No need to add (default:none) in cmdline
This commit is contained in:
parent
be639261b5
commit
ad4b0105a7
@ -338,9 +338,9 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf)
|
|||||||
{{"disable_clone_newpid", no_argument, NULL, 0x0404}, "Don't use CLONE_NEWPID"},
|
{{"disable_clone_newpid", no_argument, NULL, 0x0404}, "Don't use CLONE_NEWPID"},
|
||||||
{{"disable_clone_newipc", no_argument, NULL, 0x0405}, "Don't use CLONE_NEWIPC"},
|
{{"disable_clone_newipc", no_argument, NULL, 0x0405}, "Don't use CLONE_NEWIPC"},
|
||||||
{{"disable_clone_newuts", no_argument, NULL, 0x0406}, "Don't use CLONE_NEWUTS"},
|
{{"disable_clone_newuts", no_argument, NULL, 0x0406}, "Don't use CLONE_NEWUTS"},
|
||||||
{{"bindmount_ro", required_argument, NULL, 'R'}, "List of mountpoints to be mounted --bind (ro) inside the container. Can be specified multiple times. Supports 'source' syntax, or 'source:dest'. (default: none)"},
|
{{"bindmount_ro", required_argument, NULL, 'R'}, "List of mountpoints to be mounted --bind (ro) inside the container. Can be specified multiple times. Supports 'source' syntax, or 'source:dest'"},
|
||||||
{{"bindmount", required_argument, NULL, 'B'}, "List of mountpoints to be mounted --bind (rw) inside the container. Can be specified multiple times. Supports 'source' syntax, or 'source:dest'. (default: none)"},
|
{{"bindmount", required_argument, NULL, 'B'}, "List of mountpoints to be mounted --bind (rw) inside the container. Can be specified multiple times. Supports 'source' syntax, or 'source:dest'"},
|
||||||
{{"tmpfsmount", required_argument, NULL, 'T'}, "List of mountpoints to be mounted as RW/tmpfs inside the container. Can be specified multiple times. Supports 'dest' syntax. (default: none)"},
|
{{"tmpfsmount", required_argument, NULL, 'T'}, "List of mountpoints to be mounted as RW/tmpfs inside the container. Can be specified multiple times. Supports 'dest' syntax"},
|
||||||
{{"iface", required_argument, NULL, 'I'}, "Interface which will be cloned (MACVTAP) and put inside the subprocess' namespace"},
|
{{"iface", required_argument, NULL, 'I'}, "Interface which will be cloned (MACVTAP) and put inside the subprocess' namespace"},
|
||||||
{{"tmpfs_size", required_argument, NULL, 0x0602}, "Number of bytes to allocate for tmpfsmounts (default: 4194304)"},
|
{{"tmpfs_size", required_argument, NULL, 0x0602}, "Number of bytes to allocate for tmpfsmounts (default: 4194304)"},
|
||||||
{{"disable_proc", no_argument, NULL, 0x0603}, "Disable mounting /proc in the jail"},
|
{{"disable_proc", no_argument, NULL, 0x0603}, "Disable mounting /proc in the jail"},
|
||||||
|
@ -68,6 +68,9 @@ static bool containUidGidMap(struct nsjconf_t *nsjconf)
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sleep(10);
|
||||||
|
return true;
|
||||||
|
|
||||||
int fd;
|
int fd;
|
||||||
char map[64];
|
char map[64];
|
||||||
if ((fd = open("/proc/self/uid_map", O_WRONLY | O_CLOEXEC)) == -1) {
|
if ((fd = open("/proc/self/uid_map", O_WRONLY | O_CLOEXEC)) == -1) {
|
||||||
@ -251,8 +254,8 @@ static bool containRemountRO(struct mounts_t *mpt)
|
|||||||
if (mpt->flags &= MS_RDONLY) {
|
if (mpt->flags &= MS_RDONLY) {
|
||||||
LOG_D("Re-mounting RO '%s'", mpt->dst);
|
LOG_D("Re-mounting RO '%s'", mpt->dst);
|
||||||
if (mount
|
if (mount
|
||||||
(mpt->dst, mpt->dst, NULL, MS_REC | MS_BIND | MS_PRIVATE | MS_REMOUNT | MS_RDONLY,
|
(mpt->dst, mpt->dst, NULL,
|
||||||
0) == -1) {
|
MS_REC | MS_BIND | MS_PRIVATE | MS_REMOUNT | MS_RDONLY, 0) == -1) {
|
||||||
PLOG_E("mount('%s', MS_REC|MS_BIND|MS_REMOUNT|MS_RDONLY)", mpt->dst);
|
PLOG_E("mount('%s', MS_REC|MS_BIND|MS_REMOUNT|MS_RDONLY)", mpt->dst);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
4
net.c
4
net.c
@ -77,7 +77,7 @@ bool netCloneMacVtapAndNS(struct nsjconf_t * nsjconf, int pid)
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
char iface[512];
|
char iface[16];
|
||||||
snprintf(iface, sizeof(iface), "%s.ns.%d", nsjconf->iface, pid);
|
snprintf(iface, sizeof(iface), "%s.ns.%d", nsjconf->iface, pid);
|
||||||
|
|
||||||
#define SBIN_IP_PATH "/sbin/ip"
|
#define SBIN_IP_PATH "/sbin/ip"
|
||||||
@ -88,7 +88,7 @@ bool netCloneMacVtapAndNS(struct nsjconf_t * nsjconf, int pid)
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
char pid_str[512];
|
char pid_str[256];
|
||||||
snprintf(pid_str, sizeof(pid_str), "%d", pid);
|
snprintf(pid_str, sizeof(pid_str), "%d", pid);
|
||||||
char *const argv_netns[] =
|
char *const argv_netns[] =
|
||||||
{ SBIN_IP_PATH, "link", "set", "dev", iface, "netns", pid_str, NULL };
|
{ SBIN_IP_PATH, "link", "set", "dev", iface, "netns", pid_str, NULL };
|
||||||
|
@ -241,6 +241,7 @@ void subprocRunChild(struct nsjconf_t *nsjconf, int fd_in, int fd_out, int fd_er
|
|||||||
if (pid == 0) {
|
if (pid == 0) {
|
||||||
subprocNewProc(nsjconf, fd_in, fd_out, fd_err, pipefd[1]);
|
subprocNewProc(nsjconf, fd_in, fd_out, fd_err, pipefd[1]);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pid == -1) {
|
if (pid == -1) {
|
||||||
PLOG_E("clone(flags=%#x) failed. You probably need root privileges if your system "
|
PLOG_E("clone(flags=%#x) failed. You probably need root privileges if your system "
|
||||||
"doesn't support CLONE_NEWUSER. Alternatively, you might want to recompile your "
|
"doesn't support CLONE_NEWUSER. Alternatively, you might want to recompile your "
|
||||||
|
Loading…
Reference in New Issue
Block a user