nsjail: move openfd from queue to vector
This commit is contained in:
Robert Swiecki
parent
d1d310e70f
commit
63eb13ecde
25
cmdline.cc
25
cmdline.cc
@ -386,26 +386,18 @@ std::unique_ptr<struct nsjconf_t> parseArgs(int argc, char* argv[]) {
|
||||
nsjconf->orig_uid = getuid();
|
||||
nsjconf->num_cpus = sysconf(_SC_NPROCESSORS_ONLN);
|
||||
|
||||
nsjconf->openfds.push_back(STDIN_FILENO);
|
||||
nsjconf->openfds.push_back(STDOUT_FILENO);
|
||||
nsjconf->openfds.push_back(STDERR_FILENO);
|
||||
|
||||
TAILQ_INIT(&nsjconf->pids);
|
||||
TAILQ_INIT(&nsjconf->mountpts);
|
||||
TAILQ_INIT(&nsjconf->open_fds);
|
||||
TAILQ_INIT(&nsjconf->envs);
|
||||
TAILQ_INIT(&nsjconf->uids);
|
||||
TAILQ_INIT(&nsjconf->gids);
|
||||
|
||||
static char cmdlineTmpfsSz[PATH_MAX] = "size=4194304";
|
||||
|
||||
struct ints_t* f;
|
||||
f = reinterpret_cast<struct ints_t*>(util::memAlloc(sizeof(struct ints_t)));
|
||||
f->val = STDIN_FILENO;
|
||||
TAILQ_INSERT_HEAD(&nsjconf->open_fds, f, pointers);
|
||||
f = reinterpret_cast<struct ints_t*>(util::memAlloc(sizeof(struct ints_t)));
|
||||
f->val = STDOUT_FILENO;
|
||||
TAILQ_INSERT_HEAD(&nsjconf->open_fds, f, pointers);
|
||||
f = reinterpret_cast<struct ints_t*>(util::memAlloc(sizeof(struct ints_t)));
|
||||
f->val = STDERR_FILENO;
|
||||
TAILQ_INSERT_HEAD(&nsjconf->open_fds, f, pointers);
|
||||
|
||||
// Generate options array for getopt_long.
|
||||
size_t options_length = ARRAYSIZE(custom_opts) + ARRAYSIZE(deprecated_opts) + 1;
|
||||
struct option opts[options_length];
|
||||
@ -566,12 +558,9 @@ std::unique_ptr<struct nsjconf_t> parseArgs(int argc, char* argv[]) {
|
||||
case 0x0504:
|
||||
nsjconf->skip_setsid = true;
|
||||
break;
|
||||
case 0x0505: {
|
||||
struct ints_t* f;
|
||||
f = reinterpret_cast<struct ints_t*>(util::memAlloc(sizeof(struct ints_t)));
|
||||
f->val = (int)strtol(optarg, NULL, 0);
|
||||
TAILQ_INSERT_HEAD(&nsjconf->open_fds, f, pointers);
|
||||
} break;
|
||||
case 0x0505:
|
||||
nsjconf->openfds.push_back((int)strtol(optarg, NULL, 0));
|
||||
break;
|
||||
case 0x0507:
|
||||
nsjconf->disable_no_new_privs = true;
|
||||
break;
|
||||
|
||||
@ -150,10 +150,7 @@ static bool configParseInternal(struct nsjconf_t* nsjconf, const nsjail::NsJailC
|
||||
nsjconf->skip_setsid = njc.skip_setsid();
|
||||
|
||||
for (ssize_t i = 0; i < njc.pass_fd_size(); i++) {
|
||||
struct ints_t* f =
|
||||
reinterpret_cast<struct ints_t*>(util::memAlloc(sizeof(struct ints_t)));
|
||||
f->val = njc.pass_fd(i);
|
||||
TAILQ_INSERT_HEAD(&nsjconf->open_fds, f, pointers);
|
||||
nsjconf->openfds.push_back(i);
|
||||
}
|
||||
|
||||
nsjconf->disable_no_new_privs = njc.disable_no_new_privs();
|
||||
|
||||
11
contain.cc
11
contain.cc
@ -37,6 +37,8 @@
|
||||
#include <sys/resource.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <algorithm>
|
||||
|
||||
#include "caps.h"
|
||||
#include "cgroup.h"
|
||||
#include "cpu.h"
|
||||
@ -141,13 +143,8 @@ static bool containSetLimits(struct nsjconf_t* nsjconf) {
|
||||
}
|
||||
|
||||
static bool containPassFd(struct nsjconf_t* nsjconf, int fd) {
|
||||
struct ints_t* p;
|
||||
TAILQ_FOREACH(p, &nsjconf->open_fds, pointers) {
|
||||
if (p->val == fd) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
return (std::find(nsjconf->openfds.begin(), nsjconf->openfds.end(), fd) !=
|
||||
nsjconf->openfds.end());
|
||||
}
|
||||
|
||||
static bool containMakeFdsCOENaive(struct nsjconf_t* nsjconf) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user