diff --git a/cmdline.cc b/cmdline.cc index ecc0419..477c9b6 100644 --- a/cmdline.cc +++ b/cmdline.cc @@ -298,17 +298,25 @@ static std::string argFromVec(const std::vector& vec, size_t pos) { } static bool setupArgv(nsjconf_t* nsjconf, int argc, char** argv, int optind) { - for (int i = optind; i < argc; i++) { - nsjconf->argv.push_back(argv[i]); - } - if (nsjconf->argv.empty()) { - cmdlineUsage(argv[0]); - LOG_E("No command provided"); - return false; + /* + * If user provided cmdline via nsjail [opts] -- [cmdline], then override the one from the + * config file + */ + if (optind < argc) { + nsjconf->argv.clear(); + nsjconf->exec_file.clear(); + for (int i = optind; i < argc; i++) { + nsjconf->argv.push_back(argv[i]); + } } if (nsjconf->exec_file.empty()) { nsjconf->exec_file = nsjconf->argv[0]; } + if (nsjconf->exec_file.empty()) { + cmdlineUsage(argv[0]); + LOG_E("No command-line provided"); + return false; + } if (nsjconf->use_execveat) { #if !defined(__NR_execveat) diff --git a/config.cc b/config.cc index adabf0e..cf2b86e 100644 --- a/config.cc +++ b/config.cc @@ -265,8 +265,10 @@ static bool configParseInternal(nsjconf_t* nsjconf, const nsjail::NsJailConfig& nsjconf->iface_vs_ma = njc.macvlan_vs_ma(); if (njc.has_exec_bin()) { - nsjconf->exec_file = njc.exec_bin().path(); - nsjconf->argv.push_back(njc.exec_bin().path()); + if (njc.exec_bin().has_path()) { + nsjconf->exec_file = njc.exec_bin().path(); + nsjconf->argv.push_back(njc.exec_bin().path()); + } for (ssize_t i = 0; i < njc.exec_bin().arg().size(); i++) { nsjconf->argv.push_back(njc.exec_bin().arg(i)); } diff --git a/config.proto b/config.proto index 90091be..5665b20 100644 --- a/config.proto +++ b/config.proto @@ -66,7 +66,7 @@ enum RLimit { } message Exe { /* Will be used both as execv's path and as argv[0] */ - required string path = 1; + optional string path = 1; /* This will be argv[1] and so on.. */ repeated string arg = 2; /* Override argv[0] */