon 8600F. Adds 4800dpi support for the Canon LiDE 210 and fixes 3200dpi
flatbed support on the Canon 8400F. Adds an option to fill dark calibration
with a constant. Adds transparency support for gl847 chipset based devices.
Fixes CIS scanner support for gl842 chipset based devices. Removes lineart and
image enhancement emulation support.
* gphoto: supports the PLANon DocuPen RC800 (with a recent enough version of
gphoto2)
* gt68xx: modifies scan cancellation behaviour
* hp5400: adds button support, fixes a scan cancellation crash issue
* pixma: add supports for the i-SENSYS MF440 Series and untested support for the
PIXMMA G7000 Series and GM4000 Series as well as the i-SENSYS MF720 Series.
* plustek: fixes a potential buffer overrun
* test: adds gamma options
Patches:
- ADD: 102-pixma_Restore_old_behaviour_in_case_XML_support_is_missing.patch:
pixma was failing to detect libxml2, even when it exists
(https://gitlab.com/sane-project/backends/-/issues/345)
- DROP: 100-fix-bigendian.patch: fix in release
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* keep /etc/containers accross sysupgrade
* make 'runc' the default run-time for now
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
SELinux and Seccomp are now enabled via the kernel options themselves
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
It's nice to have seccomp support which is enabled in OpenWrt on
supported platforms on targets which are not marked as SMALL_FLASH.
(and it's kinda obvious that you wouldn't want to install runc on a
SMALL_FLASH target to begin with)
So let's enable seccomp by default.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Better a separate package than enabling it via busybox.
Special thanks to @neheb for the Makefile patches.
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Installing the 'xz' package currently leads to file collisions:
Collected errors:
* check_data_file_clashes: Package xz wants to install file /usr/bin/unxz
But that file is already provided by package * busybox
* check_data_file_clashes: Package xz wants to install file /usr/bin/xz
But that file is already provided by package * busybox
* opkg_install_cmd: Cannot install package debootstrap.
Fix that by switching to use ALTERNATIVES for all multicall commands
instead of copying the symlinks into the package.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |\ \ \ \
| | | | |
| | | | | |
domoticz: fix compilation with python 3.9
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Added Fedora patch to fix compilation.
Added python3 dependency as it seems it's needed now.
Replaced custom boost 1.73 patch with upstream one. Removed CFLAG that
was supposed to fix this but didn't do anything.
Removed nls.mk. telldus-core was fixed to not require iconv.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
lxc: update to 4.0.5
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Refreshed patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
dirmngr is needed to download keys from keyservers.
That being a useful thing, let's package dirmngr.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Renamed j* tools to their new versions.
Remove upstreamed patches.
Add missing time.h header.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| | |_|/
|/| |
| | |
| | |
| | |
| | |
| | | |
Ship podman with defaults more coherent with user expectations and
more likely to work out-of-the-box.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| | |/
|/|
| |
| |
| |
| | |
Update to the latest version from 10.4 series
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
|
| | |
| |
| |
| | |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |\ \
| | |
| | | |
docker-ce: Added blocked_interfaces config option
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* blocked_interfaces blocks all packets to docker0 from the given
interface. This is needed because all the iptables commands dockerd
adds operate before any of the fw3 generated rules.
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Changed iptables commands to use long options
* Added `uci_quiet` in missed instances
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
podman fails to compile due to MIPS16 instructions somehow.
Disable use of MIPS16.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
cni-plugins fail to compile due to MIPS16 instructions somehow. Don't
use them.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Compiling cni failes due to MIPS16 somehow. Disable it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |\ \ \
| | | |
| | | | |
procps-ng: update alternatives
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
align with busybox sysctl
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
procps-ng-w was installed to /bin, which should be an accident.
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
docker-compose: move to Utilities in menuconfig
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
it makes no sense to show docker-compose sit in Languages -> Python
submenu in menuconfig, it is a tool and not a library.
Move it to Utilities section like docker-ce also is.
Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
|
| | |_|/ /
|/| | |
| | | |
| | | | |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |\ \ \ \
| | | | |
| | | | | |
yq: add new package
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Tianling Shen <cnsztl@project-openwrt.eu.org>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
prometheus-node-exporter-lua: fix hostapd exporter
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Fix "hostapd_ubus_stations.lua". The bit-lib that is imported and the
one specified as the dependency do not match. Use luabitop.
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| | |/ / / /
|/| | | |
| | | | |
| | | | | |
Fix the symbolic link name to /etc/rc.d/S01cgroupfs-mount.
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Thanks to @aparcar for help with porting this.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|