woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Set-up parent in a separate function

Browse Source
This commit is contained in:
Jagger 2016-02-28 23:23:24 +01:00
parent 3431578e3e
commit 8dad34ae4a
2 changed files with 22 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
net.c
View File

@ -92,7 +92,9 @@ bool netCloneMacVtapAndNS(struct nsjconf_t * nsjconf, int pid)
char pid_str[256]; char pid_str[256];
snprintf(pid_str, sizeof(pid_str), "%d", pid); snprintf(pid_str, sizeof(pid_str), "%d", pid);
char *const argv_netns[] = char *const argv_netns[] =
{ SBIN_IP_PATH, "link", "set", "dev", iface, "netns", pid_str, "name", "virt.ns", NULL }; { SBIN_IP_PATH, "link", "set", "dev", iface, "netns", pid_str, "name", "virt.ns",
NULL
};
if (netSystem(SBIN_IP_PATH, argv_netns) == false) { if (netSystem(SBIN_IP_PATH, argv_netns) == false) {
LOG_E("Couldn't put interface '%s' into NS of PID '%d'", iface, pid); LOG_E("Couldn't put interface '%s' into NS of PID '%d'", iface, pid);
return false; return false;

31
subproc.c
View File

@ -206,6 +206,24 @@ void subprocKillAll(struct nsjconf_t *nsjconf)
} }
} }
static bool subprocInitParent(struct nsjconf_t *nsjconf, pid_t pid, int pipefd)
{
if (netCloneMacVtapAndNS(nsjconf, pid) == false) {
LOG_E("Couldn't create and put MACVTAP interface into NS of PID '%d'", pid);
return false;
}
if (containInitUserNs(nsjconf, pid) == false) {
LOG_E("Couldn't initialize user namespaces for pid %d", pid);
return false;
}
if (utilWriteToFd(pipefd, &subprocDoneChar, sizeof(subprocDoneChar)) !=
sizeof(subprocDoneChar)) {
LOG_E("Couldn't signal the new process via a socketpair");
return false;
}
return true;
}
void subprocRunChild(struct nsjconf_t *nsjconf, int fd_in, int fd_out, int fd_err) void subprocRunChild(struct nsjconf_t *nsjconf, int fd_in, int fd_out, int fd_err)
{ {
if (netLimitConns(nsjconf, fd_in) == false) { if (netLimitConns(nsjconf, fd_in) == false) {
@ -260,18 +278,7 @@ void subprocRunChild(struct nsjconf_t *nsjconf, int fd_in, int fd_out, int fd_er
return; return;
} }
if (netCloneMacVtapAndNS(nsjconf, pid) == false) { if (subprocInitParent(nsjconf, pid, sv[1]) == false) {
LOG_E("Couldn't create and put MACVTAP interface into NS of PID '%d'", pid);
close(sv[1]);
return;
}
if (containInitUserNs(nsjconf, pid) == false) {
LOG_E("Couldn't initialize user namespaces for pid %d", pid);
close(sv[1]);
return;
}
if (utilWriteToFd(sv[1], &subprocDoneChar, sizeof(subprocDoneChar)) != sizeof(subprocDoneChar)) {
LOG_E("Couldn't signal the new process via a socketpair");
close(sv[1]); close(sv[1]);
return; return;
} }