make indent depend
This commit is contained in:
parent
ac89fbb44f
commit
7b9178f5d7
@ -125,7 +125,8 @@ static bool initNsFromParentNetCls(nsjconf_t* nsjconf, pid_t pid) {
|
|||||||
|
|
||||||
char net_cls_cgroup_path[PATH_MAX];
|
char net_cls_cgroup_path[PATH_MAX];
|
||||||
snprintf(net_cls_cgroup_path, sizeof(net_cls_cgroup_path), "%s/%s/NSJAIL.%d",
|
snprintf(net_cls_cgroup_path, sizeof(net_cls_cgroup_path), "%s/%s/NSJAIL.%d",
|
||||||
nsjconf->cgroup_net_cls_mount.c_str(), nsjconf->cgroup_net_cls_parent.c_str(), (int)pid);
|
nsjconf->cgroup_net_cls_mount.c_str(), nsjconf->cgroup_net_cls_parent.c_str(),
|
||||||
|
(int)pid);
|
||||||
LOG_D("Create '%s' for PID=%d", net_cls_cgroup_path, (int)pid);
|
LOG_D("Create '%s' for PID=%d", net_cls_cgroup_path, (int)pid);
|
||||||
if (mkdir(net_cls_cgroup_path, 0700) == -1 && errno != EEXIST) {
|
if (mkdir(net_cls_cgroup_path, 0700) == -1 && errno != EEXIST) {
|
||||||
PLOG_E("mkdir('%s', 0700) failed", net_cls_cgroup_path);
|
PLOG_E("mkdir('%s', 0700) failed", net_cls_cgroup_path);
|
||||||
@ -267,7 +268,8 @@ void finishFromParentNetCls(nsjconf_t* nsjconf, pid_t pid) {
|
|||||||
}
|
}
|
||||||
char net_cls_cgroup_path[PATH_MAX];
|
char net_cls_cgroup_path[PATH_MAX];
|
||||||
snprintf(net_cls_cgroup_path, sizeof(net_cls_cgroup_path), "%s/%s/NSJAIL.%d",
|
snprintf(net_cls_cgroup_path, sizeof(net_cls_cgroup_path), "%s/%s/NSJAIL.%d",
|
||||||
nsjconf->cgroup_net_cls_mount.c_str(), nsjconf->cgroup_net_cls_parent.c_str(), (int)pid);
|
nsjconf->cgroup_net_cls_mount.c_str(), nsjconf->cgroup_net_cls_parent.c_str(),
|
||||||
|
(int)pid);
|
||||||
LOG_D("Remove '%s'", net_cls_cgroup_path);
|
LOG_D("Remove '%s'", net_cls_cgroup_path);
|
||||||
if (rmdir(net_cls_cgroup_path) == -1) {
|
if (rmdir(net_cls_cgroup_path) == -1) {
|
||||||
PLOG_W("rmdir('%s') failed", net_cls_cgroup_path);
|
PLOG_W("rmdir('%s') failed", net_cls_cgroup_path);
|
||||||
|
4
net.cc
4
net.cc
@ -135,7 +135,9 @@ bool initNsFromParent(nsjconf_t* nsjconf, int pid) {
|
|||||||
char pid_str[256];
|
char pid_str[256];
|
||||||
snprintf(pid_str, sizeof(pid_str), "%d", pid);
|
snprintf(pid_str, sizeof(pid_str), "%d", pid);
|
||||||
|
|
||||||
const std::vector<std::string> argv {"/sbin/ip", "link", "add", "link", (char*)nsjconf->iface_vs.c_str(), "name", IFACE_NAME, "netns", pid_str, "type", "macvlan", "mode", "bridge" };
|
const std::vector<std::string> argv{"/sbin/ip", "link", "add", "link",
|
||||||
|
(char*)nsjconf->iface_vs.c_str(), "name", IFACE_NAME, "netns", pid_str, "type",
|
||||||
|
"macvlan", "mode", "bridge"};
|
||||||
if (subproc::systemExe(argv, environ) != 0) {
|
if (subproc::systemExe(argv, environ) != 0) {
|
||||||
LOG_E("Couldn't create MACVTAP interface for '%s'", nsjconf->iface_vs.c_str());
|
LOG_E("Couldn't create MACVTAP interface for '%s'", nsjconf->iface_vs.c_str());
|
||||||
return false;
|
return false;
|
||||||
|
16
nsjail.h
16
nsjail.h
@ -127,17 +127,17 @@ struct nsjconf_t {
|
|||||||
std::string iface_vs_ip;
|
std::string iface_vs_ip;
|
||||||
std::string iface_vs_nm;
|
std::string iface_vs_nm;
|
||||||
std::string iface_vs_gw;
|
std::string iface_vs_gw;
|
||||||
std::string cgroup_mem_mount;
|
std::string cgroup_mem_mount;
|
||||||
std::string cgroup_mem_parent;
|
std::string cgroup_mem_parent;
|
||||||
size_t cgroup_mem_max;
|
size_t cgroup_mem_max;
|
||||||
std::string cgroup_pids_mount;
|
std::string cgroup_pids_mount;
|
||||||
std::string cgroup_pids_parent;
|
std::string cgroup_pids_parent;
|
||||||
unsigned int cgroup_pids_max;
|
unsigned int cgroup_pids_max;
|
||||||
std::string cgroup_net_cls_mount;
|
std::string cgroup_net_cls_mount;
|
||||||
std::string cgroup_net_cls_parent;
|
std::string cgroup_net_cls_parent;
|
||||||
unsigned int cgroup_net_cls_classid;
|
unsigned int cgroup_net_cls_classid;
|
||||||
std::string cgroup_cpu_mount;
|
std::string cgroup_cpu_mount;
|
||||||
std::string cgroup_cpu_parent;
|
std::string cgroup_cpu_parent;
|
||||||
unsigned int cgroup_cpu_ms_per_sec;
|
unsigned int cgroup_cpu_ms_per_sec;
|
||||||
std::string kafel_file_path;
|
std::string kafel_file_path;
|
||||||
std::string kafel_string;
|
std::string kafel_string;
|
||||||
|
@ -493,7 +493,7 @@ int systemExe(const std::vector<std::string>& args, char** env) {
|
|||||||
|
|
||||||
std::vector<const char*> argv;
|
std::vector<const char*> argv;
|
||||||
for (const auto& a : args) {
|
for (const auto& a : args) {
|
||||||
argv.push_back(a.c_str());
|
argv.push_back(a.c_str());
|
||||||
}
|
}
|
||||||
argv.push_back(nullptr);
|
argv.push_back(nullptr);
|
||||||
|
|
||||||
|
4
user.cc
4
user.cc
@ -156,7 +156,7 @@ static bool gidMapSelf(nsjconf_t* nsjconf, pid_t pid) {
|
|||||||
static bool gidMapExternal(nsjconf_t* nsjconf, pid_t pid UNUSED) {
|
static bool gidMapExternal(nsjconf_t* nsjconf, pid_t pid UNUSED) {
|
||||||
bool use = false;
|
bool use = false;
|
||||||
|
|
||||||
std::vector<std::string> argv = { "/usr/bin/newgidmap", std::to_string(pid) };
|
std::vector<std::string> argv = {"/usr/bin/newgidmap", std::to_string(pid)};
|
||||||
for (const auto& gid : nsjconf->gids) {
|
for (const auto& gid : nsjconf->gids) {
|
||||||
if (!gid.is_newidmap) {
|
if (!gid.is_newidmap) {
|
||||||
continue;
|
continue;
|
||||||
@ -182,7 +182,7 @@ static bool gidMapExternal(nsjconf_t* nsjconf, pid_t pid UNUSED) {
|
|||||||
static bool uidMapExternal(nsjconf_t* nsjconf, pid_t pid UNUSED) {
|
static bool uidMapExternal(nsjconf_t* nsjconf, pid_t pid UNUSED) {
|
||||||
bool use = false;
|
bool use = false;
|
||||||
|
|
||||||
std::vector<std::string> argv = { "/usr/bin/newuidmap", std::to_string(pid) };
|
std::vector<std::string> argv = {"/usr/bin/newuidmap", std::to_string(pid)};
|
||||||
for (const auto& uid : nsjconf->uids) {
|
for (const auto& uid : nsjconf->uids) {
|
||||||
if (!uid.is_newidmap) {
|
if (!uid.is_newidmap) {
|
||||||
continue;
|
continue;
|
||||||
|
Loading…
Reference in New Issue
Block a user