config: more options in the config #3
This commit is contained in:
parent
1c4fba0484
commit
92939c754e
@ -415,6 +415,7 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf)
|
|||||||
.argv = NULL,
|
.argv = NULL,
|
||||||
.port = 0,
|
.port = 0,
|
||||||
.bindhost = "::",
|
.bindhost = "::",
|
||||||
|
.logfile = NULL,
|
||||||
.daemonize = false,
|
.daemonize = false,
|
||||||
.tlimit = 0,
|
.tlimit = 0,
|
||||||
.pivot_root_only = false,
|
.pivot_root_only = false,
|
||||||
@ -468,7 +469,6 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf)
|
|||||||
TAILQ_INIT(&nsjconf->uid_mappings);
|
TAILQ_INIT(&nsjconf->uid_mappings);
|
||||||
TAILQ_INIT(&nsjconf->gid_mappings);
|
TAILQ_INIT(&nsjconf->gid_mappings);
|
||||||
|
|
||||||
const char *logfile = NULL;
|
|
||||||
static char cmdlineTmpfsSz[PATH_MAX] = "size=4194304";
|
static char cmdlineTmpfsSz[PATH_MAX] = "size=4194304";
|
||||||
|
|
||||||
struct fds_t *f;
|
struct fds_t *f;
|
||||||
@ -539,7 +539,7 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf)
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'l':
|
case 'l':
|
||||||
logfile = optarg;
|
nsjconf->logfile = optarg;
|
||||||
break;
|
break;
|
||||||
case 'd':
|
case 'd':
|
||||||
nsjconf->daemonize = true;
|
nsjconf->daemonize = true;
|
||||||
@ -822,7 +822,7 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf)
|
|||||||
TAILQ_INSERT_HEAD(&nsjconf->gids, p, pointers);
|
TAILQ_INSERT_HEAD(&nsjconf->gids, p, pointers);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (logInitLogFile(nsjconf, logfile, log_level) == false) {
|
if (logInitLogFile(nsjconf, nsjconf->logfile, log_level) == false) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
1
common.h
1
common.h
@ -110,6 +110,7 @@ struct nsjconf_t {
|
|||||||
char *const *argv;
|
char *const *argv;
|
||||||
int port;
|
int port;
|
||||||
const char *bindhost;
|
const char *bindhost;
|
||||||
|
const char *logfile;
|
||||||
bool daemonize;
|
bool daemonize;
|
||||||
time_t tlimit;
|
time_t tlimit;
|
||||||
bool pivot_root_only;
|
bool pivot_root_only;
|
||||||
|
5
config.c
5
config.c
@ -63,6 +63,11 @@ static bool configParseInternal(struct nsjconf_t *nsjconf, Nsjail__NsJailConfig
|
|||||||
nsjconf->cwd = utilStrDupLen((char *)njc->cwd.data, njc->cwd.len);
|
nsjconf->cwd = utilStrDupLen((char *)njc->cwd.data, njc->cwd.len);
|
||||||
nsjconf->bindhost = utilStrDupLen((char *)njc->bindhost.data, njc->bindhost.len);
|
nsjconf->bindhost = utilStrDupLen((char *)njc->bindhost.data, njc->bindhost.len);
|
||||||
nsjconf->max_conns_per_ip = njc->max_conns_per_ip;
|
nsjconf->max_conns_per_ip = njc->max_conns_per_ip;
|
||||||
|
if (njc->has_log) {
|
||||||
|
nsjconf->logfile = utilStrDupLen((char *)njc->log.data, njc->log.len);
|
||||||
|
}
|
||||||
|
nsjconf->tlimit = njc->time_limit;
|
||||||
|
nsjconf->daemonize = njc->daemon;
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -5,3 +5,6 @@ hostname: "TEST-NS"
|
|||||||
cwd: "/lib"
|
cwd: "/lib"
|
||||||
bindhost: "::1"
|
bindhost: "::1"
|
||||||
max_conns_per_ip: 10
|
max_conns_per_ip: 10
|
||||||
|
log: "/proc/self/fd/2"
|
||||||
|
time_limit: 100
|
||||||
|
daemon: false
|
||||||
|
@ -7,17 +7,20 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include "config.pb-c.h"
|
#include "config.pb-c.h"
|
||||||
void nsjail__ns_jail_config__init(Nsjail__NsJailConfig * message) {
|
void nsjail__ns_jail_config__init(Nsjail__NsJailConfig * message)
|
||||||
|
{
|
||||||
static Nsjail__NsJailConfig init_value = NSJAIL__NS_JAIL_CONFIG__INIT;
|
static Nsjail__NsJailConfig init_value = NSJAIL__NS_JAIL_CONFIG__INIT;
|
||||||
*message = init_value;
|
*message = init_value;
|
||||||
}
|
}
|
||||||
|
|
||||||
size_t nsjail__ns_jail_config__get_packed_size(const Nsjail__NsJailConfig * message) {
|
size_t nsjail__ns_jail_config__get_packed_size(const Nsjail__NsJailConfig * message)
|
||||||
|
{
|
||||||
assert(message->base.descriptor == &nsjail__ns_jail_config__descriptor);
|
assert(message->base.descriptor == &nsjail__ns_jail_config__descriptor);
|
||||||
return protobuf_c_message_get_packed_size((const ProtobufCMessage *)(message));
|
return protobuf_c_message_get_packed_size((const ProtobufCMessage *)(message));
|
||||||
}
|
}
|
||||||
|
|
||||||
size_t nsjail__ns_jail_config__pack(const Nsjail__NsJailConfig * message, uint8_t * out) {
|
size_t nsjail__ns_jail_config__pack(const Nsjail__NsJailConfig * message, uint8_t * out)
|
||||||
|
{
|
||||||
assert(message->base.descriptor == &nsjail__ns_jail_config__descriptor);
|
assert(message->base.descriptor == &nsjail__ns_jail_config__descriptor);
|
||||||
return protobuf_c_message_pack((const ProtobufCMessage *)message, out);
|
return protobuf_c_message_pack((const ProtobufCMessage *)message, out);
|
||||||
}
|
}
|
||||||
@ -53,7 +56,9 @@ static const uint32_t nsjail__ns_jail_config__port__default_value = 0u;
|
|||||||
static const ProtobufCBinaryData nsjail__ns_jail_config__bindhost__default_value =
|
static const ProtobufCBinaryData nsjail__ns_jail_config__bindhost__default_value =
|
||||||
{ 2, nsjail__ns_jail_config__bindhost__default_value_data };
|
{ 2, nsjail__ns_jail_config__bindhost__default_value_data };
|
||||||
static const uint32_t nsjail__ns_jail_config__max_conns_per_ip__default_value = 0u;
|
static const uint32_t nsjail__ns_jail_config__max_conns_per_ip__default_value = 0u;
|
||||||
static const ProtobufCFieldDescriptor nsjail__ns_jail_config__field_descriptors[8] = {
|
static const uint32_t nsjail__ns_jail_config__time_limit__default_value = 600u;
|
||||||
|
static const protobuf_c_boolean nsjail__ns_jail_config__daemon__default_value = 0;
|
||||||
|
static const ProtobufCFieldDescriptor nsjail__ns_jail_config__field_descriptors[11] = {
|
||||||
{
|
{
|
||||||
"mode",
|
"mode",
|
||||||
1,
|
1,
|
||||||
@ -150,23 +155,62 @@ static const ProtobufCFieldDescriptor nsjail__ns_jail_config__field_descriptors[
|
|||||||
0, /* flags */
|
0, /* flags */
|
||||||
0, NULL, NULL /* reserved1,reserved2, etc */
|
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"log",
|
||||||
|
11,
|
||||||
|
PROTOBUF_C_LABEL_OPTIONAL,
|
||||||
|
PROTOBUF_C_TYPE_BYTES,
|
||||||
|
offsetof(Nsjail__NsJailConfig, has_log),
|
||||||
|
offsetof(Nsjail__NsJailConfig, log),
|
||||||
|
NULL,
|
||||||
|
NULL,
|
||||||
|
0, /* flags */
|
||||||
|
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"time_limit",
|
||||||
|
12,
|
||||||
|
PROTOBUF_C_LABEL_REQUIRED,
|
||||||
|
PROTOBUF_C_TYPE_UINT32,
|
||||||
|
0, /* quantifier_offset */
|
||||||
|
offsetof(Nsjail__NsJailConfig, time_limit),
|
||||||
|
NULL,
|
||||||
|
&nsjail__ns_jail_config__time_limit__default_value,
|
||||||
|
0, /* flags */
|
||||||
|
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"daemon",
|
||||||
|
13,
|
||||||
|
PROTOBUF_C_LABEL_REQUIRED,
|
||||||
|
PROTOBUF_C_TYPE_BOOL,
|
||||||
|
0, /* quantifier_offset */
|
||||||
|
offsetof(Nsjail__NsJailConfig, daemon),
|
||||||
|
NULL,
|
||||||
|
&nsjail__ns_jail_config__daemon__default_value,
|
||||||
|
0, /* flags */
|
||||||
|
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||||
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
static const unsigned nsjail__ns_jail_config__field_indices_by_name[] = {
|
static const unsigned nsjail__ns_jail_config__field_indices_by_name[] = {
|
||||||
6, /* field[6] = bindhost */
|
6, /* field[6] = bindhost */
|
||||||
1, /* field[1] = chroot */
|
1, /* field[1] = chroot */
|
||||||
4, /* field[4] = cwd */
|
4, /* field[4] = cwd */
|
||||||
|
10, /* field[10] = daemon */
|
||||||
3, /* field[3] = hostname */
|
3, /* field[3] = hostname */
|
||||||
2, /* field[2] = is_root_rw */
|
2, /* field[2] = is_root_rw */
|
||||||
|
8, /* field[8] = log */
|
||||||
7, /* field[7] = max_conns_per_ip */
|
7, /* field[7] = max_conns_per_ip */
|
||||||
0, /* field[0] = mode */
|
0, /* field[0] = mode */
|
||||||
5, /* field[5] = port */
|
5, /* field[5] = port */
|
||||||
|
9, /* field[9] = time_limit */
|
||||||
};
|
};
|
||||||
|
|
||||||
static const ProtobufCIntRange nsjail__ns_jail_config__number_ranges[2 + 1] = {
|
static const ProtobufCIntRange nsjail__ns_jail_config__number_ranges[2 + 1] = {
|
||||||
{1, 0},
|
{1, 0},
|
||||||
{6, 3},
|
{6, 3},
|
||||||
{0, 8}
|
{0, 11}
|
||||||
};
|
};
|
||||||
|
|
||||||
const ProtobufCMessageDescriptor nsjail__ns_jail_config__descriptor = {
|
const ProtobufCMessageDescriptor nsjail__ns_jail_config__descriptor = {
|
||||||
@ -176,7 +220,7 @@ const ProtobufCMessageDescriptor nsjail__ns_jail_config__descriptor = {
|
|||||||
"Nsjail__NsJailConfig",
|
"Nsjail__NsJailConfig",
|
||||||
"nsjail",
|
"nsjail",
|
||||||
sizeof(Nsjail__NsJailConfig),
|
sizeof(Nsjail__NsJailConfig),
|
||||||
8,
|
11,
|
||||||
nsjail__ns_jail_config__field_descriptors,
|
nsjail__ns_jail_config__field_descriptors,
|
||||||
nsjail__ns_jail_config__field_indices_by_name,
|
nsjail__ns_jail_config__field_indices_by_name,
|
||||||
2, nsjail__ns_jail_config__number_ranges,
|
2, nsjail__ns_jail_config__number_ranges,
|
||||||
|
@ -36,13 +36,17 @@ struct _Nsjail__NsJailConfig {
|
|||||||
uint32_t port;
|
uint32_t port;
|
||||||
ProtobufCBinaryData bindhost;
|
ProtobufCBinaryData bindhost;
|
||||||
uint32_t max_conns_per_ip;
|
uint32_t max_conns_per_ip;
|
||||||
|
protobuf_c_boolean has_log;
|
||||||
|
ProtobufCBinaryData log;
|
||||||
|
uint32_t time_limit;
|
||||||
|
protobuf_c_boolean daemon;
|
||||||
};
|
};
|
||||||
extern uint8_t nsjail__ns_jail_config__hostname__default_value_data[];
|
extern uint8_t nsjail__ns_jail_config__hostname__default_value_data[];
|
||||||
extern uint8_t nsjail__ns_jail_config__cwd__default_value_data[];
|
extern uint8_t nsjail__ns_jail_config__cwd__default_value_data[];
|
||||||
extern uint8_t nsjail__ns_jail_config__bindhost__default_value_data[];
|
extern uint8_t nsjail__ns_jail_config__bindhost__default_value_data[];
|
||||||
#define NSJAIL__NS_JAIL_CONFIG__INIT \
|
#define NSJAIL__NS_JAIL_CONFIG__INIT \
|
||||||
{ PROTOBUF_C_MESSAGE_INIT (&nsjail__ns_jail_config__descriptor) \
|
{ PROTOBUF_C_MESSAGE_INIT (&nsjail__ns_jail_config__descriptor) \
|
||||||
, NSJAIL__MODE__ONCE, 0,{0,NULL}, 0, { 6, nsjail__ns_jail_config__hostname__default_value_data }, { 1, nsjail__ns_jail_config__cwd__default_value_data }, 0u, { 2, nsjail__ns_jail_config__bindhost__default_value_data }, 0u }
|
, NSJAIL__MODE__ONCE, 0,{0,NULL}, 0, { 6, nsjail__ns_jail_config__hostname__default_value_data }, { 1, nsjail__ns_jail_config__cwd__default_value_data }, 0u, { 2, nsjail__ns_jail_config__bindhost__default_value_data }, 0u, 0,{0,NULL}, 600u, 0 }
|
||||||
|
|
||||||
/* Nsjail__NsJailConfig methods */
|
/* Nsjail__NsJailConfig methods */
|
||||||
void nsjail__ns_jail_config__init(Nsjail__NsJailConfig * message);
|
void nsjail__ns_jail_config__init(Nsjail__NsJailConfig * message);
|
||||||
|
13
config.proto
13
config.proto
@ -13,9 +13,12 @@ message NsJailConfig {
|
|||||||
required Mode mode = 1 [default = ONCE];
|
required Mode mode = 1 [default = ONCE];
|
||||||
optional bytes chroot = 2;
|
optional bytes chroot = 2;
|
||||||
required bool is_root_rw = 3 [default = false];
|
required bool is_root_rw = 3 [default = false];
|
||||||
required bytes hostname = 6 [default="NSJAIL"];
|
required bytes hostname = 6 [default = "NSJAIL"];
|
||||||
required bytes cwd = 7 [default="/"];
|
required bytes cwd = 7 [default = "/"];
|
||||||
required uint32 port = 8 [default=0];
|
required uint32 port = 8 [default = 0];
|
||||||
required bytes bindhost = 9 [default="::"];
|
required bytes bindhost = 9 [default = "::"];
|
||||||
required uint32 max_conns_per_ip = 10 [default=0];
|
required uint32 max_conns_per_ip = 10 [default = 0];
|
||||||
|
optional bytes log = 11;
|
||||||
|
required uint32 time_limit = 12 [default = 600];
|
||||||
|
required bool daemon = 13 [default = false];
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user