woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

contain: move to C++

Browse Source
This commit is contained in:
Robert Swiecki 2018-02-09 17:09:58 +01:00
parent a2daa94722
commit 21e1495c24
4 changed files with 23 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Makefile
View File

@ -35,8 +35,8 @@ LDFLAGS += -pie -Wl,-z,noexecstack -lpthread $(shell pkg-config --libs protobuf)
BIN = nsjail BIN = nsjail
LIBS = kafel/libkafel.a LIBS = kafel/libkafel.a
SRCS_C = caps.c contain.c log.c cgroup.c mount.c net.c pid.c sandbox.c user.c util.c uts.c cpu.c SRCS_C = caps.c log.c cgroup.c mount.c net.c pid.c sandbox.c user.c util.c uts.c cpu.c
SRCS_CXX = cmdline.cc config.cc nsjail.cc subproc.cc SRCS_CXX = cmdline.cc config.cc contain.cc nsjail.cc subproc.cc
SRCS_PROTO = config.proto SRCS_PROTO = config.proto
SRCS_PB_CXX = $(SRCS_PROTO:.proto=.pb.cc) SRCS_PB_CXX = $(SRCS_PROTO:.proto=.pb.cc)
SRCS_PB_H = $(SRCS_PROTO:.proto=.pb.h) SRCS_PB_H = $(SRCS_PROTO:.proto=.pb.h)
@ -98,8 +98,6 @@ indent:
# DO NOT DELETE THIS LINE -- make depend depends on it. # DO NOT DELETE THIS LINE -- make depend depends on it.
caps.o: caps.h nsjail.h common.h log.h util.h caps.o: caps.h nsjail.h common.h log.h util.h
contain.o: contain.h nsjail.h caps.h cgroup.h cpu.h log.h mount.h net.h pid.h
contain.o: user.h uts.h
log.o: log.h nsjail.h log.o: log.h nsjail.h
cgroup.o: cgroup.h nsjail.h log.h util.h cgroup.o: cgroup.h nsjail.h log.h util.h
mount.o: mount.h nsjail.h common.h log.h subproc.h util.h mount.o: mount.h nsjail.h common.h log.h subproc.h util.h
@ -114,6 +112,8 @@ cmdline.o: cmdline.h nsjail.h caps.h common.h log.h mount.h sandbox.h user.h
cmdline.o: util.h config.h cmdline.o: util.h config.h
config.o: common.h caps.h nsjail.h config.h log.h mount.h user.h util.h config.o: common.h caps.h nsjail.h config.h log.h mount.h user.h util.h
config.o: cmdline.h config.o: cmdline.h
contain.o: contain.h nsjail.h caps.h cgroup.h cpu.h log.h mount.h net.h pid.h
contain.o: user.h uts.h
nsjail.o: nsjail.h cmdline.h common.h log.h net.h subproc.h util.h nsjail.o: nsjail.h cmdline.h common.h log.h net.h subproc.h util.h
subproc.o: subproc.h nsjail.h cgroup.h common.h contain.h log.h net.h subproc.o: subproc.h nsjail.h contain.h cgroup.h common.h log.h net.h
subproc.o: sandbox.h user.h util.h subproc.o: sandbox.h user.h util.h

10
contain.c → contain.cc
View File

@ -37,6 +37,7 @@
#include <sys/resource.h> #include <sys/resource.h>
#include <unistd.h> #include <unistd.h>
extern "C" {
#include "caps.h" #include "caps.h"
#include "cgroup.h" #include "cgroup.h"
#include "cpu.h" #include "cpu.h"
@ -46,6 +47,9 @@
#include "pid.h" #include "pid.h"
#include "user.h" #include "user.h"
#include "uts.h" #include "uts.h"
}
namespace contain {
static bool containUserNs(struct nsjconf_t* nsjconf) { return userInitNsFromChild(nsjconf); } static bool containUserNs(struct nsjconf_t* nsjconf) { return userInitNsFromChild(nsjconf); }
@ -247,7 +251,7 @@ static bool containMakeFdsCOE(struct nsjconf_t* nsjconf) {
return false; return false;
} }
bool containSetupFD(struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err) { bool setupFD(struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err) {
if (nsjconf->mode != MODE_LISTEN_TCP) { if (nsjconf->mode != MODE_LISTEN_TCP) {
if (nsjconf->is_silent == false) { if (nsjconf->is_silent == false) {
return true; return true;
@ -273,7 +277,7 @@ bool containSetupFD(struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err
return true; return true;
} }
bool containContain(struct nsjconf_t* nsjconf) { bool containProc(struct nsjconf_t* nsjconf) {
if (containUserNs(nsjconf) == false) { if (containUserNs(nsjconf) == false) {
return false; return false;
} }
@ -311,3 +315,5 @@ bool containContain(struct nsjconf_t* nsjconf) {
} }
return true; return true;
} }
} // namespace contain

8
contain.h
View File

@ -26,7 +26,11 @@
#include "nsjail.h" #include "nsjail.h"
bool containSetupFD(struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err); namespace contain {
bool containContain(struct nsjconf_t* nsjconf);
bool setupFD(struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err);
bool containProc(struct nsjconf_t* nsjconf);
} // namespace contain
#endif /* NS_CONTAIN_H */ #endif /* NS_CONTAIN_H */

7
subproc.cc
View File

@ -42,10 +42,11 @@
#include <time.h> #include <time.h>
#include <unistd.h> #include <unistd.h>
#include "contain.h"
extern "C" { extern "C" {
#include "cgroup.h" #include "cgroup.h"
#include "common.h" #include "common.h"
#include "contain.h"
#include "log.h" #include "log.h"
#include "net.h" #include "net.h"
#include "sandbox.h" #include "sandbox.h"
@ -135,7 +136,7 @@ static const char kSubprocDoneChar = 'D';
static int subprocNewProc( static int subprocNewProc(
struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err, int pipefd) { struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err, int pipefd) {
if (containSetupFD(nsjconf, fd_in, fd_out, fd_err) == false) { if (contain::setupFD(nsjconf, fd_in, fd_out, fd_err) == false) {
_exit(0xff); _exit(0xff);
} }
if (!resetEnv()) { if (!resetEnv()) {
@ -160,7 +161,7 @@ static int subprocNewProc(
_exit(0xff); _exit(0xff);
} }
} }
if (containContain(nsjconf) == false) { if (contain::containProc(nsjconf) == false) {
_exit(0xff); _exit(0xff);
} }
if (nsjconf->keep_env == false) { if (nsjconf->keep_env == false) {