boinc: run the executable in ujail

author Marc Benoit <redacted>

Mon, 5 Sep 2022 12:31:29 +0000 (08:31 -0400)

committer Rosen Penev <redacted>

Fri, 21 Oct 2022 22:06:33 +0000 (15:06 -0700)
author Marc Benoit <redacted>
Mon, 5 Sep 2022 12:31:29 +0000 (08:31 -0400)
committer Rosen Penev <redacted>
Fri, 21 Oct 2022 22:06:33 +0000 (15:06 -0700)
diff --git a/net/boinc/files/boinc-client.init b/net/boinc/files/boinc-client.init

index 89892da3bcebd59a49935b2dc4a88f1481ba4e90..50252d0f38d0bfc49b321c3f8ec05a2370b6446c 100755 (executable)
--- a/net/boinc/files/boinc-client.init
+++ b/net/boinc/files/boinc-client.init
@@ -4,7 +4,7 @@ START=99
  USE_PROCD=1
  
  BOINCEXE_NAME=boinc_client
-BOINCDIR=/opt/boinc/
+BOINCDIR=/opt/boinc
  PRESETDIR=/usr/share/boinc
  BOINCUSR=boinc
  BOINCEXE_OPTS="--check_all_logins --redirectio --dir $BOINCDIR"
@@ -41,7 +41,7 @@ start_service() {
     # now use procd to start boinc
     procd_open_instance $BOINCEXE_NAME
  
-   procd_set_param command $BOINCEXE_NAME
+   procd_set_param command $(which $BOINCEXE_NAME)
     procd_append_param command $BOINCEXE_OPTS
     procd_set_param user $BOINCUSR
     procd_set_param limits core="unlimited"
@@ -49,5 +49,12 @@ start_service() {
     procd_set_param stderr 1
     procd_set_param pidfile $PID_FILE
  
+   procd_add_jail $BOINCEXE_NAME log requirejail
+   procd_add_jail_mount /etc/TZ
+   procd_add_jail_mount /proc/cpuinfo /proc/meminfo
+   procd_add_jail_mount /etc/ssl/certs/ca-certificates.crt
+   procd_add_jail_mount $PRESETDIR
+   procd_add_jail_mount_rw $BOINCDIR
+
     procd_close_instance
  }
author	Marc Benoit <redacted>
	Mon, 5 Sep 2022 12:31:29 +0000 (08:31 -0400)
committer	Rosen Penev <redacted>
	Fri, 21 Oct 2022 22:06:33 +0000 (15:06 -0700)