Use 0xff as nsjail error code.
For ease of distinguishing errors coming from a program executed by nsjail and errors from nsjail, let me change nsjail error exit status code to 0xff instead of 1. I think most of programs use EXIT_FAILURE (i.e. 1) as a default error exit status code.
This commit is contained in:
parent
75853978ea
commit
1389da4c91
2
log.c
2
log.c
@ -130,7 +130,7 @@ void logLog(enum llevel_t ll, const char *fn, int ln, bool perr, const char *fmt
|
|||||||
/* End printing logs */
|
/* End printing logs */
|
||||||
|
|
||||||
if (ll == FATAL) {
|
if (ll == FATAL) {
|
||||||
exit(1);
|
exit(0xff);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
2
mount.c
2
mount.c
@ -376,7 +376,7 @@ bool mountInitNs(struct nsjconf_t * nsjconf)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (pid == 0) {
|
if (pid == 0) {
|
||||||
exit(mountInitNsInternal(nsjconf) ? 0 : 1);
|
exit(mountInitNsInternal(nsjconf) ? 0 : 0xff);
|
||||||
}
|
}
|
||||||
|
|
||||||
int status;
|
int status;
|
||||||
|
6
nsjail.c
6
nsjail.c
@ -170,7 +170,7 @@ int main(int argc, char *argv[])
|
|||||||
struct nsjconf_t nsjconf;
|
struct nsjconf_t nsjconf;
|
||||||
if (!cmdlineParse(argc, argv, &nsjconf)) {
|
if (!cmdlineParse(argc, argv, &nsjconf)) {
|
||||||
LOG_E("Couldn't parse cmdline options");
|
LOG_E("Couldn't parse cmdline options");
|
||||||
exit(1);
|
exit(0xff);
|
||||||
}
|
}
|
||||||
if (nsjconf.clone_newuser == false && geteuid() != 0) {
|
if (nsjconf.clone_newuser == false && geteuid() != 0) {
|
||||||
LOG_W("--disable_clone_newuser requires root() privs");
|
LOG_W("--disable_clone_newuser requires root() privs");
|
||||||
@ -180,10 +180,10 @@ int main(int argc, char *argv[])
|
|||||||
}
|
}
|
||||||
cmdlineLogParams(&nsjconf);
|
cmdlineLogParams(&nsjconf);
|
||||||
if (nsjailSetSigHandlers() == false) {
|
if (nsjailSetSigHandlers() == false) {
|
||||||
exit(1);
|
exit(0xff);
|
||||||
}
|
}
|
||||||
if (nsjailSetTimer(&nsjconf) == false) {
|
if (nsjailSetTimer(&nsjconf) == false) {
|
||||||
exit(1);
|
exit(0xff);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (nsjconf.mode == MODE_LISTEN_TCP) {
|
if (nsjconf.mode == MODE_LISTEN_TCP) {
|
||||||
|
20
subproc.c
20
subproc.c
@ -119,29 +119,29 @@ static const char *subprocCloneFlagsToStr(uintptr_t flags)
|
|||||||
static int subprocNewProc(struct nsjconf_t *nsjconf, int fd_in, int fd_out, int fd_err, int pipefd)
|
static int subprocNewProc(struct nsjconf_t *nsjconf, int fd_in, int fd_out, int fd_err, int pipefd)
|
||||||
{
|
{
|
||||||
if (containSetupFD(nsjconf, fd_in, fd_out, fd_err) == false) {
|
if (containSetupFD(nsjconf, fd_in, fd_out, fd_err) == false) {
|
||||||
exit(1);
|
exit(0xff);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pipefd == -1) {
|
if (pipefd == -1) {
|
||||||
if (userInitNsFromParent(nsjconf, getpid()) == false) {
|
if (userInitNsFromParent(nsjconf, getpid()) == false) {
|
||||||
LOG_E("Couldn't initialize net user namespace");
|
LOG_E("Couldn't initialize net user namespace");
|
||||||
exit(1);
|
exit(0xff);
|
||||||
}
|
}
|
||||||
if (cgroupInitNsFromParent(nsjconf, getpid()) == false) {
|
if (cgroupInitNsFromParent(nsjconf, getpid()) == false) {
|
||||||
LOG_E("Couldn't initialize net user namespace");
|
LOG_E("Couldn't initialize net user namespace");
|
||||||
exit(1);
|
exit(0xff);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
char doneChar;
|
char doneChar;
|
||||||
if (utilReadFromFd(pipefd, &doneChar, sizeof(doneChar)) != sizeof(doneChar)) {
|
if (utilReadFromFd(pipefd, &doneChar, sizeof(doneChar)) != sizeof(doneChar)) {
|
||||||
exit(1);
|
exit(0xff);
|
||||||
}
|
}
|
||||||
if (doneChar != subprocDoneChar) {
|
if (doneChar != subprocDoneChar) {
|
||||||
exit(1);
|
exit(0xff);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (containContain(nsjconf) == false) {
|
if (containContain(nsjconf) == false) {
|
||||||
exit(1);
|
exit(0xff);
|
||||||
}
|
}
|
||||||
if (nsjconf->keep_env == false) {
|
if (nsjconf->keep_env == false) {
|
||||||
clearenv();
|
clearenv();
|
||||||
@ -161,13 +161,13 @@ static int subprocNewProc(struct nsjconf_t *nsjconf, int fd_in, int fd_out, int
|
|||||||
|
|
||||||
/* Should be the last one in the sequence */
|
/* Should be the last one in the sequence */
|
||||||
if (sandboxApply(nsjconf) == false) {
|
if (sandboxApply(nsjconf) == false) {
|
||||||
exit(1);
|
exit(0xff);
|
||||||
}
|
}
|
||||||
execv(nsjconf->exec_file, &nsjconf->argv[0]);
|
execv(nsjconf->exec_file, &nsjconf->argv[0]);
|
||||||
|
|
||||||
PLOG_E("execve('%s') failed", nsjconf->exec_file);
|
PLOG_E("execve('%s') failed", nsjconf->exec_file);
|
||||||
|
|
||||||
_exit(1);
|
_exit(0xff);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void subprocAdd(struct nsjconf_t *nsjconf, pid_t pid, int sock)
|
static void subprocAdd(struct nsjconf_t *nsjconf, pid_t pid, int sock)
|
||||||
@ -359,7 +359,7 @@ static bool subprocInitParent(struct nsjconf_t *nsjconf, pid_t pid, int pipefd)
|
|||||||
}
|
}
|
||||||
if (cgroupInitNsFromParent(nsjconf, pid) == false) {
|
if (cgroupInitNsFromParent(nsjconf, pid) == false) {
|
||||||
LOG_E("Couldn't initialize cgroup user namespace");
|
LOG_E("Couldn't initialize cgroup user namespace");
|
||||||
exit(1);
|
exit(0xff);
|
||||||
}
|
}
|
||||||
if (userInitNsFromParent(nsjconf, pid) == false) {
|
if (userInitNsFromParent(nsjconf, pid) == false) {
|
||||||
LOG_E("Couldn't initialize user namespaces for pid %d", pid);
|
LOG_E("Couldn't initialize user namespaces for pid %d", pid);
|
||||||
@ -428,7 +428,7 @@ void subprocRunChild(struct nsjconf_t *nsjconf, int fd_in, int fd_out, int fd_er
|
|||||||
LOG_D("Entering namespace with flags:%s", subprocCloneFlagsToStr(flags));
|
LOG_D("Entering namespace with flags:%s", subprocCloneFlagsToStr(flags));
|
||||||
if (unshare(flags) == -1) {
|
if (unshare(flags) == -1) {
|
||||||
PLOG_E("unshare(%#lx)", flags);
|
PLOG_E("unshare(%#lx)", flags);
|
||||||
_exit(EXIT_FAILURE);
|
_exit(0xff);
|
||||||
}
|
}
|
||||||
subprocNewProc(nsjconf, fd_in, fd_out, fd_err, -1);
|
subprocNewProc(nsjconf, fd_in, fd_out, fd_err, -1);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user