From 63eb13ecde3493b33008444ce90c6ad6e8e5f6d0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 9 Feb 2018 22:47:00 +0100 Subject: [PATCH] nsjail: move openfd from queue to vector --- cmdline.cc | 25 +++++++------------------ config.cc | 5 +---- contain.cc | 11 ++++------- nsjail.h | 3 +-- 4 files changed, 13 insertions(+), 31 deletions(-) diff --git a/cmdline.cc b/cmdline.cc index 91bb87e..661dcbe 100644 --- a/cmdline.cc +++ b/cmdline.cc @@ -386,26 +386,18 @@ std::unique_ptr parseArgs(int argc, char* argv[]) { nsjconf->orig_uid = getuid(); nsjconf->num_cpus = sysconf(_SC_NPROCESSORS_ONLN); + nsjconf->openfds.push_back(STDIN_FILENO); + nsjconf->openfds.push_back(STDOUT_FILENO); + nsjconf->openfds.push_back(STDERR_FILENO); + TAILQ_INIT(&nsjconf->pids); TAILQ_INIT(&nsjconf->mountpts); - TAILQ_INIT(&nsjconf->open_fds); TAILQ_INIT(&nsjconf->envs); TAILQ_INIT(&nsjconf->uids); TAILQ_INIT(&nsjconf->gids); static char cmdlineTmpfsSz[PATH_MAX] = "size=4194304"; - struct ints_t* f; - f = reinterpret_cast(util::memAlloc(sizeof(struct ints_t))); - f->val = STDIN_FILENO; - TAILQ_INSERT_HEAD(&nsjconf->open_fds, f, pointers); - f = reinterpret_cast(util::memAlloc(sizeof(struct ints_t))); - f->val = STDOUT_FILENO; - TAILQ_INSERT_HEAD(&nsjconf->open_fds, f, pointers); - f = reinterpret_cast(util::memAlloc(sizeof(struct ints_t))); - f->val = STDERR_FILENO; - TAILQ_INSERT_HEAD(&nsjconf->open_fds, f, pointers); - // Generate options array for getopt_long. size_t options_length = ARRAYSIZE(custom_opts) + ARRAYSIZE(deprecated_opts) + 1; struct option opts[options_length]; @@ -566,12 +558,9 @@ std::unique_ptr parseArgs(int argc, char* argv[]) { case 0x0504: nsjconf->skip_setsid = true; break; - case 0x0505: { - struct ints_t* f; - f = reinterpret_cast(util::memAlloc(sizeof(struct ints_t))); - f->val = (int)strtol(optarg, NULL, 0); - TAILQ_INSERT_HEAD(&nsjconf->open_fds, f, pointers); - } break; + case 0x0505: + nsjconf->openfds.push_back((int)strtol(optarg, NULL, 0)); + break; case 0x0507: nsjconf->disable_no_new_privs = true; break; diff --git a/config.cc b/config.cc index 87dbc1c..32c818e 100644 --- a/config.cc +++ b/config.cc @@ -150,10 +150,7 @@ static bool configParseInternal(struct nsjconf_t* nsjconf, const nsjail::NsJailC nsjconf->skip_setsid = njc.skip_setsid(); for (ssize_t i = 0; i < njc.pass_fd_size(); i++) { - struct ints_t* f = - reinterpret_cast(util::memAlloc(sizeof(struct ints_t))); - f->val = njc.pass_fd(i); - TAILQ_INSERT_HEAD(&nsjconf->open_fds, f, pointers); + nsjconf->openfds.push_back(i); } nsjconf->disable_no_new_privs = njc.disable_no_new_privs(); diff --git a/contain.cc b/contain.cc index 9f36bb7..e0eb293 100644 --- a/contain.cc +++ b/contain.cc @@ -37,6 +37,8 @@ #include #include +#include + #include "caps.h" #include "cgroup.h" #include "cpu.h" @@ -141,13 +143,8 @@ static bool containSetLimits(struct nsjconf_t* nsjconf) { } static bool containPassFd(struct nsjconf_t* nsjconf, int fd) { - struct ints_t* p; - TAILQ_FOREACH(p, &nsjconf->open_fds, pointers) { - if (p->val == fd) { - return true; - } - } - return false; + return (std::find(nsjconf->openfds.begin(), nsjconf->openfds.end(), fd) != + nsjconf->openfds.end()); } static bool containMakeFdsCOENaive(struct nsjconf_t* nsjconf) { diff --git a/nsjail.h b/nsjail.h index 7412136..52c30d4 100644 --- a/nsjail.h +++ b/nsjail.h @@ -194,8 +194,7 @@ struct nsjconf_t { pids; TAILQ_HEAD(mountptslist, mounts_t) mountpts; - TAILQ_HEAD(fdslistt, ints_t) - open_fds; + std::vector openfds; std::vector caps; };