woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mnt: move mnt_t to std::string

Browse Source
This commit is contained in:
Robert Swiecki 2018-02-11 23:44:43 +01:00
parent e6cd9af2ec
commit 5a35f00e28
6 changed files with 110 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
cmdline.cc
View File

@ -242,7 +242,7 @@ void logParams(nsjconf_t* nsjconf) {
logYesNo(nsjconf->disable_no_new_privs), nsjconf->max_cpus); logYesNo(nsjconf->disable_no_new_privs), nsjconf->max_cpus);
for (const auto& p : nsjconf->mountpts) { for (const auto& p : nsjconf->mountpts) {
LOG_I("%s: %s", p.isSymlink ? "Symlink" : "Mount point", LOG_I("%s: %s", p.is_symlink ? "Symlink" : "Mount point",
mnt::describeMountPt(p).c_str()); mnt::describeMountPt(p).c_str());
} }
for (const auto& uid : nsjconf->uids) { for (const auto& uid : nsjconf->uids) {
@ -603,11 +603,11 @@ std::unique_ptr<nsjconf_t> parseArgs(int argc, char* argv[]) {
if (dst.empty()) { if (dst.empty()) {
dst = src; dst = src;
} }
if (!mnt::addMountPtTail(nsjconf.get(), src.c_str(), dst.c_str(), if (!mnt::addMountPtTail(nsjconf.get(), src, dst, /* fs_type= */ "",
/* fs_type= */ "", /* options= */ "", /* options= */ "", MS_BIND | MS_REC | MS_PRIVATE | MS_RDONLY,
MS_BIND | MS_REC | MS_PRIVATE | MS_RDONLY, /* is_dir= */ mnt::NS_DIR_MAYBE, /* is_mandatory= */ true,
/* isDir= */ mnt::NS_DIR_MAYBE, /* mandatory= */ true, NULL, NULL, /* src_env= */ "", /* dst_env= */ "", /* src_content= */ "",
NULL, 0, /* is_symlink= */ false)) { /* is_symlink= */ false)) {
return nullptr; return nullptr;
} }
}; break; }; break;
@ -617,18 +617,19 @@ std::unique_ptr<nsjconf_t> parseArgs(int argc, char* argv[]) {
if (dst.empty()) { if (dst.empty()) {
dst = src; dst = src;
} }
if (!mnt::addMountPtTail(nsjconf.get(), src.c_str(), dst.c_str(), if (!mnt::addMountPtTail(nsjconf.get(), src, dst, /* fs_type= */ "",
/* fs_type= */ "", /* options= */ "", MS_BIND | MS_REC | MS_PRIVATE, /* options= */ "", MS_BIND | MS_REC | MS_PRIVATE,
/* isDir= */ mnt::NS_DIR_MAYBE, /* mandatory= */ true, NULL, NULL, /* is_dir= */ mnt::NS_DIR_MAYBE, /* is_mandatory= */ true,
NULL, 0, /* is_symlink= */ false)) { /* src_env= */ "", /* dst_env= */ "", /* src_content= */ "",
/* is_symlink= */ false)) {
return nullptr; return nullptr;
} }
}; break; }; break;
case 'T': { case 'T': {
if (!mnt::addMountPtTail(nsjconf.get(), /* src= */ NULL, optarg, "tmpfs", if (!mnt::addMountPtTail(nsjconf.get(), /* src= */ "", optarg, "tmpfs",
/* options= */ cmdlineTmpfsSz, /* flags= */ 0, /* options= */ cmdlineTmpfsSz, /* flags= */ 0,
/* isDir= */ mnt::NS_DIR_YES, /* is_dir= */ mnt::NS_DIR_YES, /* is_mandatory= */ true,
/* mandatory= */ true, NULL, NULL, NULL, 0, /* src_env= */ "", /* dst_env= */ "", /* src_content= */ "",
/* is_symlink= */ false)) { /* is_symlink= */ false)) {
return nullptr; return nullptr;
} }
@ -641,11 +642,11 @@ std::unique_ptr<nsjconf_t> parseArgs(int argc, char* argv[]) {
} }
std::string fs_type = argByColon(optarg, 2); std::string fs_type = argByColon(optarg, 2);
std::string options = argByColon(optarg, 3); std::string options = argByColon(optarg, 3);
if (!mnt::addMountPtTail(nsjconf.get(), src.c_str(), dst.c_str(), if (!mnt::addMountPtTail(nsjconf.get(), src, dst, /* fs_type= */ fs_type,
/* fs_type= */ fs_type.c_str(), /* options= */ options.c_str(), /* options= */ options, /* flags= */ 0,
/* flags= */ 0, /* is_dir= */ mnt::NS_DIR_MAYBE, /* is_mandatory= */ true,
/* isDir= */ mnt::NS_DIR_MAYBE, /* mandatory= */ true, NULL, NULL, /* src_env= */ "", /* dst_env= */ "", /* src_content= */ "",
NULL, 0, /* is_symlink= */ false)) { /* is_symlink= */ false)) {
return nullptr; return nullptr;
} }
}; break; }; break;
@ -745,28 +746,28 @@ std::unique_ptr<nsjconf_t> parseArgs(int argc, char* argv[]) {
} }
if (!nsjconf->proc_path.empty()) { if (!nsjconf->proc_path.empty()) {
if (!mnt::addMountPtTail(nsjconf.get(), /* src= */ NULL, nsjconf->proc_path.c_str(), if (!mnt::addMountPtTail(nsjconf.get(), /* src= */ "", nsjconf->proc_path, "proc",
"proc", "", nsjconf->is_proc_rw ? 0 : MS_RDONLY, /* options= */ "", nsjconf->is_proc_rw ? 0 : MS_RDONLY,
/* isDir= */ mnt::NS_DIR_YES, /* is_dir= */ mnt::NS_DIR_YES, /* is_mandatory= */ true, /* src_env= */ "",
/* mandatory= */ true, NULL, NULL, NULL, 0, /* is_symlink= */ false)) { /* dst_env= */ "", /* src_content= */ "", /* is_symlink= */ false)) {
return nullptr; return nullptr;
} }
} }
if (!(nsjconf->chroot.empty())) { if (!(nsjconf->chroot.empty())) {
if (!mnt::addMountPtHead(nsjconf.get(), nsjconf->chroot.c_str(), "/", if (!mnt::addMountPtHead(nsjconf.get(), nsjconf->chroot, "/", /* fs_type= */ "",
/* fs_type= */ "",
/* options= */ "", /* options= */ "",
nsjconf->is_root_rw ? (MS_BIND | MS_REC | MS_PRIVATE) nsjconf->is_root_rw ? (MS_BIND | MS_REC | MS_PRIVATE)
: (MS_BIND | MS_REC | MS_PRIVATE | MS_RDONLY), : (MS_BIND | MS_REC | MS_PRIVATE | MS_RDONLY),
/* isDir= */ mnt::NS_DIR_YES, /* mandatory= */ true, NULL, NULL, NULL, 0, /* is_dir= */ mnt::NS_DIR_YES, /* is_mandatory= */ true, /* src_env= */ "",
/* is_symlink= */ false)) { /* dst_env= */ "", /* src_content= */ "", /* is_symlink= */ false)) {
return nullptr; return nullptr;
} }
} else { } else {
if (!mnt::addMountPtHead(nsjconf.get(), /* src= */ NULL, "/", "tmpfs", if (!mnt::addMountPtHead(nsjconf.get(), /* src= */ "", "/", "tmpfs",
/* options= */ "", nsjconf->is_root_rw ? 0 : MS_RDONLY, /* options= */ "", nsjconf->is_root_rw ? 0 : MS_RDONLY,
/* isDir= */ mnt::NS_DIR_YES, /* is_dir= */ mnt::NS_DIR_YES,
/* mandatory= */ true, NULL, NULL, NULL, 0, /* is_symlink= */ false)) { /* is_mandatory= */ true, /* src_env= */ "", /* dst_env= */ "",
/* src_content= */ "", /* is_symlink= */ false)) {
return nullptr; return nullptr;
} }
} }

41
config.cc
View File

@ -200,39 +200,28 @@ static bool configParseInternal(nsjconf_t* nsjconf, const nsjail::NsJailConfig&
nsjconf->proc_path.clear(); nsjconf->proc_path.clear();
} }
for (ssize_t i = 0; i < njc.mount_size(); i++) { for (ssize_t i = 0; i < njc.mount_size(); i++) {
const char* src = (njc.mount(i).has_src()) ? njc.mount(i).src().c_str() : NULL; std::string src = njc.mount(i).src();
const char* src_env = (njc.mount(i).has_prefix_src_env()) std::string src_env = njc.mount(i).prefix_src_env();
? njc.mount(i).prefix_src_env().c_str() std::string dst = njc.mount(i).dst();
: NULL; std::string dst_env = njc.mount(i).prefix_dst_env();
const char* dst = (njc.mount(i).has_dst()) ? njc.mount(i).dst().c_str() : NULL; std::string fstype = njc.mount(i).fstype();
const char* dst_env = (njc.mount(i).has_prefix_dst_env()) std::string options = njc.mount(i).options();
? njc.mount(i).prefix_dst_env().c_str()
: NULL;
const char* fstype =
(njc.mount(i).has_fstype()) ? njc.mount(i).fstype().c_str() : NULL;
const char* options =
(njc.mount(i).has_options()) ? njc.mount(i).options().c_str() : NULL;
uintptr_t flags = (njc.mount(i).rw() == false) ? MS_RDONLY : 0; uintptr_t flags = (njc.mount(i).rw() == false) ? MS_RDONLY : 0;
flags |= njc.mount(i).is_bind() ? (MS_BIND | MS_REC | MS_PRIVATE) : 0; flags |= njc.mount(i).is_bind() ? (MS_BIND | MS_REC | MS_PRIVATE) : 0;
bool mandatory = njc.mount(i).mandatory(); bool is_mandatory = njc.mount(i).mandatory();
bool is_symlink = njc.mount(i).is_symlink();
std::string src_content = njc.mount(i).src_content();
mnt::isDir_t isDir = mnt::NS_DIR_MAYBE; mnt::isDir_t is_dir = mnt::NS_DIR_MAYBE;
if (njc.mount(i).has_is_dir()) { if (njc.mount(i).has_is_dir()) {
isDir = njc.mount(i).is_dir() ? mnt::NS_DIR_YES : mnt::NS_DIR_NO; is_dir = njc.mount(i).is_dir() ? mnt::NS_DIR_YES : mnt::NS_DIR_NO;
} }
const char* src_content = NULL; if (!mnt::addMountPtTail(nsjconf, src, dst, fstype, options, flags, is_dir,
size_t src_content_len = 0; is_mandatory, src_env, dst_env, src_content, is_symlink)) {
if (njc.mount(i).has_src_content()) { LOG_E("Couldn't add mountpoint for src:'%s' dst:'%s'", src.c_str(),
src_content = njc.mount(i).src_content().data(); dst.c_str());
src_content_len = njc.mount(i).src_content().size();
}
if (mnt::addMountPtTail(nsjconf, src, dst, fstype, options, flags, isDir, mandatory,
src_env, dst_env, src_content, src_content_len,
njc.mount(i).is_symlink()) == false) {
LOG_E("Couldn't add mountpoint for src:'%s' dst:'%s'", src, dst);
return false; return false;
} }
} }

10
config.proto
View File

@ -27,15 +27,15 @@ message IdMap {
} }
message MountPt { message MountPt {
/* Can be skipped for filesystems like 'proc' */ /* Can be skipped for filesystems like 'proc' */
optional string src = 1; optional string src = 1 [default = ""];
/* Should 'src' path be prefixed with this envvar? */ /* Should 'src' path be prefixed with this envvar? */
optional string prefix_src_env = 2; optional string prefix_src_env = 2 [default = ""];
/* If specified, contains buffer that will be written to the dst file */ /* If specified, contains buffer that will be written to the dst file */
optional bytes src_content = 3; optional bytes src_content = 3 [default = ""];
/* Mount point inside jail */ /* Mount point inside jail */
required string dst = 4; required string dst = 4 [default = ""];
/* Should 'dst' path be prefixed with this envvar? */ /* Should 'dst' path be prefixed with this envvar? */
optional string prefix_dst_env = 5; optional string prefix_dst_env = 5 [default = ""];
/* Can be empty for mount --bind mounts */ /* Can be empty for mount --bind mounts */
optional string fstype = 6 [default = ""]; optional string fstype = 6 [default = ""];
/* E.g. size=5000000 for 'tmpfs' */ /* E.g. size=5000000 for 'tmpfs' */

98
mnt.cc
View File

@ -133,12 +133,12 @@ static bool mountPt(mount_t* mpt, const char* newroot, const char* tmpdir) {
snprintf(srcpath, sizeof(srcpath), "none"); snprintf(srcpath, sizeof(srcpath), "none");
} }
if (mpt->isSymlink) { if (mpt->is_symlink) {
if (!util::createDirRecursively(dst)) { if (!util::createDirRecursively(dst)) {
LOG_W("Couldn't create upper directories for '%s'", dst); LOG_W("Couldn't create upper directories for '%s'", dst);
return false; return false;
} }
} else if (mpt->isDir) { } else if (mpt->is_dir) {
if (!util::createDirRecursively(dst)) { if (!util::createDirRecursively(dst)) {
LOG_W("Couldn't create upper directories for '%s'", dst); LOG_W("Couldn't create upper directories for '%s'", dst);
return false; return false;
@ -159,10 +159,10 @@ static bool mountPt(mount_t* mpt, const char* newroot, const char* tmpdir) {
} }
} }
if (mpt->isSymlink) { if (mpt->is_symlink) {
LOG_D("symlink('%s', '%s')", srcpath, dst); LOG_D("symlink('%s', '%s')", srcpath, dst);
if (symlink(srcpath, dst) == -1) { if (symlink(srcpath, dst) == -1) {
if (mpt->mandatory) { if (mpt->is_mandatory) {
PLOG_W("symlink('%s', '%s')", srcpath, dst); PLOG_W("symlink('%s', '%s')", srcpath, dst);
return false; return false;
} else { } else {
@ -230,7 +230,7 @@ static bool remountRO(const mount_t& mpt) {
if (!mpt.mounted) { if (!mpt.mounted) {
return true; return true;
} }
if (mpt.isSymlink) { if (mpt.is_symlink) {
return true; return true;
} }
if ((mpt.flags & MS_RDONLY) == 0) { if ((mpt.flags & MS_RDONLY) == 0) {
@ -371,7 +371,7 @@ static bool initNsInternal(nsjconf_t* nsjconf) {
} }
for (auto& p : nsjconf->mountpts) { for (auto& p : nsjconf->mountpts) {
if (!mountPt(&p, destdir, tmpdir) && p.mandatory) { if (!mountPt(&p, destdir, tmpdir) && p.is_mandatory) {
return false; return false;
} }
} }
@ -402,7 +402,7 @@ static bool initNsInternal(nsjconf_t* nsjconf) {
} }
for (const auto& p : nsjconf->mountpts) { for (const auto& p : nsjconf->mountpts) {
if (!remountRO(p) && p.mandatory) { if (!remountRO(p) && p.is_mandatory) {
return false; return false;
} }
} }
@ -437,92 +437,84 @@ bool initNs(nsjconf_t* nsjconf) {
return false; return false;
} }
static bool addMountPt(mount_t* mnt, const char* src, const char* dst, const char* fstype, static bool addMountPt(mount_t* mnt, const std::string& src, const std::string& dst,
const char* options, uintptr_t flags, isDir_t isDir, bool mandatory, const char* src_env, const std::string& fstype, const std::string& options, uintptr_t flags, isDir_t is_dir,
const char* dst_env, const char* src_content, size_t src_content_len, bool is_symlink) { bool is_mandatory, const std::string& src_env, const std::string& dst_env,
if (src_env) { const std::string& src_content, bool is_symlink) {
const char* e = getenv(src_env); if (!src_env.empty()) {
const char* e = getenv(src_env.c_str());
if (e == NULL) { if (e == NULL) {
LOG_W("No such envvar:'%s'", src_env); LOG_W("No such envvar:'%s'", src_env.c_str());
return false; return false;
} }
mnt->src = e; mnt->src = e;
} }
if (src) {
mnt->src.append(src); mnt->src.append(src);
}
if (dst_env) { if (!dst_env.empty()) {
const char* e = getenv(dst_env); const char* e = getenv(dst_env.c_str());
if (e == NULL) { if (e == NULL) {
LOG_W("No such envvar:'%s'", dst_env); LOG_W("No such envvar:'%s'", dst_env.c_str());
return false; return false;
} }
mnt->dst = e; mnt->dst = e;
} }
if (dst) {
mnt->dst.append(dst); mnt->dst.append(dst);
}
if (fstype) {
mnt->fs_type = fstype; mnt->fs_type = fstype;
}
if (options) {
mnt->options = options; mnt->options = options;
}
if (src_content) {
mnt->src_content.assign(src_content, src_content_len);
}
mnt->flags = flags; mnt->flags = flags;
mnt->isDir = true; mnt->is_symlink = is_symlink;
mnt->isSymlink = is_symlink; mnt->is_mandatory = is_mandatory;
mnt->mandatory = mandatory;
mnt->mounted = false; mnt->mounted = false;
mnt->src_content = src_content;
switch (isDir) { switch (is_dir) {
case NS_DIR_YES: case NS_DIR_YES:
mnt->isDir = true; mnt->is_dir = true;
break; break;
case NS_DIR_NO: case NS_DIR_NO:
mnt->isDir = false; mnt->is_dir = false;
break; break;
case NS_DIR_MAYBE: { case NS_DIR_MAYBE: {
if (src_content) { if (!src_content.empty()) {
mnt->isDir = false; mnt->is_dir = false;
} else if (mnt->src.empty()) { } else if (mnt->src.empty()) {
mnt->isDir = true; mnt->is_dir = true;
} else if (mnt->flags & MS_BIND) { } else if (mnt->flags & MS_BIND) {
mnt->isDir = mnt::isDir(mnt->src.c_str()); mnt->is_dir = mnt::isDir(mnt->src.c_str());
} else { } else {
mnt->isDir = true; mnt->is_dir = true;
} }
} break; } break;
default: default:
LOG_F("Unknown isDir value: %d", isDir); LOG_E("Unknown is_dir value: %d", is_dir);
break; return false;
} }
return true; return true;
} }
bool addMountPtHead(nsjconf_t* nsjconf, const char* src, const char* dst, const char* fstype, bool addMountPtHead(nsjconf_t* nsjconf, const std::string& src, const std::string& dst,
const char* options, uintptr_t flags, isDir_t isDir, bool mandatory, const char* src_env, const std::string& fstype, const std::string& options, uintptr_t flags, isDir_t is_dir,
const char* dst_env, const char* src_content, size_t src_content_len, bool is_symlink) { bool is_mandatory, const std::string& src_env, const std::string& dst_env,
const std::string& src_content, bool is_symlink) {
mount_t mnt; mount_t mnt;
if (!addMountPt(&mnt, src, dst, fstype, options, flags, isDir, mandatory, src_env, dst_env, if (!addMountPt(&mnt, src, dst, fstype, options, flags, is_dir, is_mandatory, src_env,
src_content, src_content_len, is_symlink)) { dst_env, src_content, is_symlink)) {
return false; return false;
} }
nsjconf->mountpts.insert(nsjconf->mountpts.begin(), mnt); nsjconf->mountpts.insert(nsjconf->mountpts.begin(), mnt);
return true; return true;
} }
bool addMountPtTail(nsjconf_t* nsjconf, const char* src, const char* dst, const char* fstype, bool addMountPtTail(nsjconf_t* nsjconf, const std::string& src, const std::string& dst,
const char* options, uintptr_t flags, isDir_t isDir, bool mandatory, const char* src_env, const std::string& fstype, const std::string& options, uintptr_t flags, isDir_t is_dir,
const char* dst_env, const char* src_content, size_t src_content_len, bool is_symlink) { bool is_mandatory, const std::string& src_env, const std::string& dst_env,
const std::string& src_content, bool is_symlink) {
mount_t mnt; mount_t mnt;
if (!addMountPt(&mnt, src, dst, fstype, options, flags, isDir, mandatory, src_env, dst_env, if (!addMountPt(&mnt, src, dst, fstype, options, flags, is_dir, is_mandatory, src_env,
src_content, src_content_len, is_symlink)) { dst_env, src_content, is_symlink)) {
return false; return false;
} }
nsjconf->mountpts.push_back(mnt); nsjconf->mountpts.push_back(mnt);
@ -535,16 +527,16 @@ const std::string describeMountPt(const mount_t& mpt) {
snprintf(mount_pt_descr, sizeof(mount_pt_descr), snprintf(mount_pt_descr, sizeof(mount_pt_descr),
"src:'%s' dst:'%s' type:'%s' flags:%s options:'%s' isDir:%s", mpt.src.c_str(), "src:'%s' dst:'%s' type:'%s' flags:%s options:'%s' isDir:%s", mpt.src.c_str(),
mpt.dst.c_str(), mpt.fs_type.c_str(), flagsToStr(mpt.flags).c_str(), mpt.dst.c_str(), mpt.fs_type.c_str(), flagsToStr(mpt.flags).c_str(),
mpt.options.c_str(), mpt.isDir ? "true" : "false"); mpt.options.c_str(), mpt.is_dir ? "true" : "false");
if (!mpt.mandatory) { if (!mpt.is_mandatory) {
util::sSnPrintf(mount_pt_descr, sizeof(mount_pt_descr), " mandatory:false"); util::sSnPrintf(mount_pt_descr, sizeof(mount_pt_descr), " mandatory:false");
} }
if (!mpt.src_content.empty()) { if (!mpt.src_content.empty()) {
util::sSnPrintf(mount_pt_descr, sizeof(mount_pt_descr), " src_content_len:%zu", util::sSnPrintf(mount_pt_descr, sizeof(mount_pt_descr), " src_content_len:%zu",
mpt.src_content.length()); mpt.src_content.length());
} }
if (mpt.isSymlink) { if (mpt.is_symlink) {
util::sSnPrintf(mount_pt_descr, sizeof(mount_pt_descr), " symlink:true"); util::sSnPrintf(mount_pt_descr, sizeof(mount_pt_descr), " symlink:true");
} }

14
mnt.h
View File

@ -38,12 +38,14 @@ typedef enum {
} isDir_t; } isDir_t;
bool initNs(nsjconf_t* nsjconf); bool initNs(nsjconf_t* nsjconf);
bool addMountPtHead(nsjconf_t* nsjconf, const char* src, const char* dst, const char* fstype, bool addMountPtHead(nsjconf_t* nsjconf, const std::string& src, const std::string& dst,
const char* options, uintptr_t flags, isDir_t isDir, bool mandatory, const char* src_env, const std::string& fstype, const std::string& options, uintptr_t flags, isDir_t is_dir,
const char* dst_env, const char* src_content, size_t src_content_len, bool is_symlink); bool is_mandatory, const std::string& src_env, const std::string& dst_env,
bool addMountPtTail(nsjconf_t* nsjconf, const char* src, const char* dst, const char* fstype, const std::string& src_content, bool is_symlink);
const char* options, uintptr_t flags, isDir_t isDir, bool mandatory, const char* src_env, bool addMountPtTail(nsjconf_t* nsjconf, const std::string& src, const std::string& dst,
const char* dst_env, const char* src_content, size_t src_content_len, bool is_symlink); const std::string& fstype, const std::string& options, uintptr_t flags, isDir_t is_dir,
bool is_mandatory, const std::string& src_env, const std::string& dst_env,
const std::string& src_content, bool is_symlink);
const std::string describeMountPt(const mount_t& mpt); const std::string describeMountPt(const mount_t& mpt);
} // namespace mnt } // namespace mnt

6
nsjail.h
View File

@ -61,9 +61,9 @@ struct mount_t {
std::string fs_type; std::string fs_type;
std::string options; std::string options;
uintptr_t flags; uintptr_t flags;
bool isDir; bool is_dir;
bool isSymlink; bool is_symlink;
bool mandatory; bool is_mandatory;
bool mounted; bool mounted;
}; };