From 201ef91c321b21eb7369bff1f3be0fa804c6df08 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sat, 14 Feb 2015 13:40:29 +0100 Subject: [PATCH] ocserv: added option to use seccomp Signed-off-by: Nikos Mavrogiannopoulos --- net/ocserv/Config.in | 4 ++++ net/ocserv/Makefile | 7 ++++++- net/ocserv/files/ocserv.conf.template | 2 ++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/net/ocserv/Config.in b/net/ocserv/Config.in index 81075fd81..88c5f5091 100644 --- a/net/ocserv/Config.in +++ b/net/ocserv/Config.in @@ -7,6 +7,10 @@ config OCSERV_PAM bool "enable PAM" default n +config OCSERV_SECCOMP + bool "enable seccomp" + default n + config OCSERV_PROTOBUF bool "use external libprotobuf" default y diff --git a/net/ocserv/Makefile b/net/ocserv/Makefile index 3ddc5be7d..6c23672ab 100644 --- a/net/ocserv/Makefile +++ b/net/ocserv/Makefile @@ -22,6 +22,7 @@ PKG_FIXUP:=autoreconf PKG_CONFIG_DEPENDS:= \ CONFIG_OCSERV_PAM \ + CONFIG_OCSERV_SECCOMP \ CONFIG_OCSERV_PROTOBUF \ include $(INCLUDE_DIR)/package.mk @@ -37,7 +38,7 @@ define Package/ocserv TITLE:=OpenConnect VPN server URL:=http://www.infradead.org/ocserv/ MAINTAINER:=Nikos Mavrogiannopoulos - DEPENDS:= +OCSERV_HTTP_PARSER:libhttp-parser +libgnutls +certtool +libncurses +libreadline +OCSERV_PAM:libpam +OCSERV_PROTOBUF:libprotobuf-c +kmod-tun + DEPENDS:= +OCSERV_HTTP_PARSER:libhttp-parser +OCSERV_SECCOMP:libseccomp +libgnutls +certtool +libncurses +libreadline +OCSERV_PAM:libpam +OCSERV_PROTOBUF:libprotobuf-c +kmod-tun USERID:=ocserv=72:ocserv=72 endef @@ -62,6 +63,10 @@ ifneq ($(CONFIG_OCSERV_PAM),y) CONFIGURE_ARGS += --without-pam endif +ifneq ($(CONFIG_OCSERV_SECCOMP),y) +CONFIGURE_ARGS += --disable-seccomp +endif + ifneq ($(CONFIG_OCSERV_PROTOBUF),y) CONFIGURE_ARGS += --without-protobuf endif diff --git a/net/ocserv/files/ocserv.conf.template b/net/ocserv/files/ocserv.conf.template index 8307bf650..1694fd782 100644 --- a/net/ocserv/files/ocserv.conf.template +++ b/net/ocserv/files/ocserv.conf.template @@ -18,6 +18,8 @@ auth = "|AUTH|" # A banner to be displayed on clients banner = "Welcome to OpenWRT" +isolate-workers = true + # When the server has a dynamic DNS address (that may change), # should set that to true to ask the client to resolve again on # reconnects.