indent 100
This commit is contained in:
parent
99d78a996a
commit
da4fc22eab
2
Makefile
2
Makefile
@ -45,7 +45,7 @@ depend:
|
||||
makedepend -Y. -- $(CFLAGS) -- $(SRCS)
|
||||
|
||||
indent:
|
||||
indent -linux -l120 -lc120 -sob -c33 -cp33 *.c *.h seccomp/*.c seccomp/*.h; rm -f *~ seccomp/*~
|
||||
indent -linux -l100 -lc100 *.c *.h seccomp/*.c seccomp/*.h; rm -f *~ seccomp/*~
|
||||
|
||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||
|
||||
|
10
cmdline.c
10
cmdline.c
@ -55,8 +55,8 @@ static void cmdlineHelp(const char *pname, struct custom_option *opts)
|
||||
LOG_HELP_BOLD("Options:");
|
||||
for (int i = 0; opts[i].opt.name; i++) {
|
||||
if (isprint(opts[i].opt.val)) {
|
||||
LOG_HELP_BOLD(" --%s%s%c %s", opts[i].opt.name,
|
||||
"|-", opts[i].opt.val, opts[i].opt.has_arg == required_argument ? "[val]" : "");
|
||||
LOG_HELP_BOLD(" --%s%s%c %s", opts[i].opt.name, "|-", opts[i].opt.val,
|
||||
opts[i].opt.has_arg == required_argument ? "[val]" : "");
|
||||
} else {
|
||||
LOG_HELP_BOLD(" --%s %s", opts[i].opt.name,
|
||||
opts[i].opt.has_arg == required_argument ? "[val]" : "");
|
||||
@ -140,7 +140,8 @@ rlim_t cmdlineParseRLimit(int res, const char *optarg, unsigned long mul)
|
||||
return cur.rlim_cur;
|
||||
}
|
||||
if (cmdlineIsANumber(optarg) == false) {
|
||||
LOG_F("RLIMIT %d needs a numeric or 'max'/'def' value ('%s' provided)", res, optarg);
|
||||
LOG_F("RLIMIT %d needs a numeric or 'max'/'def' value ('%s' provided)", res,
|
||||
optarg);
|
||||
}
|
||||
rlim_t val = strtoul(optarg, NULL, 0) * mul;
|
||||
if (val == ULONG_MAX && errno != 0) {
|
||||
@ -257,7 +258,8 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf)
|
||||
|
||||
int opt_index = 0;
|
||||
for (;;) {
|
||||
int c = getopt_long(argc, argv, "H:c:p:i:u:g:l:t:M:Ndveh?R:B:T:I:", opts, &opt_index);
|
||||
int c =
|
||||
getopt_long(argc, argv, "H:c:p:i:u:g:l:t:M:Ndveh?R:B:T:I:", opts, &opt_index);
|
||||
if (c == -1) {
|
||||
break;
|
||||
}
|
||||
|
25
contain.c
25
contain.c
@ -73,7 +73,8 @@ static bool containUidGidMap(struct nsjconf_t *nsjconf, uid_t uid, gid_t gid)
|
||||
PLOG_E("open('/proc/self/uid_map', O_WRONLY | O_CLOEXEC)");
|
||||
return false;
|
||||
}
|
||||
snprintf(map, sizeof(map), "%lu %lu 1", (unsigned long)uid, (unsigned long)nsjconf->initial_uid);
|
||||
snprintf(map, sizeof(map), "%lu %lu 1", (unsigned long)uid,
|
||||
(unsigned long)nsjconf->initial_uid);
|
||||
LOG_D("Writing '%s' to /proc/self/uid_map", map);
|
||||
if (write(fd, map, strlen(map)) == -1) {
|
||||
PLOG_E("write('/proc/self/uid_map', %d, '%s')", fd, map);
|
||||
@ -86,7 +87,8 @@ static bool containUidGidMap(struct nsjconf_t *nsjconf, uid_t uid, gid_t gid)
|
||||
PLOG_E("open('/proc/self/gid_map', O_WRONLY | O_CLOEXEC)");
|
||||
return false;
|
||||
}
|
||||
snprintf(map, sizeof(map), "%lu %lu 1", (unsigned long)gid, (unsigned long)nsjconf->initial_gid);
|
||||
snprintf(map, sizeof(map), "%lu %lu 1", (unsigned long)gid,
|
||||
(unsigned long)nsjconf->initial_gid);
|
||||
LOG_D("Writing '%s' to /proc/self/gid_map", map);
|
||||
if (write(fd, map, strlen(map)) == -1) {
|
||||
PLOG_E("write('/proc/self/gid_map', %d, '%s')", fd, map);
|
||||
@ -217,16 +219,16 @@ static bool bindMountRW(struct nsjconf_t *nsjconf, const char *newrootdir, const
|
||||
if (S_ISDIR(st.st_mode)) {
|
||||
// Create mount_pt dir, only if the source bind mount point is also a directory
|
||||
if (mkdir(mount_pt, 0700) == -1 && errno != EEXIST) {
|
||||
PLOG_E("mkdir('%s') failed. Try creating the '%s/%s' directory manually", mount_pt,
|
||||
nsjconf->chroot, dest);
|
||||
PLOG_E("mkdir('%s') failed. Try creating the '%s/%s' directory manually",
|
||||
mount_pt, nsjconf->chroot, dest);
|
||||
goto cleanup;
|
||||
}
|
||||
} else {
|
||||
// For everything else (files, sockets, pipes, devices), create a regular file
|
||||
int fd = open(mount_pt, O_CREAT | O_RDONLY, 0700);
|
||||
if (fd == -1) {
|
||||
PLOG_E("creat('%s') failed. Try creating the '%s/%s' file manually", mount_pt, nsjconf->chroot,
|
||||
dest);
|
||||
PLOG_E("creat('%s') failed. Try creating the '%s/%s' file manually",
|
||||
mount_pt, nsjconf->chroot, dest);
|
||||
goto cleanup;
|
||||
}
|
||||
close(fd);
|
||||
@ -259,8 +261,10 @@ static bool remountBindMount(const char *spec, unsigned long flags)
|
||||
char *dest = findSpecDestination(source);
|
||||
|
||||
LOG_D("Remounting (bind(0x%lx)) '%s' on '%s'", flags, dest, dest);
|
||||
if (mount(dest, dest, NULL, MS_BIND | MS_NOSUID | MS_REMOUNT | MS_PRIVATE | flags, NULL) == -1) {
|
||||
PLOG_E("mount('%s', '%s', MS_BIND|MS_NOSUID|MS_REMOUNT|MS_PRIVATE|%lu)", dest, dest, flags);
|
||||
if (mount(dest, dest, NULL, MS_BIND | MS_NOSUID | MS_REMOUNT | MS_PRIVATE | flags, NULL) ==
|
||||
-1) {
|
||||
PLOG_E("mount('%s', '%s', MS_BIND|MS_NOSUID|MS_REMOUNT|MS_PRIVATE|%lu)", dest, dest,
|
||||
flags);
|
||||
goto cleanup;
|
||||
}
|
||||
success = true;
|
||||
@ -326,8 +330,9 @@ bool containMountFS(struct nsjconf_t * nsjconf)
|
||||
char tmpfsdir[PATH_MAX];
|
||||
snprintf(tmpfsdir, sizeof(tmpfsdir), "%s/%s", newrootdir, p->value);
|
||||
if (mkdir(tmpfsdir, 0700) == -1 && errno != EEXIST) {
|
||||
PLOG_E("mkdir('%s') (for tmpfs:'%s'); You probably need to create it inside your "
|
||||
"--chroot ('%s') directory", tmpfsdir, p->value, nsjconf->chroot);
|
||||
PLOG_E
|
||||
("mkdir('%s') (for tmpfs:'%s'); You probably need to create it inside your "
|
||||
"--chroot ('%s') directory", tmpfsdir, p->value, nsjconf->chroot);
|
||||
return false;
|
||||
}
|
||||
LOG_D("Mounting (tmpfs) '%s' at '%s'", p->value, tmpfsdir);
|
||||
|
3
log.c
3
log.c
@ -102,7 +102,8 @@ void logLog(enum llevel_t ll, const char *fn, int ln, bool perr, const char *fmt
|
||||
dprintf(log_fd, "%s", logLevels[ll].prefix);
|
||||
}
|
||||
if (logLevels[ll].print_funcline) {
|
||||
dprintf(log_fd, "[%s][%s][%ld] %s():%d ", timestr, logLevels[ll].descr, syscall(__NR_getpid), fn, ln);
|
||||
dprintf(log_fd, "[%s][%s][%ld] %s():%d ", timestr, logLevels[ll].descr,
|
||||
syscall(__NR_getpid), fn, ln);
|
||||
}
|
||||
|
||||
va_list args;
|
||||
|
3
net.c
3
net.c
@ -90,7 +90,8 @@ bool netCloneMacVtapAndNS(struct nsjconf_t * nsjconf, int pid)
|
||||
|
||||
char pid_str[512];
|
||||
snprintf(pid_str, sizeof(pid_str), "%d", pid);
|
||||
char *const argv_netns[] = { SBIN_IP_PATH, "link", "set", "dev", iface, "netns", pid_str, NULL };
|
||||
char *const argv_netns[] =
|
||||
{ SBIN_IP_PATH, "link", "set", "dev", iface, "netns", pid_str, NULL };
|
||||
if (netSystem(SBIN_IP_PATH, argv_netns) == false) {
|
||||
LOG_E("Couldn't put interface '%s' into NS of PID '%d'", iface, pid);
|
||||
return false;
|
||||
|
@ -98,7 +98,8 @@ bool sandboxApply(struct nsjconf_t * nsjconf)
|
||||
return false;
|
||||
}
|
||||
#else /* defined(__x86_64__) || defined(__i386__) */
|
||||
LOG_W("There's no seccomp-bpf implementation ready for the current CPU architecture. Sandbox not enabled");
|
||||
LOG_W
|
||||
("There's no seccomp-bpf implementation ready for the current CPU architecture. Sandbox not enabled");
|
||||
#endif /* defined(__x86_64__) || defined(__i386__) */
|
||||
return true;
|
||||
}
|
||||
|
@ -33,7 +33,8 @@ int bpf_resolve_jumps(struct bpf_labels *labels, struct sock_filter *filter, siz
|
||||
switch ((filter->jt << 8) | filter->jf) {
|
||||
case (JUMP_JT << 8) | JUMP_JF:
|
||||
if (labels->labels[filter->k].location == 0xffffffff) {
|
||||
fprintf(stderr, "Unresolved label: '%s'\n", labels->labels[filter->k].label);
|
||||
fprintf(stderr, "Unresolved label: '%s'\n",
|
||||
labels->labels[filter->k].label);
|
||||
return 1;
|
||||
}
|
||||
filter->k = labels->labels[filter->k].location - (insn + 1);
|
||||
@ -42,7 +43,8 @@ int bpf_resolve_jumps(struct bpf_labels *labels, struct sock_filter *filter, siz
|
||||
continue;
|
||||
case (LABEL_JT << 8) | LABEL_JF:
|
||||
if (labels->labels[filter->k].location != 0xffffffff) {
|
||||
fprintf(stderr, "Duplicate label use: '%s'\n", labels->labels[filter->k].label);
|
||||
fprintf(stderr, "Duplicate label use: '%s'\n",
|
||||
labels->labels[filter->k].label);
|
||||
return 1;
|
||||
}
|
||||
labels->labels[filter->k].location = insn;
|
||||
@ -86,5 +88,6 @@ void seccomp_bpf_print(struct sock_filter *filter, size_t count)
|
||||
{
|
||||
struct sock_filter *end = filter + count;
|
||||
for (; filter < end; ++filter)
|
||||
printf("{ code=%u,jt=%u,jf=%u,k=%u },\n", filter->code, filter->jt, filter->jf, filter->k);
|
||||
printf("{ code=%u,jt=%u,jf=%u,k=%u },\n", filter->code, filter->jt, filter->jf,
|
||||
filter->k);
|
||||
}
|
||||
|
@ -139,8 +139,8 @@ void subprocDisplay(struct nsjconf_t *nsjconf)
|
||||
LIST_FOREACH(p, &nsjconf->pids, pointers) {
|
||||
time_t diff = now - p->start;
|
||||
time_t left = nsjconf->tlimit ? nsjconf->tlimit - diff : 0;
|
||||
LOG_I("PID: %d, Remote host: %s, Run time: %ld sec. (time left: %ld sec.)", p->pid, p->remote_txt,
|
||||
(long)diff, (long)left);
|
||||
LOG_I("PID: %d, Remote host: %s, Run time: %ld sec. (time left: %ld sec.)", p->pid,
|
||||
p->remote_txt, (long)diff, (long)left);
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user