config: switch is_ro to rw

config.c

@@ -180,7 +180,7 @@ static bool configParseInternal(struct nsjconf_t *nsjconf, Nsjail__NsJailConfig
 		const char *fstype = njc->mount[i]->fstype;
 		const char *options = njc->mount[i]->options;
 
-		uintptr_t flags = njc->mount[i]->is_ro ? MS_RDONLY : 0;
+		uintptr_t flags = (njc->mount[i]->rw == false) ? MS_RDONLY : 0;
 		flags |= njc->mount[i]->is_bind ? (MS_BIND | MS_REC) : 0;
 		bool mandatory = njc->mount[i]->mandatory;
 

config.pb-c.h

@@ -7,16 +7,20 @@
 #include <protobuf-c/protobuf-c.h>
 
 PROTOBUF_C__BEGIN_DECLS
+
 #if PROTOBUF_C_VERSION_NUMBER < 1000000
-#error This file was generated by a newer version of protoc-c which is incompatible with your libprotobuf-c headers. Please update your headers.
+# error This file was generated by a newer version of protoc-c which is incompatible with your libprotobuf-c headers. Please update your headers.
 #elif 1002001 < PROTOBUF_C_MIN_COMPILER_VERSION
-#error This file was generated by an older version of protoc-c which is incompatible with your libprotobuf-c headers. Please regenerate this file with a newer version of protoc-c.
+# error This file was generated by an older version of protoc-c which is incompatible with your libprotobuf-c headers. Please regenerate this file with a newer version of protoc-c.
 #endif
+
+
 typedef struct _Nsjail__IdMap Nsjail__IdMap;
 typedef struct _Nsjail__MountPt Nsjail__MountPt;
 typedef struct _Nsjail__Exe Nsjail__Exe;
 typedef struct _Nsjail__NsJailConfig Nsjail__NsJailConfig;
 
+
 /* --- enums --- */
 
 typedef enum _Nsjail__Mode {
@@ -35,7 +39,8 @@ typedef enum _Nsjail__Mode {
   /*
    * Executing command w/o the supervisor 
    */
-	NSJAIL__MODE__EXECVE = 3 PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE(NSJAIL__MODE)
+  NSJAIL__MODE__EXECVE = 3
+    PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE(NSJAIL__MODE)
 } Nsjail__Mode;
 /*
  * Should be self explanatory 
@@ -54,12 +59,14 @@ typedef enum _Nsjail__LogLevel {
    */
   NSJAIL__LOG_LEVEL__WARNING = 2,
   NSJAIL__LOG_LEVEL__ERROR = 3,
-	NSJAIL__LOG_LEVEL__FATAL = 4 PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE(NSJAIL__LOG_LEVEL)
+  NSJAIL__LOG_LEVEL__FATAL = 4
+    PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE(NSJAIL__LOG_LEVEL)
 } Nsjail__LogLevel;
 
 /* --- messages --- */
 
-struct _Nsjail__IdMap {
+struct  _Nsjail__IdMap
+{
   ProtobufCMessage base;
   /*
    * Empty string means "current uid/gid" 
@@ -81,7 +88,9 @@ extern char nsjail__id_map__outside_id__default_value[];
  { PROTOBUF_C_MESSAGE_INIT (&nsjail__id_map__descriptor) \
     , nsjail__id_map__inside_id__default_value, nsjail__id_map__outside_id__default_value, 1u, 0 }
 
-struct _Nsjail__MountPt {
+
+struct  _Nsjail__MountPt
+{
   ProtobufCMessage base;
   /*
    * Can be skipped for filesystems like 'proc' 
@@ -112,9 +121,9 @@ struct _Nsjail__MountPt {
    */
   protobuf_c_boolean is_bind;
   /*
-	 * It it RO mount 
+   * It it R/W mount 
    */
-	protobuf_c_boolean is_ro;
+  protobuf_c_boolean rw;
   /*
    * Is it directory? If not specified an internal
    *heuristics will be used to determine that 
@@ -132,7 +141,9 @@ extern char nsjail__mount_pt__options__default_value[];
  { PROTOBUF_C_MESSAGE_INIT (&nsjail__mount_pt__descriptor) \
     , NULL, NULL, NULL, NULL, nsjail__mount_pt__fstype__default_value, nsjail__mount_pt__options__default_value, 0, 0, 0,0, 1 }
 
-struct _Nsjail__Exe {
+
+struct  _Nsjail__Exe
+{
   ProtobufCMessage base;
   /*
    * Will be used both as execv's path and as argv[0] 
@@ -148,7 +159,9 @@ struct _Nsjail__Exe {
  { PROTOBUF_C_MESSAGE_INIT (&nsjail__exe__descriptor) \
     , NULL, 0,NULL }
 
-struct _Nsjail__NsJailConfig {
+
+struct  _Nsjail__NsJailConfig
+{
   ProtobufCMessage base;
   /*
    * Optional name and description for this config 
@@ -377,52 +390,101 @@ extern char nsjail__ns_jail_config__macvlan_vs_gw__default_value[];
  { PROTOBUF_C_MESSAGE_INIT (&nsjail__ns_jail_config__descriptor) \
     , nsjail__ns_jail_config__name__default_value, nsjail__ns_jail_config__description__default_value, NSJAIL__MODE__ONCE, NULL, 0, nsjail__ns_jail_config__hostname__default_value, nsjail__ns_jail_config__cwd__default_value, 0u, nsjail__ns_jail_config__bindhost__default_value, 0u, 600u, 0, NULL, 0,0, 0, 0,NULL, 0, 0, 0,NULL, 0, 0, 512ull, 0ull, 600ull, 1ull, 32ull, 0,0, 0,0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0,NULL, 0,NULL, 0, 0,NULL, NULL, NULL, 0ull, nsjail__ns_jail_config__cgroup_mem_mount__default_value, nsjail__ns_jail_config__cgroup_mem_parent__default_value, 0ull, nsjail__ns_jail_config__cgroup_pids_mount__default_value, nsjail__ns_jail_config__cgroup_pids_parent__default_value, 0, NULL, nsjail__ns_jail_config__macvlan_vs_ip__default_value, nsjail__ns_jail_config__macvlan_vs_nm__default_value, nsjail__ns_jail_config__macvlan_vs_gw__default_value, NULL }
 
+
 /* Nsjail__IdMap methods */
-void nsjail__id_map__init(Nsjail__IdMap * message);
-size_t nsjail__id_map__get_packed_size(const Nsjail__IdMap * message);
-size_t nsjail__id_map__pack(const Nsjail__IdMap * message, uint8_t * out);
-size_t nsjail__id_map__pack_to_buffer(const Nsjail__IdMap * message, ProtobufCBuffer * buffer);
-Nsjail__IdMap *nsjail__id_map__unpack
-    (ProtobufCAllocator * allocator, size_t len, const uint8_t * data);
-void nsjail__id_map__free_unpacked(Nsjail__IdMap * message, ProtobufCAllocator * allocator);
+void   nsjail__id_map__init
+                     (Nsjail__IdMap         *message);
+size_t nsjail__id_map__get_packed_size
+                     (const Nsjail__IdMap   *message);
+size_t nsjail__id_map__pack
+                     (const Nsjail__IdMap   *message,
+                      uint8_t             *out);
+size_t nsjail__id_map__pack_to_buffer
+                     (const Nsjail__IdMap   *message,
+                      ProtobufCBuffer     *buffer);
+Nsjail__IdMap *
+       nsjail__id_map__unpack
+                     (ProtobufCAllocator  *allocator,
+                      size_t               len,
+                      const uint8_t       *data);
+void   nsjail__id_map__free_unpacked
+                     (Nsjail__IdMap *message,
+                      ProtobufCAllocator *allocator);
 /* Nsjail__MountPt methods */
-void nsjail__mount_pt__init(Nsjail__MountPt * message);
-size_t nsjail__mount_pt__get_packed_size(const Nsjail__MountPt * message);
-size_t nsjail__mount_pt__pack(const Nsjail__MountPt * message, uint8_t * out);
-size_t nsjail__mount_pt__pack_to_buffer(const Nsjail__MountPt * message, ProtobufCBuffer * buffer);
-Nsjail__MountPt *nsjail__mount_pt__unpack
-    (ProtobufCAllocator * allocator, size_t len, const uint8_t * data);
-void nsjail__mount_pt__free_unpacked(Nsjail__MountPt * message, ProtobufCAllocator * allocator);
+void   nsjail__mount_pt__init
+                     (Nsjail__MountPt         *message);
+size_t nsjail__mount_pt__get_packed_size
+                     (const Nsjail__MountPt   *message);
+size_t nsjail__mount_pt__pack
+                     (const Nsjail__MountPt   *message,
+                      uint8_t             *out);
+size_t nsjail__mount_pt__pack_to_buffer
+                     (const Nsjail__MountPt   *message,
+                      ProtobufCBuffer     *buffer);
+Nsjail__MountPt *
+       nsjail__mount_pt__unpack
+                     (ProtobufCAllocator  *allocator,
+                      size_t               len,
+                      const uint8_t       *data);
+void   nsjail__mount_pt__free_unpacked
+                     (Nsjail__MountPt *message,
+                      ProtobufCAllocator *allocator);
 /* Nsjail__Exe methods */
-void nsjail__exe__init(Nsjail__Exe * message);
-size_t nsjail__exe__get_packed_size(const Nsjail__Exe * message);
-size_t nsjail__exe__pack(const Nsjail__Exe * message, uint8_t * out);
-size_t nsjail__exe__pack_to_buffer(const Nsjail__Exe * message, ProtobufCBuffer * buffer);
-Nsjail__Exe *nsjail__exe__unpack(ProtobufCAllocator * allocator, size_t len, const uint8_t * data);
-void nsjail__exe__free_unpacked(Nsjail__Exe * message, ProtobufCAllocator * allocator);
+void   nsjail__exe__init
+                     (Nsjail__Exe         *message);
+size_t nsjail__exe__get_packed_size
+                     (const Nsjail__Exe   *message);
+size_t nsjail__exe__pack
+                     (const Nsjail__Exe   *message,
+                      uint8_t             *out);
+size_t nsjail__exe__pack_to_buffer
+                     (const Nsjail__Exe   *message,
+                      ProtobufCBuffer     *buffer);
+Nsjail__Exe *
+       nsjail__exe__unpack
+                     (ProtobufCAllocator  *allocator,
+                      size_t               len,
+                      const uint8_t       *data);
+void   nsjail__exe__free_unpacked
+                     (Nsjail__Exe *message,
+                      ProtobufCAllocator *allocator);
 /* Nsjail__NsJailConfig methods */
-void nsjail__ns_jail_config__init(Nsjail__NsJailConfig * message);
-size_t nsjail__ns_jail_config__get_packed_size(const Nsjail__NsJailConfig * message);
-size_t nsjail__ns_jail_config__pack(const Nsjail__NsJailConfig * message, uint8_t * out);
+void   nsjail__ns_jail_config__init
+                     (Nsjail__NsJailConfig         *message);
+size_t nsjail__ns_jail_config__get_packed_size
+                     (const Nsjail__NsJailConfig   *message);
+size_t nsjail__ns_jail_config__pack
+                     (const Nsjail__NsJailConfig   *message,
+                      uint8_t             *out);
 size_t nsjail__ns_jail_config__pack_to_buffer
-    (const Nsjail__NsJailConfig * message, ProtobufCBuffer * buffer);
-Nsjail__NsJailConfig *nsjail__ns_jail_config__unpack
-    (ProtobufCAllocator * allocator, size_t len, const uint8_t * data);
+                     (const Nsjail__NsJailConfig   *message,
+                      ProtobufCBuffer     *buffer);
+Nsjail__NsJailConfig *
+       nsjail__ns_jail_config__unpack
+                     (ProtobufCAllocator  *allocator,
+                      size_t               len,
+                      const uint8_t       *data);
 void   nsjail__ns_jail_config__free_unpacked
-    (Nsjail__NsJailConfig * message, ProtobufCAllocator * allocator);
+                     (Nsjail__NsJailConfig *message,
+                      ProtobufCAllocator *allocator);
 /* --- per-message closures --- */
 
 typedef void (*Nsjail__IdMap_Closure)
- (const Nsjail__IdMap * message, void *closure_data);
+                 (const Nsjail__IdMap *message,
+                  void *closure_data);
 typedef void (*Nsjail__MountPt_Closure)
- (const Nsjail__MountPt * message, void *closure_data);
+                 (const Nsjail__MountPt *message,
+                  void *closure_data);
 typedef void (*Nsjail__Exe_Closure)
- (const Nsjail__Exe * message, void *closure_data);
+                 (const Nsjail__Exe *message,
+                  void *closure_data);
 typedef void (*Nsjail__NsJailConfig_Closure)
- (const Nsjail__NsJailConfig * message, void *closure_data);
+                 (const Nsjail__NsJailConfig *message,
+                  void *closure_data);
 
 /* --- services --- */
 
+
 /* --- descriptors --- */
 
 extern const ProtobufCEnumDescriptor    nsjail__mode__descriptor;
@@ -433,4 +495,6 @@ extern const ProtobufCMessageDescriptor nsjail__exe__descriptor;
 extern const ProtobufCMessageDescriptor nsjail__ns_jail_config__descriptor;
 
 PROTOBUF_C__END_DECLS
+
+
 #endif  /* PROTOBUF_C_config_2eproto__INCLUDED */

config.proto

@@ -42,8 +42,8 @@ message MountPt
     required string options = 6 [ default = "" ];
     /* Is it 'mount --bind src dst' type of mount */
     required bool is_bind = 7 [ default = false ];
-    /* It it RO mount */
-    required bool is_ro = 8 [ default = false ];
+    /* It it R/W mount */
+    required bool rw = 8 [ default = false ];
     /* Is it directory? If not specified an internal
        heuristics will be used to determine that */
     optional bool is_dir = 9;

configs/bash-with-fake-geteuid.cfg

@@ -70,35 +70,35 @@ mount {
 	src: "/lib"
 	dst: "/lib"
 	is_bind: true
-	is_ro: true
+	rw: false
 }
 
 mount {
 	src: "/bin"
 	dst: "/bin"
 	is_bind: true
-	is_ro: true
+	rw: false
 }
 
 mount {
 	src: "/sbin"
 	dst: "/sbin"
 	is_bind: true
-	is_ro: true
+	rw: false
 }
 
 mount {
 	src: "/usr"
 	dst: "/usr"
 	is_bind: true
-	is_ro: true
+	rw: false
 }
 
 mount {
 	src: "/lib64"
 	dst: "/lib64"
 	is_bind: true
-	is_ro: true
+	rw: false
 	mandatory: false
 }
 
@@ -106,14 +106,14 @@ mount {
 	src: "/lib32"
 	dst: "/lib32"
 	is_bind: true
-	is_ro: true
+	rw: false
 	mandatory: false
 }
 
 mount {
 	dst: "/tmp"
 	fstype: "tmpfs"
-	is_ro: false
+	rw: true
 	is_bind: false
 }
 
@@ -121,21 +121,21 @@ mount {
 	dst: "/dev"
 	fstype: "tmpfs"
 	options: "size=8388608"
-	is_ro: false
+	rw: true
 	is_bind: false
 }
 
 mount {
 	src: "/dev/null"
 	dst: "/dev/null"
-	is_ro: false
+	rw: true
 	is_bind: true
 }
 
 mount {
 	dst: "/proc"
 	fstype: "proc"
-	is_ro: true
+	rw: false
 }
 
 mount {

configs/firefox-with-net.cfg

@@ -83,7 +83,7 @@ mount {
 	src: "/dev/urandom"
 	dst: "/dev/urandom"
 	is_bind: true
-	is_ro: false
+	rw: true
 }
 
 mount {
@@ -103,21 +103,21 @@ mount {
 mount {
 	dst: "/tmp"
 	fstype: "tmpfs"
-	is_ro: false
+	rw: true
 	is_bind: false
 }
 
 mount {
 	dst: "/user"
 	fstype: "tmpfs"
-	is_ro: false
+	rw: true
 }
 
 mount {
 	prefix_src_env: "HOME"
 	src: "/Documents"
 	dst: "/user/Documents"
-	is_ro: false
+	rw: true
 	is_bind: true
 	mandatory: false
 }
@@ -127,20 +127,19 @@ mount {
 	src: "/.mozilla"
 	dst: "/user/.mozilla"
 	is_bind: true
-	is_ro: false
+	rw: true
 	mandatory: false
 }
 
 mount {
 	dst: "/user/.cache"
 	fstype: "tmpfs"
-	is_ro: false
+	rw: true
 }
 
 mount {
 	src: "/tmp/.X11-unix/X0"
 	dst: "/tmp/.X11-unix/X0"
-	is_ro: false
 	is_bind: true
 }
 

configs/home-documents-with-xorg-no-net.cfg

@@ -64,13 +64,13 @@ mount {
 mount {
 	dst: "/tmp"
 	fstype: "tmpfs"
-	is_ro: false
+	rw: true
 }
 
 mount {
 	dst: "/user"
 	fstype: "tmpfs"
-	is_ro: false
+	rw: true
 }
 
 mount {
@@ -83,7 +83,6 @@ mount {
 mount {
 	src: "/tmp/.X11-unix/X0"
 	dst: "/tmp/.X11-unix/X0"
-	is_ro: false
 	is_bind: true
 }