From 92939c754e097d11571e8413e1310b00c8828341 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 26 May 2017 05:12:01 +0200 Subject: [PATCH] config: more options in the config #3 --- cmdline.c | 6 +++--- common.h | 1 + config.c | 5 +++++ config.example | 3 +++ config.pb-c.c | 56 ++++++++++++++++++++++++++++++++++++++++++++------ config.pb-c.h | 6 +++++- config.proto | 13 +++++++----- 7 files changed, 75 insertions(+), 15 deletions(-) diff --git a/cmdline.c b/cmdline.c index 1fd9523..8d08d34 100644 --- a/cmdline.c +++ b/cmdline.c @@ -415,6 +415,7 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf) .argv = NULL, .port = 0, .bindhost = "::", + .logfile = NULL, .daemonize = false, .tlimit = 0, .pivot_root_only = false, @@ -468,7 +469,6 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf) TAILQ_INIT(&nsjconf->uid_mappings); TAILQ_INIT(&nsjconf->gid_mappings); - const char *logfile = NULL; static char cmdlineTmpfsSz[PATH_MAX] = "size=4194304"; struct fds_t *f; @@ -539,7 +539,7 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf) } break; case 'l': - logfile = optarg; + nsjconf->logfile = optarg; break; case 'd': nsjconf->daemonize = true; @@ -822,7 +822,7 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf) TAILQ_INSERT_HEAD(&nsjconf->gids, p, pointers); } - if (logInitLogFile(nsjconf, logfile, log_level) == false) { + if (logInitLogFile(nsjconf, nsjconf->logfile, log_level) == false) { return false; } diff --git a/common.h b/common.h index 2045169..ff791a1 100644 --- a/common.h +++ b/common.h @@ -110,6 +110,7 @@ struct nsjconf_t { char *const *argv; int port; const char *bindhost; + const char *logfile; bool daemonize; time_t tlimit; bool pivot_root_only; diff --git a/config.c b/config.c index 0b55108..701c1bc 100644 --- a/config.c +++ b/config.c @@ -63,6 +63,11 @@ static bool configParseInternal(struct nsjconf_t *nsjconf, Nsjail__NsJailConfig nsjconf->cwd = utilStrDupLen((char *)njc->cwd.data, njc->cwd.len); nsjconf->bindhost = utilStrDupLen((char *)njc->bindhost.data, njc->bindhost.len); nsjconf->max_conns_per_ip = njc->max_conns_per_ip; + if (njc->has_log) { + nsjconf->logfile = utilStrDupLen((char *)njc->log.data, njc->log.len); + } + nsjconf->tlimit = njc->time_limit; + nsjconf->daemonize = njc->daemon; return true; } diff --git a/config.example b/config.example index 86fc3e8..144c129 100644 --- a/config.example +++ b/config.example @@ -5,3 +5,6 @@ hostname: "TEST-NS" cwd: "/lib" bindhost: "::1" max_conns_per_ip: 10 +log: "/proc/self/fd/2" +time_limit: 100 +daemon: false diff --git a/config.pb-c.c b/config.pb-c.c index c9ca49b..d828b76 100644 --- a/config.pb-c.c +++ b/config.pb-c.c @@ -7,17 +7,20 @@ #endif #include "config.pb-c.h" -void nsjail__ns_jail_config__init(Nsjail__NsJailConfig * message) { +void nsjail__ns_jail_config__init(Nsjail__NsJailConfig * message) +{ static Nsjail__NsJailConfig init_value = NSJAIL__NS_JAIL_CONFIG__INIT; *message = init_value; } -size_t nsjail__ns_jail_config__get_packed_size(const Nsjail__NsJailConfig * message) { +size_t nsjail__ns_jail_config__get_packed_size(const Nsjail__NsJailConfig * message) +{ assert(message->base.descriptor == &nsjail__ns_jail_config__descriptor); return protobuf_c_message_get_packed_size((const ProtobufCMessage *)(message)); } -size_t nsjail__ns_jail_config__pack(const Nsjail__NsJailConfig * message, uint8_t * out) { +size_t nsjail__ns_jail_config__pack(const Nsjail__NsJailConfig * message, uint8_t * out) +{ assert(message->base.descriptor == &nsjail__ns_jail_config__descriptor); return protobuf_c_message_pack((const ProtobufCMessage *)message, out); } @@ -53,7 +56,9 @@ static const uint32_t nsjail__ns_jail_config__port__default_value = 0u; static const ProtobufCBinaryData nsjail__ns_jail_config__bindhost__default_value = { 2, nsjail__ns_jail_config__bindhost__default_value_data }; static const uint32_t nsjail__ns_jail_config__max_conns_per_ip__default_value = 0u; -static const ProtobufCFieldDescriptor nsjail__ns_jail_config__field_descriptors[8] = { +static const uint32_t nsjail__ns_jail_config__time_limit__default_value = 600u; +static const protobuf_c_boolean nsjail__ns_jail_config__daemon__default_value = 0; +static const ProtobufCFieldDescriptor nsjail__ns_jail_config__field_descriptors[11] = { { "mode", 1, @@ -150,23 +155,62 @@ static const ProtobufCFieldDescriptor nsjail__ns_jail_config__field_descriptors[ 0, /* flags */ 0, NULL, NULL /* reserved1,reserved2, etc */ }, + { + "log", + 11, + PROTOBUF_C_LABEL_OPTIONAL, + PROTOBUF_C_TYPE_BYTES, + offsetof(Nsjail__NsJailConfig, has_log), + offsetof(Nsjail__NsJailConfig, log), + NULL, + NULL, + 0, /* flags */ + 0, NULL, NULL /* reserved1,reserved2, etc */ + }, + { + "time_limit", + 12, + PROTOBUF_C_LABEL_REQUIRED, + PROTOBUF_C_TYPE_UINT32, + 0, /* quantifier_offset */ + offsetof(Nsjail__NsJailConfig, time_limit), + NULL, + &nsjail__ns_jail_config__time_limit__default_value, + 0, /* flags */ + 0, NULL, NULL /* reserved1,reserved2, etc */ + }, + { + "daemon", + 13, + PROTOBUF_C_LABEL_REQUIRED, + PROTOBUF_C_TYPE_BOOL, + 0, /* quantifier_offset */ + offsetof(Nsjail__NsJailConfig, daemon), + NULL, + &nsjail__ns_jail_config__daemon__default_value, + 0, /* flags */ + 0, NULL, NULL /* reserved1,reserved2, etc */ + }, }; static const unsigned nsjail__ns_jail_config__field_indices_by_name[] = { 6, /* field[6] = bindhost */ 1, /* field[1] = chroot */ 4, /* field[4] = cwd */ + 10, /* field[10] = daemon */ 3, /* field[3] = hostname */ 2, /* field[2] = is_root_rw */ + 8, /* field[8] = log */ 7, /* field[7] = max_conns_per_ip */ 0, /* field[0] = mode */ 5, /* field[5] = port */ + 9, /* field[9] = time_limit */ }; static const ProtobufCIntRange nsjail__ns_jail_config__number_ranges[2 + 1] = { {1, 0}, {6, 3}, - {0, 8} + {0, 11} }; const ProtobufCMessageDescriptor nsjail__ns_jail_config__descriptor = { @@ -176,7 +220,7 @@ const ProtobufCMessageDescriptor nsjail__ns_jail_config__descriptor = { "Nsjail__NsJailConfig", "nsjail", sizeof(Nsjail__NsJailConfig), - 8, + 11, nsjail__ns_jail_config__field_descriptors, nsjail__ns_jail_config__field_indices_by_name, 2, nsjail__ns_jail_config__number_ranges, diff --git a/config.pb-c.h b/config.pb-c.h index 610704a..6235290 100644 --- a/config.pb-c.h +++ b/config.pb-c.h @@ -36,13 +36,17 @@ struct _Nsjail__NsJailConfig { uint32_t port; ProtobufCBinaryData bindhost; uint32_t max_conns_per_ip; + protobuf_c_boolean has_log; + ProtobufCBinaryData log; + uint32_t time_limit; + protobuf_c_boolean daemon; }; extern uint8_t nsjail__ns_jail_config__hostname__default_value_data[]; extern uint8_t nsjail__ns_jail_config__cwd__default_value_data[]; extern uint8_t nsjail__ns_jail_config__bindhost__default_value_data[]; #define NSJAIL__NS_JAIL_CONFIG__INIT \ { PROTOBUF_C_MESSAGE_INIT (&nsjail__ns_jail_config__descriptor) \ - , NSJAIL__MODE__ONCE, 0,{0,NULL}, 0, { 6, nsjail__ns_jail_config__hostname__default_value_data }, { 1, nsjail__ns_jail_config__cwd__default_value_data }, 0u, { 2, nsjail__ns_jail_config__bindhost__default_value_data }, 0u } + , NSJAIL__MODE__ONCE, 0,{0,NULL}, 0, { 6, nsjail__ns_jail_config__hostname__default_value_data }, { 1, nsjail__ns_jail_config__cwd__default_value_data }, 0u, { 2, nsjail__ns_jail_config__bindhost__default_value_data }, 0u, 0,{0,NULL}, 600u, 0 } /* Nsjail__NsJailConfig methods */ void nsjail__ns_jail_config__init(Nsjail__NsJailConfig * message); diff --git a/config.proto b/config.proto index 03d285e..547c2ab 100644 --- a/config.proto +++ b/config.proto @@ -13,9 +13,12 @@ message NsJailConfig { required Mode mode = 1 [default = ONCE]; optional bytes chroot = 2; required bool is_root_rw = 3 [default = false]; - required bytes hostname = 6 [default="NSJAIL"]; - required bytes cwd = 7 [default="/"]; - required uint32 port = 8 [default=0]; - required bytes bindhost = 9 [default="::"]; - required uint32 max_conns_per_ip = 10 [default=0]; + required bytes hostname = 6 [default = "NSJAIL"]; + required bytes cwd = 7 [default = "/"]; + required uint32 port = 8 [default = 0]; + required bytes bindhost = 9 [default = "::"]; + required uint32 max_conns_per_ip = 10 [default = 0]; + optional bytes log = 11; + required uint32 time_limit = 12 [default = 600]; + required bool daemon = 13 [default = false]; }