cubixle/packages
1
0
Fork 0
mirror of https://github.com/novatiq/packages.git synced 2026-04-30 07:28:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

transmission: add seccomp filter and improve jail

Browse Source 
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This commit is contained in:
Daniel Golle
2020-01-03 21:37:53 +02:00
parent 2628584ffd
commit 609109fa97
3 changed files with 101 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
net/transmission/files/transmission.init
+24 -1
View File
@@ -48,7 +48,7 @@ transmission() {
local user
local group
local config_overwrite
local download_dir config_dir
local download_dir config_dir incomplete_dir incomplete_dir_enabled
local mem_percentage
local nice
local web_home
@@ -59,6 +59,8 @@ transmission() {
config_get user "$cfg" 'user'
config_get group "$cfg" 'group'
config_get download_dir "$cfg" 'download_dir' '/var/etc/transmission'
config_get incomplete_dir "$cfg" 'incomplete_dir' '/var/etc/transmission'
config_get incomplete_dir_enabled "$cfg" 'incomplete_dir_enabled' 0
config_get mem_percentage "$cfg" 'mem_percentage' '50'
config_get config_overwrite "$cfg" config_overwrite 1
config_get nice "$cfg" nice 0
@@ -71,11 +73,27 @@ transmission() {
USE=$((MEM * mem_percentage * 10))
fi
[ -d "$download_dir" ] || {
mkdir -p "$download_dir"
chmod 0755 "$download_dir"
[ -z "$user" ] || chown -R "$user:$group" "$download_dir"
}
[ "$incomplete_dir_enabled" = "0" ] || [ -d "$incomplete_dir" ] || {
mkdir -p "$incomplete_dir"
chmod 0755 "$incomplete_dir"
[ -z "$user" ] || chown -R "$user:$group" "$incomplete_dir"
}
config_file="$config_dir/settings.json"
[ -d "$config_dir" ] || {
mkdir -p "$config_dir"
chmod 0755 "$config_dir"
touch "$config_file"
mkdir -p "$config_dir/resume"
mkdir -p "$config_dir/torrents"
mkdir -p "$config_dir/blocklists"
[ -e "$config_dir/stats.json" ] || touch "$config_dir/stats.json"
[ -z "$user" ] || chown -R "$user:$group" "$config_dir"
}
@@ -120,6 +138,7 @@ transmission() {
procd_set_param nice "$nice"
procd_set_param stderr 1
procd_set_param respawn
procd_set_param seccomp "/etc/seccomp/transmission-daemon.json"
if [ -z "$USE" ]; then
procd_set_param limits core="0 0"
@@ -134,6 +153,10 @@ transmission() {
procd_add_jail transmission log
procd_add_jail_mount "$config_file"
procd_add_jail_mount_rw "$config_dir/resume"
procd_add_jail_mount_rw "$config_dir/torrents"
procd_add_jail_mount rw "$config_dir/blocklists"
procd_add_jail_mount_rw "$config_dir/stats.json"
procd_add_jail_mount_rw "$download_dir"
procd_close_instance
}