nsjail: move openfd from queue to vector

2018-02-09 22:47:00 +01:00 · 2018-02-09 22:47:00 +01:00 · 63eb13ecde
commit 63eb13ecde
parent d1d310e70f
4 changed files with 13 additions and 31 deletions
--- a/cmdline.cc
+++ b/cmdline.cc
@ -386,26 +386,18 @@ std::unique_ptr<struct nsjconf_t> parseArgs(int argc, char* argv[]) {
 	nsjconf->orig_uid = getuid();
 	nsjconf->num_cpus = sysconf(_SC_NPROCESSORS_ONLN);
 	nsjconf->openfds.push_back(STDIN_FILENO);
 	nsjconf->openfds.push_back(STDOUT_FILENO);
 	nsjconf->openfds.push_back(STDERR_FILENO);
 	TAILQ_INIT(&nsjconf->pids);
 	TAILQ_INIT(&nsjconf->mountpts);
 	TAILQ_INIT(&nsjconf->open_fds);
 	TAILQ_INIT(&nsjconf->envs);
 	TAILQ_INIT(&nsjconf->uids);
 	TAILQ_INIT(&nsjconf->gids);
 	static char cmdlineTmpfsSz[PATH_MAX] = "size=4194304";
 	struct ints_t* f;
 	f = reinterpret_cast<struct ints_t*>(util::memAlloc(sizeof(struct ints_t)));
 	f->val = STDIN_FILENO;
 	TAILQ_INSERT_HEAD(&nsjconf->open_fds, f, pointers);
 	f = reinterpret_cast<struct ints_t*>(util::memAlloc(sizeof(struct ints_t)));
 	f->val = STDOUT_FILENO;
 	TAILQ_INSERT_HEAD(&nsjconf->open_fds, f, pointers);
 	f = reinterpret_cast<struct ints_t*>(util::memAlloc(sizeof(struct ints_t)));
 	f->val = STDERR_FILENO;
 	TAILQ_INSERT_HEAD(&nsjconf->open_fds, f, pointers);
 	// Generate options array for getopt_long.
 	size_t options_length = ARRAYSIZE(custom_opts) + ARRAYSIZE(deprecated_opts) + 1;
 	struct option opts[options_length];
@ -566,12 +558,9 @@ std::unique_ptr<struct nsjconf_t> parseArgs(int argc, char* argv[]) {
 		case 0x0504:
 			nsjconf->skip_setsid = true;
 			break;
-		case 0x0505: {
+		case 0x0505:
-			struct ints_t* f;
+			nsjconf->openfds.push_back((int)strtol(optarg, NULL, 0));
-			f = reinterpret_cast<struct ints_t*>(util::memAlloc(sizeof(struct ints_t)));
+			break;
 			f->val = (int)strtol(optarg, NULL, 0);
 			TAILQ_INSERT_HEAD(&nsjconf->open_fds, f, pointers);
 		} break;
 		case 0x0507:
 			nsjconf->disable_no_new_privs = true;
 			break;
--- a/config.cc
+++ b/config.cc
@ -150,10 +150,7 @@ static bool configParseInternal(struct nsjconf_t* nsjconf, const nsjail::NsJailC
 	nsjconf->skip_setsid = njc.skip_setsid();
 	for (ssize_t i = 0; i < njc.pass_fd_size(); i++) {
-		struct ints_t* f =
+		nsjconf->openfds.push_back(i);
 		    reinterpret_cast<struct ints_t*>(util::memAlloc(sizeof(struct ints_t)));
 		f->val = njc.pass_fd(i);
 		TAILQ_INSERT_HEAD(&nsjconf->open_fds, f, pointers);
 	}
 	nsjconf->disable_no_new_privs = njc.disable_no_new_privs();
--- a/contain.cc
+++ b/contain.cc
@ -37,6 +37,8 @@
 #include <sys/resource.h>
 #include <unistd.h>
 #include <algorithm>
 #include "caps.h"
 #include "cgroup.h"
 #include "cpu.h"
@ -141,13 +143,8 @@ static bool containSetLimits(struct nsjconf_t* nsjconf) {
 }
 static bool containPassFd(struct nsjconf_t* nsjconf, int fd) {
-	struct ints_t* p;
+	return (std::find(nsjconf->openfds.begin(), nsjconf->openfds.end(), fd) !=
-	TAILQ_FOREACH(p, &nsjconf->open_fds, pointers) {
+		nsjconf->openfds.end());
 		if (p->val == fd) {
 			return true;
 		}
 	}
 	return false;
 }
 static bool containMakeFdsCOENaive(struct nsjconf_t* nsjconf) {
--- a/nsjail.h
+++ b/nsjail.h
@ -194,8 +194,7 @@ struct nsjconf_t {
 	pids;
 	TAILQ_HEAD(mountptslist, mounts_t)
 	mountpts;
-	TAILQ_HEAD(fdslistt, ints_t)
+	std::vector<int> openfds;
 	open_fds;
 	std::vector<int> caps;
 };