Make tmpfs size configurable
This commit is contained in:
parent
d43c4975ae
commit
8841a08dd3
@ -109,8 +109,8 @@ Options:
|
||||
--log|-l [val]
|
||||
Log file (default: stderr)
|
||||
--time_limit|-t [val]
|
||||
Maximum time that a jail can exist, in seconds (default: 600)
|
||||
--daemon|-d
|
||||
Daemonize after start? (default: false)
|
||||
--verbose|-v
|
||||
Verbose output (default: false)
|
||||
--keep_env|-e
|
||||
@ -167,4 +167,6 @@ Options:
|
||||
List of mountpoints to be mounted as RW/tmpfs inside the container. Can be specified multiple times. Supports 'dest' syntax. (default: none)
|
||||
--iface|-I [val]
|
||||
Interface which will be cloned (MACVTAP) and put inside the subprocess' namespace
|
||||
--tmpfs_size [val]
|
||||
Number of bytes to allocate for tmpfsmounts in bytes (default: 4194304)
|
||||
```
|
||||
|
11
cmdline.c
11
cmdline.c
@ -86,13 +86,15 @@ void cmdlineLogParams(struct nsjconf_t *nsjconf)
|
||||
("Jail parameters: hostname:'%s', chroot:'%s', process:'%s', port:%d, "
|
||||
"max_conns_per_ip:%u, uid:%u, gid:%u, time_limit:%ld, personality:%#lx, daemonize:%s, "
|
||||
"clone_newnet:%s, clone_newuser:%s, clone_newns:%s, clone_newpid:%s, "
|
||||
"clone_newipc:%s, clonew_newuts:%s, apply_sandbox:%s, keep_caps:%s",
|
||||
"clone_newipc:%s, clonew_newuts:%s, apply_sandbox:%s, keep_caps:%s, "
|
||||
"tmpfs_size:%u",
|
||||
nsjconf->hostname, nsjconf->chroot, nsjconf->argv[0], nsjconf->port,
|
||||
nsjconf->max_conns_per_ip, nsjconf->uid, nsjconf->gid, nsjconf->tlimit,
|
||||
nsjconf->personality, logYesNo(nsjconf->daemonize), logYesNo(nsjconf->clone_newnet),
|
||||
logYesNo(nsjconf->clone_newuser), logYesNo(nsjconf->clone_newns),
|
||||
logYesNo(nsjconf->clone_newpid), logYesNo(nsjconf->clone_newipc),
|
||||
logYesNo(nsjconf->clone_newuts), logYesNo(nsjconf->apply_sandbox), logYesNo(nsjconf->keep_caps));
|
||||
logYesNo(nsjconf->clone_newuts), logYesNo(nsjconf->apply_sandbox),
|
||||
logYesNo(nsjconf->keep_caps), nsjconf->tmpfs_size);
|
||||
|
||||
struct constchar_t *p;
|
||||
LIST_FOREACH(p, &nsjconf->robindmountpts, pointers) {
|
||||
@ -180,6 +182,7 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf)
|
||||
.initial_uid = getuid(),
|
||||
.initial_gid = getgid(),
|
||||
.max_conns_per_ip = 0,
|
||||
.tmpfs_size = 4*1024*1024,
|
||||
};
|
||||
/* *INDENT-OFF* */
|
||||
|
||||
@ -236,6 +239,7 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf)
|
||||
{{"bindmount", required_argument, NULL, 'B'}, "List of mountpoints to be mounted --bind (rw) inside the container. Can be specified multiple times. Supports 'source' syntax, or 'source:dest'. (default: none)"},
|
||||
{{"tmpfsmount", required_argument, NULL, 'T'}, "List of mountpoints to be mounted as RW/tmpfs inside the container. Can be specified multiple times. Supports 'dest' syntax. (default: none)"},
|
||||
{{"iface", required_argument, NULL, 'I'}, "Interface which will be cloned (MACVTAP) and put inside the subprocess' namespace"},
|
||||
{{"tmpfs_size", required_argument, NULL, 0x0506}, "Number of bytes to allocate for tmpfsmounts in bytes (default: 4194304)"},
|
||||
{{0, 0, 0, 0}, NULL},
|
||||
};
|
||||
/* *INDENT-ON* */
|
||||
@ -264,6 +268,9 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf)
|
||||
case 'i':
|
||||
nsjconf->max_conns_per_ip = strtoul(optarg, NULL, 0);
|
||||
break;
|
||||
case 0x0506:
|
||||
nsjconf->tmpfs_size = strtoul(optarg, NULL, 0);
|
||||
break;
|
||||
case 'u':
|
||||
user = optarg;
|
||||
break;
|
||||
|
1
common.h
1
common.h
@ -83,6 +83,7 @@ struct nsjconf_t {
|
||||
uid_t initial_uid;
|
||||
gid_t initial_gid;
|
||||
unsigned int max_conns_per_ip;
|
||||
unsigned int tmpfs_size;
|
||||
LIST_HEAD(pidslist, pids_t) pids;
|
||||
LIST_HEAD(rwbindmountptslist, constchar_t) rwbindmountpts;
|
||||
LIST_HEAD(robindmountptslist, constchar_t) robindmountpts;
|
||||
|
@ -297,6 +297,8 @@ bool containMountFS(struct nsjconf_t * nsjconf)
|
||||
/* It only makes sense with "--chroot /", so don't worry about errors */
|
||||
umount2(destdir, MNT_DETACH);
|
||||
|
||||
char tmpfs_size[11+5];
|
||||
snprintf(tmpfs_size, sizeof(tmpfs_size), "size=%u", nsjconf->tmpfs_size);
|
||||
LIST_FOREACH(p, &nsjconf->tmpfsmountpts, pointers) {
|
||||
if (strchr(p->value, ':') != NULL) {
|
||||
PLOG_E("invalid tmpfs mount spec. source:dest format unsupported.");
|
||||
@ -308,7 +310,7 @@ bool containMountFS(struct nsjconf_t * nsjconf)
|
||||
return false;
|
||||
}
|
||||
LOG_D("Mounting (tmpfs) '%s'", p->value);
|
||||
if (mount(NULL, p->value, "tmpfs", 0, "size=4194304") == -1) {
|
||||
if (mount(NULL, p->value, "tmpfs", 0, tmpfs_size) == -1) {
|
||||
PLOG_E("mount('%s', 'tmpfs')", p->value);
|
||||
return false;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user