From 15170f9d6c04dcdbf6f7bde0807ea7c20d2c7b57 Mon Sep 17 00:00:00 2001
From: Robert Swiecki <robert@swiecki.net>
Date: Fri, 9 Feb 2018 18:13:17 +0100
Subject: [PATCH] cgroup: move to C++

---
 Makefile              | 11 ++++++-----
 cgroup.c => cgroup.cc | 44 ++++++++++++++++++++++++-------------------
 cgroup.h              | 10 +++++++---
 contain.cc            |  4 ++--
 subproc.cc            |  8 ++++----
 user.cc               |  4 ++--
 6 files changed, 46 insertions(+), 35 deletions(-)
 rename cgroup.c => cgroup.cc (87%)

diff --git a/Makefile b/Makefile
index b77356b..eea405e 100644
--- a/Makefile
+++ b/Makefile
@@ -35,8 +35,8 @@ LDFLAGS += -pie -Wl,-z,noexecstack -lpthread $(shell pkg-config --libs protobuf)
 
 BIN = nsjail
 LIBS = kafel/libkafel.a
-SRCS_C = log.c cgroup.c mount.c user.c util.c
-SRCS_CXX = caps.cc cmdline.cc config.cc contain.cc cpu.cc net.cc nsjail.cc pid.cc sandbox.cc subproc.cc uts.cc
+SRCS_C = log.c mount.c util.c
+SRCS_CXX = caps.cc cgroup.cc cmdline.cc config.cc contain.cc cpu.cc net.cc nsjail.cc pid.cc sandbox.cc subproc.cc uts.cc user.cc
 SRCS_PROTO = config.proto
 SRCS_PB_CXX = $(SRCS_PROTO:.proto=.pb.cc)
 SRCS_PB_H = $(SRCS_PROTO:.proto=.pb.h)
@@ -98,21 +98,22 @@ indent:
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
 log.o: log.h nsjail.h
-cgroup.o: cgroup.h nsjail.h log.h util.h
 mount.o: mount.h nsjail.h common.h log.h subproc.h util.h
 util.o: util.h nsjail.h common.h log.h
 caps.o: caps.h nsjail.h common.h log.h util.h
+cgroup.o: cgroup.h nsjail.h log.h util.h
 cmdline.o: cmdline.h nsjail.h common.h log.h mount.h util.h caps.h config.h
 cmdline.o: sandbox.h user.h
 config.o: common.h config.h nsjail.h log.h mount.h util.h caps.h cmdline.h
 config.o: user.h
-contain.o: contain.h nsjail.h cgroup.h log.h mount.h caps.h cpu.h net.h pid.h
+contain.o: contain.h nsjail.h log.h mount.h caps.h cgroup.h cpu.h net.h pid.h
 contain.o: user.h uts.h
 cpu.o: cpu.h nsjail.h log.h util.h
 net.o: net.h nsjail.h log.h subproc.h
 nsjail.o: nsjail.h cmdline.h common.h log.h net.h subproc.h util.h
 pid.o: pid.h nsjail.h log.h subproc.h
 sandbox.o: sandbox.h nsjail.h kafel/include/kafel.h log.h
-subproc.o: subproc.h nsjail.h contain.h net.h sandbox.h user.h cgroup.h
+subproc.o: subproc.h nsjail.h cgroup.h contain.h net.h sandbox.h user.h
 subproc.o: common.h log.h util.h
 uts.o: uts.h nsjail.h log.h
+user.o: user.h nsjail.h common.h log.h util.h subproc.h
diff --git a/cgroup.c b/cgroup.cc
similarity index 87%
rename from cgroup.c
rename to cgroup.cc
index 8ffd25a..618b4cc 100644
--- a/cgroup.c
+++ b/cgroup.cc
@@ -30,10 +30,14 @@
 #include <sys/stat.h>
 #include <unistd.h>
 
+extern "C" {
 #include "log.h"
 #include "util.h"
+}
 
-static bool cgroupInitNsFromParentMem(struct nsjconf_t* nsjconf, pid_t pid) {
+namespace cgroup {
+
+static bool initNsFromParentMem(struct nsjconf_t* nsjconf, pid_t pid) {
 	if (nsjconf->cgroup_mem_max == (size_t)0) {
 		return true;
 	}
@@ -79,7 +83,7 @@ static bool cgroupInitNsFromParentMem(struct nsjconf_t* nsjconf, pid_t pid) {
 	return true;
 }
 
-static bool cgroupInitNsFromParentPids(struct nsjconf_t* nsjconf, pid_t pid) {
+static bool initNsFromParentPids(struct nsjconf_t* nsjconf, pid_t pid) {
 	if (nsjconf->cgroup_pids_max == 0U) {
 		return true;
 	}
@@ -115,7 +119,7 @@ static bool cgroupInitNsFromParentPids(struct nsjconf_t* nsjconf, pid_t pid) {
 	return true;
 }
 
-static bool cgroupInitNsFromParentNetCls(struct nsjconf_t* nsjconf, pid_t pid) {
+static bool initNsFromParentNetCls(struct nsjconf_t* nsjconf, pid_t pid) {
 	if (nsjconf->cgroup_net_cls_classid == 0U) {
 		return true;
 	}
@@ -153,7 +157,7 @@ static bool cgroupInitNsFromParentNetCls(struct nsjconf_t* nsjconf, pid_t pid) {
 	return true;
 }
 
-static bool cgroupInitNsFromParentCpu(struct nsjconf_t* nsjconf, pid_t pid) {
+static bool initNsFromParentCpu(struct nsjconf_t* nsjconf, pid_t pid) {
 	if (nsjconf->cgroup_cpu_ms_per_sec == 0U) {
 		return true;
 	}
@@ -200,23 +204,23 @@ static bool cgroupInitNsFromParentCpu(struct nsjconf_t* nsjconf, pid_t pid) {
 	return true;
 }
 
-bool cgroupInitNsFromParent(struct nsjconf_t* nsjconf, pid_t pid) {
-	if (!cgroupInitNsFromParentMem(nsjconf, pid)) {
+bool initNsFromParent(struct nsjconf_t* nsjconf, pid_t pid) {
+	if (!initNsFromParentMem(nsjconf, pid)) {
 		return false;
 	}
-	if (!cgroupInitNsFromParentPids(nsjconf, pid)) {
+	if (!initNsFromParentPids(nsjconf, pid)) {
 		return false;
 	}
-	if (!cgroupInitNsFromParentNetCls(nsjconf, pid)) {
+	if (!initNsFromParentNetCls(nsjconf, pid)) {
 		return false;
 	}
-	if (!cgroupInitNsFromParentCpu(nsjconf, pid)) {
+	if (!initNsFromParentCpu(nsjconf, pid)) {
 		return false;
 	}
 	return true;
 }
 
-void cgroupFinishFromParentMem(struct nsjconf_t* nsjconf, pid_t pid) {
+void finishFromParentMem(struct nsjconf_t* nsjconf, pid_t pid) {
 	if (nsjconf->cgroup_mem_max == (size_t)0) {
 		return;
 	}
@@ -230,7 +234,7 @@ void cgroupFinishFromParentMem(struct nsjconf_t* nsjconf, pid_t pid) {
 	return;
 }
 
-void cgroupFinishFromParentPids(struct nsjconf_t* nsjconf, pid_t pid) {
+void finishFromParentPids(struct nsjconf_t* nsjconf, pid_t pid) {
 	if (nsjconf->cgroup_pids_max == 0U) {
 		return;
 	}
@@ -244,7 +248,7 @@ void cgroupFinishFromParentPids(struct nsjconf_t* nsjconf, pid_t pid) {
 	return;
 }
 
-void cgroupFinishFromParentCpu(struct nsjconf_t* nsjconf, pid_t pid) {
+void finishFromParentCpu(struct nsjconf_t* nsjconf, pid_t pid) {
 	if (nsjconf->cgroup_cpu_ms_per_sec == 0U) {
 		return;
 	}
@@ -258,7 +262,7 @@ void cgroupFinishFromParentCpu(struct nsjconf_t* nsjconf, pid_t pid) {
 	return;
 }
 
-void cgroupFinishFromParentNetCls(struct nsjconf_t* nsjconf, pid_t pid) {
+void finishFromParentNetCls(struct nsjconf_t* nsjconf, pid_t pid) {
 	if (nsjconf->cgroup_net_cls_classid == 0U) {
 		return;
 	}
@@ -272,11 +276,13 @@ void cgroupFinishFromParentNetCls(struct nsjconf_t* nsjconf, pid_t pid) {
 	return;
 }
 
-void cgroupFinishFromParent(struct nsjconf_t* nsjconf, pid_t pid) {
-	cgroupFinishFromParentMem(nsjconf, pid);
-	cgroupFinishFromParentPids(nsjconf, pid);
-	cgroupFinishFromParentNetCls(nsjconf, pid);
-	cgroupFinishFromParentCpu(nsjconf, pid);
+void finishFromParent(struct nsjconf_t* nsjconf, pid_t pid) {
+	finishFromParentMem(nsjconf, pid);
+	finishFromParentPids(nsjconf, pid);
+	finishFromParentNetCls(nsjconf, pid);
+	finishFromParentCpu(nsjconf, pid);
 }
 
-bool cgroupInitNs(void) { return true; }
+bool initNs(void) { return true; }
+
+}  // namespace cgroup
diff --git a/cgroup.h b/cgroup.h
index c34cd24..677ce36 100644
--- a/cgroup.h
+++ b/cgroup.h
@@ -27,8 +27,12 @@
 
 #include "nsjail.h"
 
-bool cgroupInitNsFromParent(struct nsjconf_t* nsjconf, pid_t pid);
-bool cgroupInitNs(void);
-void cgroupFinishFromParent(struct nsjconf_t* nsjconf, pid_t pid);
+namespace cgroup {
+
+bool initNsFromParent(struct nsjconf_t* nsjconf, pid_t pid);
+bool initNs(void);
+void finishFromParent(struct nsjconf_t* nsjconf, pid_t pid);
+
+}  // namespace cgroup
 
 #endif /* _CGROUP_H */
diff --git a/contain.cc b/contain.cc
index 61f47e7..42a0bda 100644
--- a/contain.cc
+++ b/contain.cc
@@ -38,12 +38,12 @@
 #include <unistd.h>
 
 extern "C" {
-#include "cgroup.h"
 #include "log.h"
 #include "mount.h"
 }
 
 #include "caps.h"
+#include "cgroup.h"
 #include "cpu.h"
 #include "net.h"
 #include "pid.h"
@@ -60,7 +60,7 @@ static bool containInitNetNs(struct nsjconf_t* nsjconf) { return net::initNsFrom
 
 static bool containInitUtsNs(struct nsjconf_t* nsjconf) { return uts::initNs(nsjconf); }
 
-static bool containInitCgroupNs(void) { return cgroupInitNs(); }
+static bool containInitCgroupNs(void) { return cgroup::initNs(); }
 
 static bool containDropPrivs(struct nsjconf_t* nsjconf) {
 #ifndef PR_SET_NO_NEW_PRIVS
diff --git a/subproc.cc b/subproc.cc
index 7e91bf3..6cce1b6 100644
--- a/subproc.cc
+++ b/subproc.cc
@@ -42,13 +42,13 @@
 #include <time.h>
 #include <unistd.h>
 
+#include "cgroup.h"
 #include "contain.h"
 #include "net.h"
 #include "sandbox.h"
 #include "user.h"
 
 extern "C" {
-#include "cgroup.h"
 #include "common.h"
 #include "log.h"
 #include "util.h"
@@ -148,7 +148,7 @@ static int subprocNewProc(
 			LOG_E("Couldn't initialize net user namespace");
 			_exit(0xff);
 		}
-		if (cgroupInitNsFromParent(nsjconf, getpid()) == false) {
+		if (cgroup::initNsFromParent(nsjconf, getpid()) == false) {
 			LOG_E("Couldn't initialize net user namespace");
 			_exit(0xff);
 		}
@@ -317,7 +317,7 @@ int reapProc(struct nsjconf_t* nsjconf) {
 		}
 
 		if (wait4(si.si_pid, &status, WNOHANG, NULL) == si.si_pid) {
-			cgroupFinishFromParent(nsjconf, si.si_pid);
+			cgroup::finishFromParent(nsjconf, si.si_pid);
 
 			const char* remote_txt = "[UNKNOWN]";
 			struct pids_t* elem = getPidElem(nsjconf, si.si_pid);
@@ -380,7 +380,7 @@ static bool initParent(struct nsjconf_t* nsjconf, pid_t pid, int pipefd) {
 		LOG_E("Couldn't create and put MACVTAP interface into NS of PID '%d'", pid);
 		return false;
 	}
-	if (cgroupInitNsFromParent(nsjconf, pid) == false) {
+	if (cgroup::initNsFromParent(nsjconf, pid) == false) {
 		LOG_E("Couldn't initialize cgroup user namespace");
 		exit(0xff);
 	}
diff --git a/user.cc b/user.cc
index d10f2af..a4a44a7 100644
--- a/user.cc
+++ b/user.cc
@@ -349,8 +349,8 @@ static gid_t parseGid(const char* id) {
 	return (gid_t)-1;
 }
 
-bool parseId(struct nsjconf_t* nsjconf, const char* i_id, const char* o_id, size_t cnt,
-    bool is_gid, bool is_newidmap) {
+bool parseId(struct nsjconf_t* nsjconf, const char* i_id, const char* o_id, size_t cnt, bool is_gid,
+    bool is_newidmap) {
 	uid_t inside_id;
 	uid_t outside_id;