Makefile/indent: add AlwaysBreakBeforeMultilineStrings:false
This commit is contained in:
parent
2e27593482
commit
439606be70
2
Makefile
2
Makefile
@ -100,7 +100,7 @@ depend: all
|
||||
|
||||
.PHONY: indent
|
||||
indent:
|
||||
clang-format -style="{BasedOnStyle: google, IndentWidth: 8, UseTab: Always, IndentCaseLabels: false, ColumnLimit: 100, AlignAfterOpenBracket: false, AllowShortFunctionsOnASingleLine: false}" -i -sort-includes $(SRCS_H) $(SRCS_CXX)
|
||||
clang-format -style="{BasedOnStyle: google, IndentWidth: 8, UseTab: Always, IndentCaseLabels: false, ColumnLimit: 100, AlignAfterOpenBracket: false, AllowShortFunctionsOnASingleLine: false, AlwaysBreakBeforeMultilineStrings: false}" -i -sort-includes $(SRCS_H) $(SRCS_CXX)
|
||||
clang-format -style="{BasedOnStyle: google, IndentWidth: 4, UseTab: Always, ColumnLimit: 100}" -i $(SRCS_PROTO)
|
||||
|
||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||
|
18
cmdline.cc
18
cmdline.cc
@ -281,8 +281,7 @@ void logParams(nsjconf_t *nsjconf) {
|
||||
break;
|
||||
}
|
||||
|
||||
LOG_I(
|
||||
"Jail parameters: hostname:'%s', chroot:%s, process:'%s', "
|
||||
LOG_I("Jail parameters: hostname:'%s', chroot:%s, process:'%s', "
|
||||
"bind:[%s]:%d, "
|
||||
"max_conns:%u, max_conns_per_ip:%u, time_limit:%" PRId64
|
||||
", personality:%#lx, daemonize:%s, clone_newnet:%s, "
|
||||
@ -311,8 +310,7 @@ void logParams(nsjconf_t *nsjconf) {
|
||||
(unsigned long)uid.inside_id, (unsigned long)uid.outside_id, uid.count,
|
||||
uid.is_newidmap ? "true" : "false");
|
||||
if (uid.outside_id == 0 && nsjconf->clone_newuser) {
|
||||
LOG_W(
|
||||
"Process will be UID/EUID=0 in the global user namespace, and "
|
||||
LOG_W("Process will be UID/EUID=0 in the global user namespace, and "
|
||||
"will "
|
||||
"have user root-level access to files");
|
||||
}
|
||||
@ -322,8 +320,7 @@ void logParams(nsjconf_t *nsjconf) {
|
||||
(unsigned long)gid.inside_id, (unsigned long)gid.outside_id, gid.count,
|
||||
gid.is_newidmap ? "true" : "false");
|
||||
if (gid.outside_id == 0 && nsjconf->clone_newuser) {
|
||||
LOG_W(
|
||||
"Process will be GID/EGID=0 in the global user namespace, and "
|
||||
LOG_W("Process will be GID/EGID=0 in the global user namespace, and "
|
||||
"will "
|
||||
"have group root-level access to files");
|
||||
}
|
||||
@ -345,8 +342,7 @@ uint64_t parseRLimit(int res, const char *optarg, unsigned long mul) {
|
||||
return cur.rlim_max;
|
||||
}
|
||||
if (!util::isANumber(optarg)) {
|
||||
LOG_F(
|
||||
"RLIMIT %d needs a numeric or 'max'/'hard'/'def'/'soft'/'inf' "
|
||||
LOG_F("RLIMIT %d needs a numeric or 'max'/'hard'/'def'/'soft'/'inf' "
|
||||
"value "
|
||||
"('%s' "
|
||||
"provided)",
|
||||
@ -389,8 +385,7 @@ static bool setupArgv(nsjconf_t *nsjconf, int argc, char **argv, int optind) {
|
||||
|
||||
if (nsjconf->use_execveat) {
|
||||
#if !defined(__NR_execveat)
|
||||
LOG_E(
|
||||
"Your nsjail is compiled without support for the execveat() "
|
||||
LOG_E("Your nsjail is compiled without support for the execveat() "
|
||||
"syscall, "
|
||||
"yet you "
|
||||
"specified the --execute_fd flag");
|
||||
@ -462,8 +457,7 @@ void setupUsers(nsjconf_t *nsjconf) {
|
||||
std::string parseMACVlanMode(const char *optarg) {
|
||||
if (strcasecmp(optarg, "private") != 0 && strcasecmp(optarg, "vepa") != 0 &&
|
||||
strcasecmp(optarg, "bridge") != 0 && strcasecmp(optarg, "passthru") != 0) {
|
||||
LOG_F(
|
||||
"macvlan mode can only be one of the values: "
|
||||
LOG_F("macvlan mode can only be one of the values: "
|
||||
"'private'/'vepa'/'bridge'/'passthru' ('%s' "
|
||||
"provided).",
|
||||
optarg);
|
||||
|
@ -127,8 +127,7 @@ static bool containTSC(nsjconf_t* nsjconf) {
|
||||
return false;
|
||||
}
|
||||
#else /* defined(__x86_64__) || defined(__i386__) */
|
||||
LOG_W(
|
||||
"prctl(PR_SET_TSC, PR_TSC_SIGSEGV) requested, but it's supported under "
|
||||
LOG_W("prctl(PR_SET_TSC, PR_TSC_SIGSEGV) requested, but it's supported under "
|
||||
"x86/x86-64 CPU architectures only. Ignoring it!");
|
||||
#endif /* defined(__x86_64__) || defined(__i386__) */
|
||||
}
|
||||
|
6
cpu.cc
6
cpu.cc
@ -70,8 +70,7 @@ static void setRandomCpu(cpu_set_t* orig_mask, cpu_set_t* new_mask, size_t avail
|
||||
n = getNthOnlineCpu(orig_mask, n);
|
||||
|
||||
CPU_SET(n, new_mask);
|
||||
LOG_D(
|
||||
"Add CPU #%zu from the original mask=[%s] (size=%zu, available_cpus=%zu), new "
|
||||
LOG_D("Add CPU #%zu from the original mask=[%s] (size=%zu, available_cpus=%zu), new "
|
||||
"mask=[%s] (size=%zu)",
|
||||
n, listCpusInSet(orig_mask).c_str(), (size_t)CPU_COUNT(orig_mask), available_cpus,
|
||||
listCpusInSet(new_mask).c_str(), (size_t)CPU_COUNT(new_mask));
|
||||
@ -121,8 +120,7 @@ bool initCpu(nsjconf_t* nsjconf) {
|
||||
available_cpus--;
|
||||
}
|
||||
|
||||
LOG_D(
|
||||
"Setting new CPU mask=[%s] with %zu allowed CPUs (max_cpus=%zu), %zu CPUs "
|
||||
LOG_D("Setting new CPU mask=[%s] with %zu allowed CPUs (max_cpus=%zu), %zu CPUs "
|
||||
"(CPU_COUNT=%zu) left mask=[%s]",
|
||||
listCpusInSet(new_mask.get()).c_str(), nsjconf->max_cpus,
|
||||
(size_t)CPU_COUNT(new_mask.get()), available_cpus, (size_t)CPU_COUNT(orig_mask.get()),
|
||||
|
6
mnt.cc
6
mnt.cc
@ -214,8 +214,7 @@ static bool mountPt(mount_t* mpt, const char* newroot, const char* tmpdir) {
|
||||
*/
|
||||
if (mountRWIfPossible(mpt, srcpath, dstpath) == -1) {
|
||||
if (errno == EACCES) {
|
||||
PLOG_W(
|
||||
"mount('%s') src:'%s' dstpath:'%s' failed. "
|
||||
PLOG_W("mount('%s') src:'%s' dstpath:'%s' failed. "
|
||||
"Try fixing this problem by applying 'chmod o+x' to the '%s' "
|
||||
"directory and its ancestors",
|
||||
describeMountPt(*mpt).c_str(), srcpath, dstpath, srcpath);
|
||||
@ -457,8 +456,7 @@ static bool initCloneNs(nsjconf_t* nsjconf) {
|
||||
* proper capabilities are kept in the user namespace. It can be acheived by
|
||||
* unmounting the new root and using setns to re-enter the mount namespace.
|
||||
*/
|
||||
LOG_W(
|
||||
"Using no_pivotroot is escapable when user posseses relevant capabilities, "
|
||||
LOG_W("Using no_pivotroot is escapable when user posseses relevant capabilities, "
|
||||
"Use it with care!");
|
||||
|
||||
if (chdir(destdir->c_str()) == -1) {
|
||||
|
3
net.cc
3
net.cc
@ -219,8 +219,7 @@ bool limitConns(nsjconf_t* nsjconf, int connsock) {
|
||||
|
||||
int getRecvSocket(const char* bindhost, int port) {
|
||||
if (port < 0 || port > 65535) {
|
||||
LOG_F(
|
||||
"TCP port %d out of bounds (0 <= port <= 65535), specify one with --port "
|
||||
LOG_F("TCP port %d out of bounds (0 <= port <= 65535), specify one with --port "
|
||||
"<port>",
|
||||
port);
|
||||
}
|
||||
|
@ -60,16 +60,14 @@ static bool prepareAndCommit(nsjconf_t* nsjconf) {
|
||||
}
|
||||
if (nsjconf->seccomp_log) {
|
||||
#ifndef __NR_seccomp
|
||||
LOG_E(
|
||||
"The __NR_seccomp is not defined with this kernel's header files (kernel "
|
||||
LOG_E("The __NR_seccomp is not defined with this kernel's header files (kernel "
|
||||
"headers too old?)");
|
||||
return false;
|
||||
#else
|
||||
if (util::syscall(__NR_seccomp, (uintptr_t)SECCOMP_SET_MODE_FILTER,
|
||||
(uintptr_t)(SECCOMP_FILTER_FLAG_TSYNC | SECCOMP_FILTER_FLAG_LOG),
|
||||
(uintptr_t)&nsjconf->seccomp_fprog) == -1) {
|
||||
PLOG_E(
|
||||
"seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC | "
|
||||
PLOG_E("seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC | "
|
||||
"SECCOMP_FILTER_FLAG_LOG) failed");
|
||||
return false;
|
||||
}
|
||||
|
18
subproc.cc
18
subproc.cc
@ -287,8 +287,7 @@ static void seccompViolation(nsjconf_t* nsjconf, siginfo_t* si) {
|
||||
|
||||
const auto& p = nsjconf->pids.find(si->si_pid);
|
||||
if (p == nsjconf->pids.end()) {
|
||||
LOG_W(
|
||||
"pid=%d SiStatus:%d SiUid:%d SiUtime:%ld SiStime:%ld (If "
|
||||
LOG_W("pid=%d SiStatus:%d SiUid:%d SiUtime:%ld SiStime:%ld (If "
|
||||
"SiStatus==31 (SIGSYS), then see 'dmesg' or 'journalctl -ek' for possible "
|
||||
"auditd report with more data)",
|
||||
(int)si->si_pid, si->si_status, si->si_uid, (long)si->si_utime,
|
||||
@ -300,8 +299,7 @@ static void seccompViolation(nsjconf_t* nsjconf, siginfo_t* si) {
|
||||
char buf[4096];
|
||||
ssize_t rdsize = util::readFromFd(p->second.pid_syscall_fd, buf, sizeof(buf) - 1);
|
||||
if (rdsize < 1) {
|
||||
LOG_W(
|
||||
"pid=%d SiStatus:%d SiUid:%d SiUtime:%ld SiStime:%ld (If "
|
||||
LOG_W("pid=%d SiStatus:%d SiUid:%d SiUtime:%ld SiStime:%ld (If "
|
||||
"SiStatus==31 (SIGSYS), then see 'dmesg' or 'journalctl -ek' for possible "
|
||||
"auditd report with more data)",
|
||||
(int)si->si_pid, si->si_status, si->si_uid, (long)si->si_utime,
|
||||
@ -315,21 +313,18 @@ static void seccompViolation(nsjconf_t* nsjconf, siginfo_t* si) {
|
||||
int ret = sscanf(buf, "%td %tx %tx %tx %tx %tx %tx %tx %tx", &sc, &arg1, &arg2, &arg3,
|
||||
&arg4, &arg5, &arg6, &sp, &pc);
|
||||
if (ret == 9) {
|
||||
LOG_W(
|
||||
"pid=%d, Syscall number:%td, Arguments:%#tx, %#tx, %#tx, %#tx, %#tx, %#tx, "
|
||||
LOG_W("pid=%d, Syscall number:%td, Arguments:%#tx, %#tx, %#tx, %#tx, %#tx, %#tx, "
|
||||
"SP:%#tx, PC:%#tx, si_status:%d",
|
||||
(int)si->si_pid, sc, arg1, arg2, arg3, arg4, arg5, arg6, sp, pc, si->si_status);
|
||||
} else if (ret == 3) {
|
||||
LOG_W(
|
||||
"pid=%d SiStatus:%d SiUid:%d SiUtime:%ld SiStime:%ld SP:%#tx, PC:%#tx (If "
|
||||
LOG_W("pid=%d SiStatus:%d SiUid:%d SiUtime:%ld SiStime:%ld SP:%#tx, PC:%#tx (If "
|
||||
"SiStatus==31 (SIGSYS), then see 'dmesg' or 'journalctl -ek' for possible "
|
||||
"auditd report with more data)",
|
||||
(int)si->si_pid, si->si_status, si->si_uid, (long)si->si_utime,
|
||||
(long)si->si_stime, arg1, arg2);
|
||||
return;
|
||||
} else {
|
||||
LOG_W(
|
||||
"pid=%d SiStatus:%d SiUid:%d SiUtime:%ld SiStime:%ld (If "
|
||||
LOG_W("pid=%d SiStatus:%d SiUid:%d SiUtime:%ld SiStime:%ld (If "
|
||||
"SiStatus==31 (SIGSYS), then see 'dmesg' or 'journalctl -ek' for possible "
|
||||
"auditd report with more data)",
|
||||
(int)si->si_pid, si->si_status, si->si_uid, (long)si->si_utime,
|
||||
@ -545,8 +540,7 @@ pid_t cloneProc(uint64_t flags, int exit_signal) {
|
||||
}
|
||||
|
||||
if (flags & CLONE_NEWTIME) {
|
||||
LOG_W(
|
||||
"CLONE_NEWTIME reuqested, but it's only supported with the unshare() mode "
|
||||
LOG_W("CLONE_NEWTIME reuqested, but it's only supported with the unshare() mode "
|
||||
"(-Me)");
|
||||
}
|
||||
|
||||
|
3
util.cc
3
util.cc
@ -231,8 +231,7 @@ static void rndInitThread(void) {
|
||||
#endif /* defined(__NR_getrandom) */
|
||||
int fd = TEMP_FAILURE_RETRY(open("/dev/urandom", O_RDONLY | O_CLOEXEC));
|
||||
if (fd == -1) {
|
||||
PLOG_D(
|
||||
"Couldn't open /dev/urandom for reading. Using gettimeofday "
|
||||
PLOG_D("Couldn't open /dev/urandom for reading. Using gettimeofday "
|
||||
"fall-back");
|
||||
struct timeval tv;
|
||||
gettimeofday(&tv, NULL);
|
||||
|
Loading…
Reference in New Issue
Block a user