From 4494deffa76f9123719fd292739dddcf80ff48e2 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 10 Feb 2018 15:50:12 +0100 Subject: [PATCH] omit keyword 'struct' --- Makefile | 5 +++-- caps.cc | 2 +- caps.h | 2 +- cgroup.cc | 20 ++++++++++---------- cgroup.h | 4 ++-- cmdline.cc | 12 ++++++------ cmdline.h | 4 ++-- config.cc | 4 ++-- config.h | 2 +- contain.cc | 30 +++++++++++++++--------------- contain.h | 4 ++-- cpu.cc | 2 +- cpu.h | 2 +- log.cc | 2 +- log.h | 2 +- mnt.cc | 22 +++++++++++----------- mnt.h | 8 ++++---- net.cc | 10 +++++----- net.h | 6 +++--- nsjail.cc | 8 ++++---- pid.cc | 2 +- pid.h | 2 +- sandbox.cc | 6 +++--- sandbox.h | 4 ++-- subproc.cc | 29 ++++++++++++++--------------- subproc.h | 10 +++++----- user.cc | 26 +++++++++++++------------- user.h | 6 +++--- uts.cc | 2 +- uts.h | 2 +- 30 files changed, 120 insertions(+), 120 deletions(-) diff --git a/Makefile b/Makefile index 3176b20..2f48990 100644 --- a/Makefile +++ b/Makefile @@ -94,8 +94,8 @@ caps.o: caps.h nsjail.h log.h macros.h util.h cgroup.o: cgroup.h nsjail.h log.h util.h cmdline.o: cmdline.h nsjail.h caps.h config.h log.h macros.h mnt.h sandbox.h cmdline.o: user.h util.h -config.o: caps.h nsjail.h cmdline.h config.h log.h macros.h mnt.h user.h -config.o: util.h +config.o: caps.h nsjail.h cmdline.h config.h config.pb.h log.h macros.h mnt.h +config.o: user.h util.h contain.o: contain.h nsjail.h caps.h cgroup.h cpu.h log.h mnt.h net.h pid.h contain.o: user.h uts.h cpu.o: cpu.h nsjail.h log.h util.h @@ -110,3 +110,4 @@ subproc.o: sandbox.h user.h util.h uts.o: uts.h nsjail.h log.h user.o: user.h nsjail.h log.h macros.h subproc.h util.h util.o: util.h nsjail.h log.h macros.h +config.pb.o: config.pb.h diff --git a/caps.cc b/caps.cc index 6143f3f..f7364f6 100644 --- a/caps.cc +++ b/caps.cc @@ -198,7 +198,7 @@ static bool initNsKeepCaps(cap_user_data_t cap_data) { return true; } -bool initNs(struct nsjconf_t* nsjconf) { +bool initNs(nsjconf_t* nsjconf) { char dbgmsg[4096]; struct ints_t* p; diff --git a/caps.h b/caps.h index dd72d55..f189a6d 100644 --- a/caps.h +++ b/caps.h @@ -30,7 +30,7 @@ namespace caps { int nameToVal(const char* name); -bool initNs(struct nsjconf_t* nsjconf); +bool initNs(nsjconf_t* nsjconf); } // namespace caps diff --git a/cgroup.cc b/cgroup.cc index a51e3ef..a98e2dd 100644 --- a/cgroup.cc +++ b/cgroup.cc @@ -35,7 +35,7 @@ namespace cgroup { -static bool initNsFromParentMem(struct nsjconf_t* nsjconf, pid_t pid) { +static bool initNsFromParentMem(nsjconf_t* nsjconf, pid_t pid) { if (nsjconf->cgroup_mem_max == (size_t)0) { return true; } @@ -81,7 +81,7 @@ static bool initNsFromParentMem(struct nsjconf_t* nsjconf, pid_t pid) { return true; } -static bool initNsFromParentPids(struct nsjconf_t* nsjconf, pid_t pid) { +static bool initNsFromParentPids(nsjconf_t* nsjconf, pid_t pid) { if (nsjconf->cgroup_pids_max == 0U) { return true; } @@ -118,7 +118,7 @@ static bool initNsFromParentPids(struct nsjconf_t* nsjconf, pid_t pid) { return true; } -static bool initNsFromParentNetCls(struct nsjconf_t* nsjconf, pid_t pid) { +static bool initNsFromParentNetCls(nsjconf_t* nsjconf, pid_t pid) { if (nsjconf->cgroup_net_cls_classid == 0U) { return true; } @@ -156,7 +156,7 @@ static bool initNsFromParentNetCls(struct nsjconf_t* nsjconf, pid_t pid) { return true; } -static bool initNsFromParentCpu(struct nsjconf_t* nsjconf, pid_t pid) { +static bool initNsFromParentCpu(nsjconf_t* nsjconf, pid_t pid) { if (nsjconf->cgroup_cpu_ms_per_sec == 0U) { return true; } @@ -203,7 +203,7 @@ static bool initNsFromParentCpu(struct nsjconf_t* nsjconf, pid_t pid) { return true; } -bool initNsFromParent(struct nsjconf_t* nsjconf, pid_t pid) { +bool initNsFromParent(nsjconf_t* nsjconf, pid_t pid) { if (!initNsFromParentMem(nsjconf, pid)) { return false; } @@ -219,7 +219,7 @@ bool initNsFromParent(struct nsjconf_t* nsjconf, pid_t pid) { return true; } -void finishFromParentMem(struct nsjconf_t* nsjconf, pid_t pid) { +void finishFromParentMem(nsjconf_t* nsjconf, pid_t pid) { if (nsjconf->cgroup_mem_max == (size_t)0) { return; } @@ -233,7 +233,7 @@ void finishFromParentMem(struct nsjconf_t* nsjconf, pid_t pid) { return; } -void finishFromParentPids(struct nsjconf_t* nsjconf, pid_t pid) { +void finishFromParentPids(nsjconf_t* nsjconf, pid_t pid) { if (nsjconf->cgroup_pids_max == 0U) { return; } @@ -247,7 +247,7 @@ void finishFromParentPids(struct nsjconf_t* nsjconf, pid_t pid) { return; } -void finishFromParentCpu(struct nsjconf_t* nsjconf, pid_t pid) { +void finishFromParentCpu(nsjconf_t* nsjconf, pid_t pid) { if (nsjconf->cgroup_cpu_ms_per_sec == 0U) { return; } @@ -261,7 +261,7 @@ void finishFromParentCpu(struct nsjconf_t* nsjconf, pid_t pid) { return; } -void finishFromParentNetCls(struct nsjconf_t* nsjconf, pid_t pid) { +void finishFromParentNetCls(nsjconf_t* nsjconf, pid_t pid) { if (nsjconf->cgroup_net_cls_classid == 0U) { return; } @@ -275,7 +275,7 @@ void finishFromParentNetCls(struct nsjconf_t* nsjconf, pid_t pid) { return; } -void finishFromParent(struct nsjconf_t* nsjconf, pid_t pid) { +void finishFromParent(nsjconf_t* nsjconf, pid_t pid) { finishFromParentMem(nsjconf, pid); finishFromParentPids(nsjconf, pid); finishFromParentNetCls(nsjconf, pid); diff --git a/cgroup.h b/cgroup.h index 677ce36..e241d23 100644 --- a/cgroup.h +++ b/cgroup.h @@ -29,9 +29,9 @@ namespace cgroup { -bool initNsFromParent(struct nsjconf_t* nsjconf, pid_t pid); +bool initNsFromParent(nsjconf_t* nsjconf, pid_t pid); bool initNs(void); -void finishFromParent(struct nsjconf_t* nsjconf, pid_t pid); +void finishFromParent(nsjconf_t* nsjconf, pid_t pid); } // namespace cgroup diff --git a/cmdline.cc b/cmdline.cc index d14e63b..5389f13 100644 --- a/cmdline.cc +++ b/cmdline.cc @@ -199,7 +199,7 @@ static void cmdlineUsage(const char* pname) { LOG_HELP_BOLD(" nsjail -Me --chroot / --disable_proc -- /bin/echo \"ABC\""); } -void logParams(struct nsjconf_t* nsjconf) { +void logParams(nsjconf_t* nsjconf) { switch (nsjconf->mode) { case MODE_LISTEN_TCP: LOG_I("Mode: LISTEN_TCP"); @@ -241,7 +241,7 @@ void logParams(struct nsjconf_t* nsjconf) { } } { - struct idmap_t* p; + idmap_t* p; for (const auto& uid : nsjconf->uids) { LOG_I("Uid map: inside_uid:%lu outside_uid:%lu count:%zu newuidmap:%s", (unsigned long)uid.inside_id, (unsigned long)uid.outside_id, uid.count, @@ -319,8 +319,8 @@ static char* cmdlineSplitStrByColon(char* spec) { } } -std::unique_ptr parseArgs(int argc, char* argv[]) { - std::unique_ptr nsjconf = std::make_unique(); +std::unique_ptr parseArgs(int argc, char* argv[]) { + std::unique_ptr nsjconf = std::make_unique(); nsjconf->exec_file = NULL; nsjconf->use_execveat = false; @@ -783,7 +783,7 @@ std::unique_ptr parseArgs(int argc, char* argv[]) { } if (nsjconf->uids.empty()) { - struct idmap_t uid; + idmap_t uid; uid.inside_id = getuid(); uid.outside_id = getuid(); uid.count = 1U; @@ -791,7 +791,7 @@ std::unique_ptr parseArgs(int argc, char* argv[]) { nsjconf->uids.push_back(uid); } if (nsjconf->gids.empty()) { - struct idmap_t gid; + idmap_t gid; gid.inside_id = getgid(); gid.outside_id = getgid(); gid.count = 1U; diff --git a/cmdline.h b/cmdline.h index 22b4e89..9ab5822 100644 --- a/cmdline.h +++ b/cmdline.h @@ -31,8 +31,8 @@ namespace cmdline { uint64_t parseRLimit(int res, const char* optarg, unsigned long mul); -void logParams(struct nsjconf_t* nsjconf); -std::unique_ptr parseArgs(int argc, char* argv[]); +void logParams(nsjconf_t* nsjconf); +std::unique_ptr parseArgs(int argc, char* argv[]); } // namespace cmdline diff --git a/config.cc b/config.cc index 2a39c5c..0f3c446 100644 --- a/config.cc +++ b/config.cc @@ -65,7 +65,7 @@ static uint64_t configRLimit( abort(); } -static bool configParseInternal(struct nsjconf_t* nsjconf, const nsjail::NsJailConfig& njc) { +static bool configParseInternal(nsjconf_t* nsjconf, const nsjail::NsJailConfig& njc) { switch (njc.mode()) { case nsjail::Mode::LISTEN: nsjconf->mode = MODE_LISTEN_TCP; @@ -301,7 +301,7 @@ static void LogHandler( LOG_W("config.cc: '%s'", message.c_str()); } -bool parseFile(struct nsjconf_t* nsjconf, const char* file) { +bool parseFile(nsjconf_t* nsjconf, const char* file) { LOG_I("Parsing configuration from '%s'", file); int fd = open(file, O_RDONLY | O_CLOEXEC); diff --git a/config.h b/config.h index 157098a..108d3fd 100644 --- a/config.h +++ b/config.h @@ -28,7 +28,7 @@ namespace config { -bool parseFile(struct nsjconf_t* nsjconf, const char* file); +bool parseFile(nsjconf_t* nsjconf, const char* file); } // namespace config diff --git a/contain.cc b/contain.cc index ff0eb89..16a1892 100644 --- a/contain.cc +++ b/contain.cc @@ -50,17 +50,17 @@ namespace contain { -static bool containUserNs(struct nsjconf_t* nsjconf) { return user::initNsFromChild(nsjconf); } +static bool containUserNs(nsjconf_t* nsjconf) { return user::initNsFromChild(nsjconf); } -static bool containInitPidNs(struct nsjconf_t* nsjconf) { return pid::initNs(nsjconf); } +static bool containInitPidNs(nsjconf_t* nsjconf) { return pid::initNs(nsjconf); } -static bool containInitNetNs(struct nsjconf_t* nsjconf) { return net::initNsFromChild(nsjconf); } +static bool containInitNetNs(nsjconf_t* nsjconf) { return net::initNsFromChild(nsjconf); } -static bool containInitUtsNs(struct nsjconf_t* nsjconf) { return uts::initNs(nsjconf); } +static bool containInitUtsNs(nsjconf_t* nsjconf) { return uts::initNs(nsjconf); } static bool containInitCgroupNs(void) { return cgroup::initNs(); } -static bool containDropPrivs(struct nsjconf_t* nsjconf) { +static bool containDropPrivs(nsjconf_t* nsjconf) { #ifndef PR_SET_NO_NEW_PRIVS #define PR_SET_NO_NEW_PRIVS 38 #endif @@ -78,7 +78,7 @@ static bool containDropPrivs(struct nsjconf_t* nsjconf) { return true; } -static bool containPrepareEnv(struct nsjconf_t* nsjconf) { +static bool containPrepareEnv(nsjconf_t* nsjconf) { if (prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0) == -1) { PLOG_E("prctl(PR_SET_PDEATHSIG, SIGKILL)"); return false; @@ -97,11 +97,11 @@ static bool containPrepareEnv(struct nsjconf_t* nsjconf) { return true; } -static bool containInitMountNs(struct nsjconf_t* nsjconf) { return mnt::initNs(nsjconf); } +static bool containInitMountNs(nsjconf_t* nsjconf) { return mnt::initNs(nsjconf); } -static bool containCPU(struct nsjconf_t* nsjconf) { return cpu::initCpu(nsjconf); } +static bool containCPU(nsjconf_t* nsjconf) { return cpu::initCpu(nsjconf); } -static bool containSetLimits(struct nsjconf_t* nsjconf) { +static bool containSetLimits(nsjconf_t* nsjconf) { struct rlimit64 rl; rl.rlim_cur = rl.rlim_max = nsjconf->rl_as; if (setrlimit64(RLIMIT_AS, &rl) == -1) { @@ -141,12 +141,12 @@ static bool containSetLimits(struct nsjconf_t* nsjconf) { return true; } -static bool containPassFd(struct nsjconf_t* nsjconf, int fd) { +static bool containPassFd(nsjconf_t* nsjconf, int fd) { return (std::find(nsjconf->openfds.begin(), nsjconf->openfds.end(), fd) != nsjconf->openfds.end()); } -static bool containMakeFdsCOENaive(struct nsjconf_t* nsjconf) { +static bool containMakeFdsCOENaive(nsjconf_t* nsjconf) { /* * Don't use getrlimit(RLIMIT_NOFILE) here, as it can return an artifically small value * (e.g. 32), which could be smaller than a maximum assigned number to file-descriptors @@ -173,7 +173,7 @@ static bool containMakeFdsCOENaive(struct nsjconf_t* nsjconf) { return true; } -static bool containMakeFdsCOEProc(struct nsjconf_t* nsjconf) { +static bool containMakeFdsCOEProc(nsjconf_t* nsjconf) { int dirfd = open("/proc/self/fd", O_DIRECTORY | O_RDONLY | O_CLOEXEC); if (dirfd == -1) { PLOG_D("open('/proc/self/fd', O_DIRECTORY|O_RDONLY|O_CLOEXEC)"); @@ -234,7 +234,7 @@ static bool containMakeFdsCOEProc(struct nsjconf_t* nsjconf) { return true; } -static bool containMakeFdsCOE(struct nsjconf_t* nsjconf) { +static bool containMakeFdsCOE(nsjconf_t* nsjconf) { if (containMakeFdsCOEProc(nsjconf)) { return true; } @@ -245,7 +245,7 @@ static bool containMakeFdsCOE(struct nsjconf_t* nsjconf) { return false; } -bool setupFD(struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err) { +bool setupFD(nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err) { if (nsjconf->mode != MODE_LISTEN_TCP) { if (nsjconf->is_silent == false) { return true; @@ -271,7 +271,7 @@ bool setupFD(struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err) { return true; } -bool containProc(struct nsjconf_t* nsjconf) { +bool containProc(nsjconf_t* nsjconf) { if (containUserNs(nsjconf) == false) { return false; } diff --git a/contain.h b/contain.h index 98dd77b..5ed750d 100644 --- a/contain.h +++ b/contain.h @@ -28,8 +28,8 @@ namespace contain { -bool setupFD(struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err); -bool containProc(struct nsjconf_t* nsjconf); +bool setupFD(nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err); +bool containProc(nsjconf_t* nsjconf); } // namespace contain diff --git a/cpu.cc b/cpu.cc index 1c0c97a..88224ca 100644 --- a/cpu.cc +++ b/cpu.cc @@ -49,7 +49,7 @@ static void setRandomCpu(cpu_set_t* mask, size_t mask_size, size_t cpu_num) { } } -bool initCpu(struct nsjconf_t* nsjconf) { +bool initCpu(nsjconf_t* nsjconf) { if (nsjconf->num_cpus < 0) { PLOG_W("sysconf(_SC_NPROCESSORS_ONLN) returned %ld", nsjconf->num_cpus); return false; diff --git a/cpu.h b/cpu.h index 49c0a04..d6346dc 100644 --- a/cpu.h +++ b/cpu.h @@ -28,7 +28,7 @@ namespace cpu { -bool initCpu(struct nsjconf_t* nsjconf); +bool initCpu(nsjconf_t* nsjconf); } // namespace cpu diff --git a/log.cc b/log.cc index e9a3715..15d118d 100644 --- a/log.cc +++ b/log.cc @@ -51,7 +51,7 @@ __attribute__((constructor)) static void log_init(void) { log_fd_isatty = isatty * Log to stderr by default. Use a dup()d fd, because in the future we'll associate the * connection socket with fd (0, 1, 2). */ -bool initLogFile(struct nsjconf_t* nsjconf) { +bool initLogFile(nsjconf_t* nsjconf) { /* Close previous log_fd */ if (log_fd > STDERR_FILENO) { close(log_fd); diff --git a/log.h b/log.h index 14b7e75..3db7526 100644 --- a/log.h +++ b/log.h @@ -45,7 +45,7 @@ namespace log { -bool initLogFile(struct nsjconf_t* nsjconf); +bool initLogFile(nsjconf_t* nsjconf); void logMsg(enum llevel_t ll, const char* fn, int ln, bool perr, const char* fmt, ...) __attribute__((format(printf, 5, 6))); void logStop(int sig); diff --git a/mnt.cc b/mnt.cc index 25389e8..5d331a7 100644 --- a/mnt.cc +++ b/mnt.cc @@ -118,7 +118,7 @@ static bool isDir(const char* path) { return false; } -static bool mountPt(struct mount_t* mpt, const char* newroot, const char* tmpdir) { +static bool mountPt(mount_t* mpt, const char* newroot, const char* tmpdir) { char dst[PATH_MAX]; snprintf(dst, sizeof(dst), "%s/%s", newroot, mpt->dst.c_str()); @@ -224,7 +224,7 @@ static bool mountPt(struct mount_t* mpt, const char* newroot, const char* tmpdir return true; } -static bool remountRO(const struct mount_t& mpt) { +static bool remountRO(const mount_t& mpt) { if (!mpt.mounted) { return true; } @@ -285,7 +285,7 @@ static bool mkdirAndTest(const char* dir) { return true; } -static bool getDir(struct nsjconf_t* nsjconf, char* dir, const char* name) { +static bool getDir(nsjconf_t* nsjconf, char* dir, const char* name) { snprintf(dir, PATH_MAX, "/run/user/%u/nsjail.%s", nsjconf->orig_uid, name); if (mkdirAndTest(dir)) { return true; @@ -314,7 +314,7 @@ static bool getDir(struct nsjconf_t* nsjconf, char* dir, const char* name) { return false; } -static bool initNsInternal(struct nsjconf_t* nsjconf) { +static bool initNsInternal(nsjconf_t* nsjconf) { /* * If CLONE_NEWNS is not used, we would be changing the global mount namespace, so simply * use --chroot in this case @@ -412,7 +412,7 @@ static bool initNsInternal(struct nsjconf_t* nsjconf) { * With mode MODE_STANDALONE_EXECVE it's required to mount /proc inside a new process, * as the current process is still in the original PID namespace (man pid_namespaces) */ -bool initNs(struct nsjconf_t* nsjconf) { +bool initNs(nsjconf_t* nsjconf) { if (nsjconf->mode != MODE_STANDALONE_EXECVE) { return initNsInternal(nsjconf); } @@ -435,7 +435,7 @@ bool initNs(struct nsjconf_t* nsjconf) { return false; } -static bool addMountPt(struct mount_t* mnt, const char* src, const char* dst, const char* fstype, +static bool addMountPt(mount_t* mnt, const char* src, const char* dst, const char* fstype, const char* options, uintptr_t flags, isDir_t isDir, bool mandatory, const char* src_env, const char* dst_env, const char* src_content, size_t src_content_len, bool is_symlink) { if (src_env) { @@ -503,10 +503,10 @@ static bool addMountPt(struct mount_t* mnt, const char* src, const char* dst, co return true; } -bool addMountPtHead(struct nsjconf_t* nsjconf, const char* src, const char* dst, const char* fstype, +bool addMountPtHead(nsjconf_t* nsjconf, const char* src, const char* dst, const char* fstype, const char* options, uintptr_t flags, isDir_t isDir, bool mandatory, const char* src_env, const char* dst_env, const char* src_content, size_t src_content_len, bool is_symlink) { - struct mount_t mnt; + mount_t mnt; if (!addMountPt(&mnt, src, dst, fstype, options, flags, isDir, mandatory, src_env, dst_env, src_content, src_content_len, is_symlink)) { return false; @@ -515,10 +515,10 @@ bool addMountPtHead(struct nsjconf_t* nsjconf, const char* src, const char* dst, return true; } -bool addMountPtTail(struct nsjconf_t* nsjconf, const char* src, const char* dst, const char* fstype, +bool addMountPtTail(nsjconf_t* nsjconf, const char* src, const char* dst, const char* fstype, const char* options, uintptr_t flags, isDir_t isDir, bool mandatory, const char* src_env, const char* dst_env, const char* src_content, size_t src_content_len, bool is_symlink) { - struct mount_t mnt; + mount_t mnt; if (!addMountPt(&mnt, src, dst, fstype, options, flags, isDir, mandatory, src_env, dst_env, src_content, src_content_len, is_symlink)) { return false; @@ -527,7 +527,7 @@ bool addMountPtTail(struct nsjconf_t* nsjconf, const char* src, const char* dst, return true; } -const char* describeMountPt(const struct mount_t& mpt) { +const char* describeMountPt(const mount_t& mpt) { static __thread char mount_pt_descr[4096]; snprintf(mount_pt_descr, sizeof(mount_pt_descr), diff --git a/mnt.h b/mnt.h index e51cefa..ad2b64b 100644 --- a/mnt.h +++ b/mnt.h @@ -36,14 +36,14 @@ typedef enum { } isDir_t; const char* flagsToStr(uintptr_t flags); -bool initNs(struct nsjconf_t* nsjconf); -bool addMountPtHead(struct nsjconf_t* nsjconf, const char* src, const char* dst, const char* fstype, +bool initNs(nsjconf_t* nsjconf); +bool addMountPtHead(nsjconf_t* nsjconf, const char* src, const char* dst, const char* fstype, const char* options, uintptr_t flags, isDir_t isDir, bool mandatory, const char* src_env, const char* dst_env, const char* src_content, size_t src_content_len, bool is_symlink); -bool addMountPtTail(struct nsjconf_t* nsjconf, const char* src, const char* dst, const char* fstype, +bool addMountPtTail(nsjconf_t* nsjconf, const char* src, const char* dst, const char* fstype, const char* options, uintptr_t flags, isDir_t isDir, bool mandatory, const char* src_env, const char* dst_env, const char* src_content, size_t src_content_len, bool is_symlink); -const char* describeMountPt(const struct mount_t& mpt); +const char* describeMountPt(const mount_t& mpt); } // namespace mnt diff --git a/net.cc b/net.cc index efd3afd..0bab6fd 100644 --- a/net.cc +++ b/net.cc @@ -51,7 +51,7 @@ namespace net { #if defined(NSJAIL_NL3_WITH_MACVLAN) #include #include -bool initNsFromParent(struct nsjconf_t* nsjconf, int pid) { +bool initNsFromParent(nsjconf_t* nsjconf, int pid) { if (nsjconf->clone_newnet == false) { return true; } @@ -118,7 +118,7 @@ bool initNsFromParent(struct nsjconf_t* nsjconf, int pid) { } #else // defined(NSJAIL_NL3_WITH_MACVLAN) -bool initNsFromParent(struct nsjconf_t* nsjconf, int pid) { +bool initNsFromParent(nsjconf_t* nsjconf, int pid) { if (nsjconf->clone_newnet == false) { return true; } @@ -153,7 +153,7 @@ static bool isSocket(int fd) { return true; } -bool limitConns(struct nsjconf_t* nsjconf, int connsock) { +bool limitConns(nsjconf_t* nsjconf, int connsock) { /* 0 means 'unlimited' */ if (nsjconf->max_conns_per_ip == 0) { return true; @@ -320,7 +320,7 @@ static bool ifaceUp(const char* ifacename) { return true; } -static bool netConfigureVs(struct nsjconf_t* nsjconf) { +static bool netConfigureVs(nsjconf_t* nsjconf) { struct ifreq ifr = {}; snprintf(ifr.ifr_name, IF_NAMESIZE, "%s", IFACE_NAME); struct in_addr addr; @@ -406,7 +406,7 @@ static bool netConfigureVs(struct nsjconf_t* nsjconf) { return true; } -bool initNsFromChild(struct nsjconf_t* nsjconf) { +bool initNsFromChild(nsjconf_t* nsjconf) { if (nsjconf->clone_newnet == false) { return true; } diff --git a/net.h b/net.h index e540adc..56500b7 100644 --- a/net.h +++ b/net.h @@ -29,12 +29,12 @@ namespace net { -bool limitConns(struct nsjconf_t* nsjconf, int connsock); +bool limitConns(nsjconf_t* nsjconf, int connsock); int getRecvSocket(const char* bindhost, int port); int acceptConn(int listenfd); void connToText(int fd, bool remote, char* buf, size_t s, struct sockaddr_in6* addr_or_null); -bool initNsFromParent(struct nsjconf_t* nsjconf, int pid); -bool initNsFromChild(struct nsjconf_t* nsjconf); +bool initNsFromParent(nsjconf_t* nsjconf, int pid); +bool initNsFromChild(nsjconf_t* nsjconf); } // namespace net diff --git a/nsjail.cc b/nsjail.cc index dd508fc..d4e6380 100644 --- a/nsjail.cc +++ b/nsjail.cc @@ -80,7 +80,7 @@ static bool nsjailSetSigHandlers(void) { return true; } -static bool nsjailSetTimer(struct nsjconf_t* nsjconf) { +static bool nsjailSetTimer(nsjconf_t* nsjconf) { if (nsjconf->mode == MODE_STANDALONE_EXECVE) { return true; } @@ -104,7 +104,7 @@ static bool nsjailSetTimer(struct nsjconf_t* nsjconf) { return true; } -static void nsjailListenMode(struct nsjconf_t* nsjconf) { +static void nsjailListenMode(nsjconf_t* nsjconf) { int listenfd = net::getRecvSocket(nsjconf->bindhost, nsjconf->port); if (listenfd == -1) { return; @@ -129,7 +129,7 @@ static void nsjailListenMode(struct nsjconf_t* nsjconf) { } } -static int nsjailStandaloneMode(struct nsjconf_t* nsjconf) { +static int nsjailStandaloneMode(nsjconf_t* nsjconf) { subproc::runChild(nsjconf, STDIN_FILENO, STDOUT_FILENO, STDERR_FILENO); for (;;) { int child_status = subproc::reapProc(nsjconf); @@ -157,7 +157,7 @@ static int nsjailStandaloneMode(struct nsjconf_t* nsjconf) { } int main(int argc, char* argv[]) { - std::unique_ptr nsjconf = cmdline::parseArgs(argc, argv); + std::unique_ptr nsjconf = cmdline::parseArgs(argc, argv); if (!nsjconf) { LOG_F("Couldn't parse cmdline options"); } diff --git a/pid.cc b/pid.cc index b087114..1769cd8 100644 --- a/pid.cc +++ b/pid.cc @@ -33,7 +33,7 @@ namespace pid { -bool initNs(struct nsjconf_t* nsjconf) { +bool initNs(nsjconf_t* nsjconf) { if (nsjconf->mode != MODE_STANDALONE_EXECVE) { return true; } diff --git a/pid.h b/pid.h index 125c303..d74cce4 100644 --- a/pid.h +++ b/pid.h @@ -28,7 +28,7 @@ namespace pid { -bool initNs(struct nsjconf_t* nsjconf); +bool initNs(nsjconf_t* nsjconf); } // namespace pid diff --git a/sandbox.cc b/sandbox.cc index b7eadb1..9eb6b60 100644 --- a/sandbox.cc +++ b/sandbox.cc @@ -37,7 +37,7 @@ namespace sandbox { #define PR_SET_NO_NEW_PRIVS 38 #endif /* PR_SET_NO_NEW_PRIVS */ -static bool prepareAndCommit(struct nsjconf_t* nsjconf) { +static bool prepareAndCommit(nsjconf_t* nsjconf) { if (nsjconf->kafel_file_path == NULL && nsjconf->kafel_string == NULL) { return true; } @@ -53,9 +53,9 @@ static bool prepareAndCommit(struct nsjconf_t* nsjconf) { return true; } -bool applyPolicy(struct nsjconf_t* nsjconf) { return prepareAndCommit(nsjconf); } +bool applyPolicy(nsjconf_t* nsjconf) { return prepareAndCommit(nsjconf); } -bool preparePolicy(struct nsjconf_t* nsjconf) { +bool preparePolicy(nsjconf_t* nsjconf) { if (nsjconf->kafel_file_path == NULL && nsjconf->kafel_string == NULL) { return true; } diff --git a/sandbox.h b/sandbox.h index d251658..ac754e9 100644 --- a/sandbox.h +++ b/sandbox.h @@ -28,8 +28,8 @@ namespace sandbox { -bool applyPolicy(struct nsjconf_t* nsjconf); -bool preparePolicy(struct nsjconf_t* nsjconf); +bool applyPolicy(nsjconf_t* nsjconf); +bool preparePolicy(nsjconf_t* nsjconf); } // namespace sandbox diff --git a/subproc.cc b/subproc.cc index 7be4a92..04f665a 100644 --- a/subproc.cc +++ b/subproc.cc @@ -129,8 +129,7 @@ static bool resetEnv(void) { static const char kSubprocDoneChar = 'D'; -static int subprocNewProc( - struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err, int pipefd) { +static int subprocNewProc(nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err, int pipefd) { if (contain::setupFD(nsjconf, fd_in, fd_out, fd_err) == false) { _exit(0xff); } @@ -195,8 +194,8 @@ static int subprocNewProc( _exit(0xff); } -static void addProc(struct nsjconf_t* nsjconf, pid_t pid, int sock) { - struct pids_t p; +static void addProc(nsjconf_t* nsjconf, pid_t pid, int sock) { + pids_t p; p.pid = pid; p.start = time(NULL); @@ -213,7 +212,7 @@ static void addProc(struct nsjconf_t* nsjconf, pid_t pid, int sock) { (unsigned int)p.start, p.remote_txt); } -static void removeProc(struct nsjconf_t* nsjconf, pid_t pid) { +static void removeProc(nsjconf_t* nsjconf, pid_t pid) { for (auto p = nsjconf->pids.begin(); p != nsjconf->pids.end(); ++p) { if (p->pid == pid) { LOG_D("Removing pid '%d' from the queue (IP:'%s', start time:'%s')", p->pid, @@ -226,9 +225,9 @@ static void removeProc(struct nsjconf_t* nsjconf, pid_t pid) { LOG_W("PID: %d not found (?)", pid); } -int countProc(struct nsjconf_t* nsjconf) { return nsjconf->pids.size(); } +int countProc(nsjconf_t* nsjconf) { return nsjconf->pids.size(); } -void displayProc(struct nsjconf_t* nsjconf) { +void displayProc(nsjconf_t* nsjconf) { LOG_I("Total number of spawned namespaces: %d", countProc(nsjconf)); time_t now = time(NULL); for (const auto& pid : nsjconf->pids) { @@ -239,7 +238,7 @@ void displayProc(struct nsjconf_t* nsjconf) { } } -static const struct pids_t* getPidElem(struct nsjconf_t* nsjconf, pid_t pid) { +static const pids_t* getPidElem(nsjconf_t* nsjconf, pid_t pid) { for (const auto& p : nsjconf->pids) { if (p.pid == pid) { return &p; @@ -248,10 +247,10 @@ static const struct pids_t* getPidElem(struct nsjconf_t* nsjconf, pid_t pid) { return NULL; } -static void seccompViolation(struct nsjconf_t* nsjconf, siginfo_t* si) { +static void seccompViolation(nsjconf_t* nsjconf, siginfo_t* si) { LOG_W("PID: %d commited a syscall/seccomp violation and exited with SIGSYS", si->si_pid); - const struct pids_t* p = getPidElem(nsjconf, si->si_pid); + const pids_t* p = getPidElem(nsjconf, si->si_pid); if (p == NULL) { LOG_W("PID:%d SiSyscall: %d, SiCode: %d, SiErrno: %d", (int)si->si_pid, si->si_syscall, si->si_code, si->si_errno); @@ -287,7 +286,7 @@ static void seccompViolation(struct nsjconf_t* nsjconf, siginfo_t* si) { } } -int reapProc(struct nsjconf_t* nsjconf) { +int reapProc(nsjconf_t* nsjconf) { int status; int rv = 0; siginfo_t si; @@ -308,7 +307,7 @@ int reapProc(struct nsjconf_t* nsjconf) { cgroup::finishFromParent(nsjconf, si.si_pid); const char* remote_txt = "[UNKNOWN]"; - const struct pids_t* elem = getPidElem(nsjconf, si.si_pid); + const pids_t* elem = getPidElem(nsjconf, si.si_pid); if (elem) { remote_txt = elem->remote_txt; } @@ -357,13 +356,13 @@ int reapProc(struct nsjconf_t* nsjconf) { return rv; } -void killAll(struct nsjconf_t* nsjconf) { +void killAll(nsjconf_t* nsjconf) { for (const auto& p : nsjconf->pids) { kill(p.pid, SIGKILL); } } -static bool initParent(struct nsjconf_t* nsjconf, pid_t pid, int pipefd) { +static bool initParent(nsjconf_t* nsjconf, pid_t pid, int pipefd) { if (net::initNsFromParent(nsjconf, pid) == false) { LOG_E("Couldn't create and put MACVTAP interface into NS of PID '%d'", pid); return false; @@ -384,7 +383,7 @@ static bool initParent(struct nsjconf_t* nsjconf, pid_t pid, int pipefd) { return true; } -void runChild(struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err) { +void runChild(nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err) { if (net::limitConns(nsjconf, fd_in) == false) { return; } diff --git a/subproc.h b/subproc.h index 287efee..8c8caaf 100644 --- a/subproc.h +++ b/subproc.h @@ -30,12 +30,12 @@ namespace subproc { -void runChild(struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err); -int countProc(struct nsjconf_t* nsjconf); -void displayProc(struct nsjconf_t* nsjconf); -void killAll(struct nsjconf_t* nsjconf); +void runChild(nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err); +int countProc(nsjconf_t* nsjconf); +void displayProc(nsjconf_t* nsjconf); +void killAll(nsjconf_t* nsjconf); /* Returns the exit code of the first failing subprocess, or 0 if none fail */ -int reapProc(struct nsjconf_t* nsjconf); +int reapProc(nsjconf_t* nsjconf); int systemExe(const char** argv, char** env); pid_t cloneProc(uintptr_t flags); diff --git a/user.cc b/user.cc index 9ff2bf1..e7e8d69 100644 --- a/user.cc +++ b/user.cc @@ -96,13 +96,13 @@ static bool setGroups(pid_t pid) { return true; } -static bool uidMapSelf(struct nsjconf_t* nsjconf, pid_t pid) { +static bool uidMapSelf(nsjconf_t* nsjconf, pid_t pid) { char fname[PATH_MAX]; snprintf(fname, sizeof(fname), "/proc/%d/uid_map", pid); char map[4096] = {[0] = '\0'}; - struct idmap_t* p; + idmap_t* p; for (const auto& uid : nsjconf->uids) { if (uid.is_newidmap) { continue; @@ -124,13 +124,13 @@ static bool uidMapSelf(struct nsjconf_t* nsjconf, pid_t pid) { return true; } -static bool gidMapSelf(struct nsjconf_t* nsjconf, pid_t pid) { +static bool gidMapSelf(nsjconf_t* nsjconf, pid_t pid) { char fname[PATH_MAX]; snprintf(fname, sizeof(fname), "/proc/%d/gid_map", pid); char map[4096] = {[0] = '\0'}; - struct idmap_t* p; + idmap_t* p; for (const auto& gid : nsjconf->gids) { if (gid.is_newidmap) { continue; @@ -153,7 +153,7 @@ static bool gidMapSelf(struct nsjconf_t* nsjconf, pid_t pid) { } /* Use /usr/bin/newgidmap for writing the gid map */ -static bool gidMapExternal(struct nsjconf_t* nsjconf, pid_t pid UNUSED) { +static bool gidMapExternal(nsjconf_t* nsjconf, pid_t pid UNUSED) { size_t idx = 0; const char* argv[1024]; @@ -165,7 +165,7 @@ static bool gidMapExternal(struct nsjconf_t* nsjconf, pid_t pid UNUSED) { argv[idx] = parms[idx]; idx++; - struct idmap_t* p; + idmap_t* p; bool use = false; for (const auto& gid : nsjconf->gids) { if (gid.is_newidmap == false) { @@ -205,7 +205,7 @@ static bool gidMapExternal(struct nsjconf_t* nsjconf, pid_t pid UNUSED) { } /* Use /usr/bin/newuidmap for writing the uid map */ -static bool uidMapExternal(struct nsjconf_t* nsjconf, pid_t pid UNUSED) { +static bool uidMapExternal(nsjconf_t* nsjconf, pid_t pid UNUSED) { size_t idx = 0; const char* argv[1024]; @@ -218,7 +218,7 @@ static bool uidMapExternal(struct nsjconf_t* nsjconf, pid_t pid UNUSED) { idx++; bool use = false; - struct idmap_t* p; + idmap_t* p; for (const auto& uid : nsjconf->uids) { if (uid.is_newidmap == false) { continue; @@ -256,7 +256,7 @@ static bool uidMapExternal(struct nsjconf_t* nsjconf, pid_t pid UNUSED) { return true; } -static bool uidGidMap(struct nsjconf_t* nsjconf, pid_t pid) { +static bool uidGidMap(nsjconf_t* nsjconf, pid_t pid) { if (!gidMapSelf(nsjconf, pid)) { return false; } @@ -272,7 +272,7 @@ static bool uidGidMap(struct nsjconf_t* nsjconf, pid_t pid) { return true; } -bool initNsFromParent(struct nsjconf_t* nsjconf, pid_t pid) { +bool initNsFromParent(nsjconf_t* nsjconf, pid_t pid) { if (setGroups(pid) == false) { return false; } @@ -285,7 +285,7 @@ bool initNsFromParent(struct nsjconf_t* nsjconf, pid_t pid) { return true; } -bool initNsFromChild(struct nsjconf_t* nsjconf) { +bool initNsFromChild(nsjconf_t* nsjconf) { /* * Best effort because of /proc/self/setgroups */ @@ -345,7 +345,7 @@ static gid_t parseGid(const char* id) { return (gid_t)-1; } -bool parseId(struct nsjconf_t* nsjconf, const char* i_id, const char* o_id, size_t cnt, bool is_gid, +bool parseId(nsjconf_t* nsjconf, const char* i_id, const char* o_id, size_t cnt, bool is_gid, bool is_newidmap) { uid_t inside_id; uid_t outside_id; @@ -374,7 +374,7 @@ bool parseId(struct nsjconf_t* nsjconf, const char* i_id, const char* o_id, size } } - struct idmap_t id; + idmap_t id; id.inside_id = inside_id; id.outside_id = outside_id; id.count = cnt; diff --git a/user.h b/user.h index 1170b40..4e82397 100644 --- a/user.h +++ b/user.h @@ -28,10 +28,10 @@ namespace user { -bool initNsFromParent(struct nsjconf_t* nsjconf, pid_t pid); -bool initNsFromChild(struct nsjconf_t* nsjconf); +bool initNsFromParent(nsjconf_t* nsjconf, pid_t pid); +bool initNsFromChild(nsjconf_t* nsjconf); -bool parseId(struct nsjconf_t* nsjconf, const char* i_id, const char* o_id, size_t cnt, bool is_gid, +bool parseId(nsjconf_t* nsjconf, const char* i_id, const char* o_id, size_t cnt, bool is_gid, bool is_newidmap); } // namespace user diff --git a/uts.cc b/uts.cc index 7fc7796..dea9759 100644 --- a/uts.cc +++ b/uts.cc @@ -28,7 +28,7 @@ namespace uts { -bool initNs(struct nsjconf_t* nsjconf) { +bool initNs(nsjconf_t* nsjconf) { if (nsjconf->clone_newuts == false) { return true; } diff --git a/uts.h b/uts.h index ba42327..04b294f 100644 --- a/uts.h +++ b/uts.h @@ -28,7 +28,7 @@ namespace uts { -bool initNs(struct nsjconf_t* nsjconf); +bool initNs(nsjconf_t* nsjconf); } // namespace uts