Makefile/indent: add AlwaysBreakBeforeMultilineStrings:false

Makefile

@@ -100,7 +100,7 @@ depend: all
 
 .PHONY: indent
 indent:
-	clang-format -style="{BasedOnStyle: google, IndentWidth: 8, UseTab: Always, IndentCaseLabels: false, ColumnLimit: 100, AlignAfterOpenBracket: false, AllowShortFunctionsOnASingleLine: false}" -i -sort-includes $(SRCS_H) $(SRCS_CXX)
+	clang-format -style="{BasedOnStyle: google, IndentWidth: 8, UseTab: Always, IndentCaseLabels: false, ColumnLimit: 100, AlignAfterOpenBracket: false, AllowShortFunctionsOnASingleLine: false, AlwaysBreakBeforeMultilineStrings: false}" -i -sort-includes $(SRCS_H) $(SRCS_CXX)
 	clang-format -style="{BasedOnStyle: google, IndentWidth: 4, UseTab: Always, ColumnLimit: 100}" -i $(SRCS_PROTO)
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.

cmdline.cc

@@ -281,8 +281,7 @@ void logParams(nsjconf_t *nsjconf) {
 		break;
 	}
 
-	LOG_I(
+	LOG_I("Jail parameters: hostname:'%s', chroot:%s, process:'%s', "
-	    "Jail parameters: hostname:'%s', chroot:%s, process:'%s', "
 	      "bind:[%s]:%d, "
 	      "max_conns:%u, max_conns_per_ip:%u, time_limit:%" PRId64
 	      ", personality:%#lx, daemonize:%s, clone_newnet:%s, "
@@ -311,8 +310,7 @@ void logParams(nsjconf_t *nsjconf) {
 		    (unsigned long)uid.inside_id, (unsigned long)uid.outside_id, uid.count,
 		    uid.is_newidmap ? "true" : "false");
 		if (uid.outside_id == 0 && nsjconf->clone_newuser) {
-			LOG_W(
+			LOG_W("Process will be UID/EUID=0 in the global user namespace, and "
-			    "Process will be UID/EUID=0 in the global user namespace, and "
 			      "will "
 			      "have user root-level access to files");
 		}
@@ -322,8 +320,7 @@ void logParams(nsjconf_t *nsjconf) {
 		    (unsigned long)gid.inside_id, (unsigned long)gid.outside_id, gid.count,
 		    gid.is_newidmap ? "true" : "false");
 		if (gid.outside_id == 0 && nsjconf->clone_newuser) {
-			LOG_W(
+			LOG_W("Process will be GID/EGID=0 in the global user namespace, and "
-			    "Process will be GID/EGID=0 in the global user namespace, and "
 			      "will "
 			      "have group root-level access to files");
 		}
@@ -345,8 +342,7 @@ uint64_t parseRLimit(int res, const char *optarg, unsigned long mul) {
 		return cur.rlim_max;
 	}
 	if (!util::isANumber(optarg)) {
-		LOG_F(
+		LOG_F("RLIMIT %d needs a numeric or 'max'/'hard'/'def'/'soft'/'inf' "
-		    "RLIMIT %d needs a numeric or 'max'/'hard'/'def'/'soft'/'inf' "
 		      "value "
 		      "('%s' "
 		      "provided)",
@@ -389,8 +385,7 @@ static bool setupArgv(nsjconf_t *nsjconf, int argc, char **argv, int optind) {
 
 	if (nsjconf->use_execveat) {
 #if !defined(__NR_execveat)
-		LOG_E(
+		LOG_E("Your nsjail is compiled without support for the execveat() "
-		    "Your nsjail is compiled without support for the execveat() "
 		      "syscall, "
 		      "yet you "
 		      "specified the --execute_fd flag");
@@ -462,8 +457,7 @@ void setupUsers(nsjconf_t *nsjconf) {
 std::string parseMACVlanMode(const char *optarg) {
 	if (strcasecmp(optarg, "private") != 0 && strcasecmp(optarg, "vepa") != 0 &&
 	    strcasecmp(optarg, "bridge") != 0 && strcasecmp(optarg, "passthru") != 0) {
-		LOG_F(
+		LOG_F("macvlan mode can only be one of the values: "
-		    "macvlan mode can only be one of the values: "
 		      "'private'/'vepa'/'bridge'/'passthru' ('%s' "
 		      "provided).",
 		    optarg);

contain.cc

@@ -127,8 +127,7 @@ static bool containTSC(nsjconf_t* nsjconf) {
 			return false;
 		}
 #else  /* defined(__x86_64__) || defined(__i386__) */
-		LOG_W(
+		LOG_W("prctl(PR_SET_TSC, PR_TSC_SIGSEGV) requested, but it's supported under "
-		    "prctl(PR_SET_TSC, PR_TSC_SIGSEGV) requested, but it's supported under "
 		      "x86/x86-64 CPU architectures only. Ignoring it!");
 #endif /* defined(__x86_64__) || defined(__i386__) */
 	}

cpu.cc

@@ -70,8 +70,7 @@ static void setRandomCpu(cpu_set_t* orig_mask, cpu_set_t* new_mask, size_t avail
 	n = getNthOnlineCpu(orig_mask, n);
 
 	CPU_SET(n, new_mask);
-	LOG_D(
+	LOG_D("Add CPU #%zu from the original mask=[%s] (size=%zu, available_cpus=%zu), new "
-	    "Add CPU #%zu from the original mask=[%s] (size=%zu, available_cpus=%zu), new "
 	      "mask=[%s] (size=%zu)",
 	    n, listCpusInSet(orig_mask).c_str(), (size_t)CPU_COUNT(orig_mask), available_cpus,
 	    listCpusInSet(new_mask).c_str(), (size_t)CPU_COUNT(new_mask));
@@ -121,8 +120,7 @@ bool initCpu(nsjconf_t* nsjconf) {
 		available_cpus--;
 	}
 
-	LOG_D(
+	LOG_D("Setting new CPU mask=[%s] with %zu allowed CPUs (max_cpus=%zu), %zu CPUs "
-	    "Setting new CPU mask=[%s] with %zu allowed CPUs (max_cpus=%zu), %zu CPUs "
 	      "(CPU_COUNT=%zu) left mask=[%s]",
 	    listCpusInSet(new_mask.get()).c_str(), nsjconf->max_cpus,
 	    (size_t)CPU_COUNT(new_mask.get()), available_cpus, (size_t)CPU_COUNT(orig_mask.get()),

mnt.cc

@@ -214,8 +214,7 @@ static bool mountPt(mount_t* mpt, const char* newroot, const char* tmpdir) {
 	 */
 	if (mountRWIfPossible(mpt, srcpath, dstpath) == -1) {
 		if (errno == EACCES) {
-			PLOG_W(
+			PLOG_W("mount('%s') src:'%s' dstpath:'%s' failed. "
-			    "mount('%s') src:'%s' dstpath:'%s' failed. "
 			       "Try fixing this problem by applying 'chmod o+x' to the '%s' "
 			       "directory and its ancestors",
 			    describeMountPt(*mpt).c_str(), srcpath, dstpath, srcpath);
@@ -457,8 +456,7 @@ static bool initCloneNs(nsjconf_t* nsjconf) {
 		 * proper capabilities are kept in the user namespace. It can be acheived by
 		 * unmounting the new root and using setns to re-enter the mount namespace.
 		 */
-		LOG_W(
+		LOG_W("Using no_pivotroot is escapable when user posseses relevant capabilities, "
-		    "Using no_pivotroot is escapable when user posseses relevant capabilities, "
 		      "Use it with care!");
 
 		if (chdir(destdir->c_str()) == -1) {

net.cc

@@ -219,8 +219,7 @@ bool limitConns(nsjconf_t* nsjconf, int connsock) {
 
 int getRecvSocket(const char* bindhost, int port) {
 	if (port < 0 || port > 65535) {
-		LOG_F(
+		LOG_F("TCP port %d out of bounds (0 <= port <= 65535), specify one with --port "
-		    "TCP port %d out of bounds (0 <= port <= 65535), specify one with --port "
 		      "<port>",
 		    port);
 	}

sandbox.cc

@@ -60,16 +60,14 @@ static bool prepareAndCommit(nsjconf_t* nsjconf) {
 	}
 	if (nsjconf->seccomp_log) {
 #ifndef __NR_seccomp
-		LOG_E(
+		LOG_E("The __NR_seccomp is not defined with this kernel's header files (kernel "
-		    "The __NR_seccomp is not defined with this kernel's header files (kernel "
 		      "headers too old?)");
 		return false;
 #else
 		if (util::syscall(__NR_seccomp, (uintptr_t)SECCOMP_SET_MODE_FILTER,
 			(uintptr_t)(SECCOMP_FILTER_FLAG_TSYNC | SECCOMP_FILTER_FLAG_LOG),
 			(uintptr_t)&nsjconf->seccomp_fprog) == -1) {
-			PLOG_E(
+			PLOG_E("seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC | "
-			    "seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC | "
 			       "SECCOMP_FILTER_FLAG_LOG) failed");
 			return false;
 		}

subproc.cc

@@ -287,8 +287,7 @@ static void seccompViolation(nsjconf_t* nsjconf, siginfo_t* si) {
 
 	const auto& p = nsjconf->pids.find(si->si_pid);
 	if (p == nsjconf->pids.end()) {
-		LOG_W(
+		LOG_W("pid=%d SiStatus:%d SiUid:%d SiUtime:%ld SiStime:%ld (If "
-		    "pid=%d SiStatus:%d SiUid:%d SiUtime:%ld SiStime:%ld (If "
 		      "SiStatus==31 (SIGSYS), then see 'dmesg' or 'journalctl -ek' for possible "
 		      "auditd report with more data)",
 		    (int)si->si_pid, si->si_status, si->si_uid, (long)si->si_utime,
@@ -300,8 +299,7 @@ static void seccompViolation(nsjconf_t* nsjconf, siginfo_t* si) {
 	char buf[4096];
 	ssize_t rdsize = util::readFromFd(p->second.pid_syscall_fd, buf, sizeof(buf) - 1);
 	if (rdsize < 1) {
-		LOG_W(
+		LOG_W("pid=%d SiStatus:%d SiUid:%d SiUtime:%ld SiStime:%ld (If "
-		    "pid=%d SiStatus:%d SiUid:%d SiUtime:%ld SiStime:%ld (If "
 		      "SiStatus==31 (SIGSYS), then see 'dmesg' or 'journalctl -ek' for possible "
 		      "auditd report with more data)",
 		    (int)si->si_pid, si->si_status, si->si_uid, (long)si->si_utime,
@@ -315,21 +313,18 @@ static void seccompViolation(nsjconf_t* nsjconf, siginfo_t* si) {
 	int ret = sscanf(buf, "%td %tx %tx %tx %tx %tx %tx %tx %tx", &sc, &arg1, &arg2, &arg3,
 	    &arg4, &arg5, &arg6, &sp, &pc);
 	if (ret == 9) {
-		LOG_W(
+		LOG_W("pid=%d, Syscall number:%td, Arguments:%#tx, %#tx, %#tx, %#tx, %#tx, %#tx, "
-		    "pid=%d, Syscall number:%td, Arguments:%#tx, %#tx, %#tx, %#tx, %#tx, %#tx, "
 		      "SP:%#tx, PC:%#tx, si_status:%d",
 		    (int)si->si_pid, sc, arg1, arg2, arg3, arg4, arg5, arg6, sp, pc, si->si_status);
 	} else if (ret == 3) {
-		LOG_W(
+		LOG_W("pid=%d SiStatus:%d SiUid:%d SiUtime:%ld SiStime:%ld SP:%#tx, PC:%#tx (If "
-		    "pid=%d SiStatus:%d SiUid:%d SiUtime:%ld SiStime:%ld SP:%#tx, PC:%#tx (If "
 		      "SiStatus==31 (SIGSYS), then see 'dmesg' or 'journalctl -ek' for possible "
 		      "auditd report with more data)",
 		    (int)si->si_pid, si->si_status, si->si_uid, (long)si->si_utime,
 		    (long)si->si_stime, arg1, arg2);
 		return;
 	} else {
-		LOG_W(
+		LOG_W("pid=%d SiStatus:%d SiUid:%d SiUtime:%ld SiStime:%ld (If "
-		    "pid=%d SiStatus:%d SiUid:%d SiUtime:%ld SiStime:%ld (If "
 		      "SiStatus==31 (SIGSYS), then see 'dmesg' or 'journalctl -ek' for possible "
 		      "auditd report with more data)",
 		    (int)si->si_pid, si->si_status, si->si_uid, (long)si->si_utime,
@@ -545,8 +540,7 @@ pid_t cloneProc(uint64_t flags, int exit_signal) {
 	}
 
 	if (flags & CLONE_NEWTIME) {
-		LOG_W(
+		LOG_W("CLONE_NEWTIME reuqested, but it's only supported with the unshare() mode "
-		    "CLONE_NEWTIME reuqested, but it's only supported with the unshare() mode "
 		      "(-Me)");
 	}
 

util.cc

@@ -231,8 +231,7 @@ static void rndInitThread(void) {
 #endif /* defined(__NR_getrandom) */
 	int fd = TEMP_FAILURE_RETRY(open("/dev/urandom", O_RDONLY | O_CLOEXEC));
 	if (fd == -1) {
-		PLOG_D(
+		PLOG_D("Couldn't open /dev/urandom for reading. Using gettimeofday "
-		    "Couldn't open /dev/urandom for reading. Using gettimeofday "
 		       "fall-back");
 		struct timeval tv;
 		gettimeofday(&tv, NULL);