No need to add (default:none) in cmdline
This commit is contained in:
parent
be639261b5
commit
ad4b0105a7
@ -338,9 +338,9 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf)
|
||||
{{"disable_clone_newpid", no_argument, NULL, 0x0404}, "Don't use CLONE_NEWPID"},
|
||||
{{"disable_clone_newipc", no_argument, NULL, 0x0405}, "Don't use CLONE_NEWIPC"},
|
||||
{{"disable_clone_newuts", no_argument, NULL, 0x0406}, "Don't use CLONE_NEWUTS"},
|
||||
{{"bindmount_ro", required_argument, NULL, 'R'}, "List of mountpoints to be mounted --bind (ro) inside the container. Can be specified multiple times. Supports 'source' syntax, or 'source:dest'. (default: none)"},
|
||||
{{"bindmount", required_argument, NULL, 'B'}, "List of mountpoints to be mounted --bind (rw) inside the container. Can be specified multiple times. Supports 'source' syntax, or 'source:dest'. (default: none)"},
|
||||
{{"tmpfsmount", required_argument, NULL, 'T'}, "List of mountpoints to be mounted as RW/tmpfs inside the container. Can be specified multiple times. Supports 'dest' syntax. (default: none)"},
|
||||
{{"bindmount_ro", required_argument, NULL, 'R'}, "List of mountpoints to be mounted --bind (ro) inside the container. Can be specified multiple times. Supports 'source' syntax, or 'source:dest'"},
|
||||
{{"bindmount", required_argument, NULL, 'B'}, "List of mountpoints to be mounted --bind (rw) inside the container. Can be specified multiple times. Supports 'source' syntax, or 'source:dest'"},
|
||||
{{"tmpfsmount", required_argument, NULL, 'T'}, "List of mountpoints to be mounted as RW/tmpfs inside the container. Can be specified multiple times. Supports 'dest' syntax"},
|
||||
{{"iface", required_argument, NULL, 'I'}, "Interface which will be cloned (MACVTAP) and put inside the subprocess' namespace"},
|
||||
{{"tmpfs_size", required_argument, NULL, 0x0602}, "Number of bytes to allocate for tmpfsmounts (default: 4194304)"},
|
||||
{{"disable_proc", no_argument, NULL, 0x0603}, "Disable mounting /proc in the jail"},
|
||||
|
@ -68,6 +68,9 @@ static bool containUidGidMap(struct nsjconf_t *nsjconf)
|
||||
return true;
|
||||
}
|
||||
|
||||
sleep(10);
|
||||
return true;
|
||||
|
||||
int fd;
|
||||
char map[64];
|
||||
if ((fd = open("/proc/self/uid_map", O_WRONLY | O_CLOEXEC)) == -1) {
|
||||
@ -251,8 +254,8 @@ static bool containRemountRO(struct mounts_t *mpt)
|
||||
if (mpt->flags &= MS_RDONLY) {
|
||||
LOG_D("Re-mounting RO '%s'", mpt->dst);
|
||||
if (mount
|
||||
(mpt->dst, mpt->dst, NULL, MS_REC | MS_BIND | MS_PRIVATE | MS_REMOUNT | MS_RDONLY,
|
||||
0) == -1) {
|
||||
(mpt->dst, mpt->dst, NULL,
|
||||
MS_REC | MS_BIND | MS_PRIVATE | MS_REMOUNT | MS_RDONLY, 0) == -1) {
|
||||
PLOG_E("mount('%s', MS_REC|MS_BIND|MS_REMOUNT|MS_RDONLY)", mpt->dst);
|
||||
return false;
|
||||
}
|
||||
|
4
net.c
4
net.c
@ -77,7 +77,7 @@ bool netCloneMacVtapAndNS(struct nsjconf_t * nsjconf, int pid)
|
||||
return true;
|
||||
}
|
||||
|
||||
char iface[512];
|
||||
char iface[16];
|
||||
snprintf(iface, sizeof(iface), "%s.ns.%d", nsjconf->iface, pid);
|
||||
|
||||
#define SBIN_IP_PATH "/sbin/ip"
|
||||
@ -88,7 +88,7 @@ bool netCloneMacVtapAndNS(struct nsjconf_t * nsjconf, int pid)
|
||||
return false;
|
||||
}
|
||||
|
||||
char pid_str[512];
|
||||
char pid_str[256];
|
||||
snprintf(pid_str, sizeof(pid_str), "%d", pid);
|
||||
char *const argv_netns[] =
|
||||
{ SBIN_IP_PATH, "link", "set", "dev", iface, "netns", pid_str, NULL };
|
||||
|
@ -241,6 +241,7 @@ void subprocRunChild(struct nsjconf_t *nsjconf, int fd_in, int fd_out, int fd_er
|
||||
if (pid == 0) {
|
||||
subprocNewProc(nsjconf, fd_in, fd_out, fd_err, pipefd[1]);
|
||||
}
|
||||
|
||||
if (pid == -1) {
|
||||
PLOG_E("clone(flags=%#x) failed. You probably need root privileges if your system "
|
||||
"doesn't support CLONE_NEWUSER. Alternatively, you might want to recompile your "
|
||||
|
Loading…
Reference in New Issue
Block a user