Move contain fnctions into contain.c
This commit is contained in:
parent
8793dc4c9e
commit
eb52ab9a2b
42
contain.c
42
contain.c
@ -48,17 +48,17 @@
|
||||
#include "util.h"
|
||||
#include "uts.h"
|
||||
|
||||
bool containInitNetNs(struct nsjconf_t * nsjconf)
|
||||
static bool containInitNetNs(struct nsjconf_t *nsjconf)
|
||||
{
|
||||
return netInitNsFromChild(nsjconf);
|
||||
}
|
||||
|
||||
bool containInitUtsNs(struct nsjconf_t * nsjconf)
|
||||
static bool containInitUtsNs(struct nsjconf_t *nsjconf)
|
||||
{
|
||||
return utsInitNs(nsjconf);
|
||||
}
|
||||
|
||||
bool containDropPrivs(struct nsjconf_t * nsjconf)
|
||||
static bool containDropPrivs(struct nsjconf_t *nsjconf)
|
||||
{
|
||||
/*
|
||||
* Best effort because of /proc/self/setgroups
|
||||
@ -114,7 +114,7 @@ bool containDropPrivs(struct nsjconf_t * nsjconf)
|
||||
return true;
|
||||
}
|
||||
|
||||
bool containPrepareEnv(struct nsjconf_t * nsjconf)
|
||||
static bool containPrepareEnv(struct nsjconf_t *nsjconf)
|
||||
{
|
||||
if (prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0) == -1) {
|
||||
PLOG_E("prctl(PR_SET_PDEATHSIG, SIGKILL)");
|
||||
@ -134,12 +134,12 @@ bool containPrepareEnv(struct nsjconf_t * nsjconf)
|
||||
return true;
|
||||
}
|
||||
|
||||
bool containInitMountNs(struct nsjconf_t * nsjconf)
|
||||
static bool containInitMountNs(struct nsjconf_t *nsjconf)
|
||||
{
|
||||
return mountInitNs(nsjconf);
|
||||
}
|
||||
|
||||
bool containSetLimits(struct nsjconf_t * nsjconf)
|
||||
static bool containSetLimits(struct nsjconf_t *nsjconf)
|
||||
{
|
||||
struct rlimit64 rl;
|
||||
rl.rlim_cur = rl.rlim_max = nsjconf->rl_as;
|
||||
@ -240,7 +240,7 @@ static bool containMakeFdsCOEProc(void)
|
||||
return true;
|
||||
}
|
||||
|
||||
bool containMakeFdsCOE(void)
|
||||
static bool containMakeFdsCOE(void)
|
||||
{
|
||||
if (containMakeFdsCOEProc() == true) {
|
||||
return true;
|
||||
@ -283,3 +283,31 @@ bool containSetupFD(struct nsjconf_t * nsjconf, int fd_in, int fd_out, int fd_er
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
bool containContain(struct nsjconf_t * nsjconf)
|
||||
{
|
||||
if (containInitMountNs(nsjconf) == false) {
|
||||
return false;
|
||||
}
|
||||
if (containInitNetNs(nsjconf) == false) {
|
||||
return false;
|
||||
}
|
||||
if (containInitUtsNs(nsjconf) == false) {
|
||||
return false;
|
||||
}
|
||||
if (containDropPrivs(nsjconf) == false) {
|
||||
return false;
|
||||
}
|
||||
/* */
|
||||
/* As non-root */
|
||||
if (containSetLimits(nsjconf) == false) {
|
||||
return false;
|
||||
}
|
||||
if (containPrepareEnv(nsjconf) == false) {
|
||||
return false;
|
||||
}
|
||||
if (containMakeFdsCOE() == false) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
@ -26,13 +26,7 @@
|
||||
|
||||
#include "common.h"
|
||||
|
||||
bool containInitNetNs(struct nsjconf_t *nsjconf);
|
||||
bool containInitUtsNs(struct nsjconf_t *nsjconf);
|
||||
bool containDropPrivs(struct nsjconf_t *nsjconf);
|
||||
bool containPrepareEnv(struct nsjconf_t *nsjconf);
|
||||
bool containInitMountNs(struct nsjconf_t *nsjconf);
|
||||
bool containSetLimits(struct nsjconf_t *nsjconf);
|
||||
bool containMakeFdsCOE(void);
|
||||
bool containSetupFD(struct nsjconf_t *nsjconf, int fd_in, int fd_out, int fd_err, int fd_log);
|
||||
bool containContain(struct nsjconf_t *nsjconf);
|
||||
|
||||
#endif /* _CONTAIN_H */
|
||||
|
32
subproc.c
32
subproc.c
@ -61,34 +61,9 @@ static int subprocNewProc(struct nsjconf_t *nsjconf, int fd_in, int fd_out, int
|
||||
if (doneChar != subprocDoneChar) {
|
||||
exit(1);
|
||||
}
|
||||
if (containInitMountNs(nsjconf) == false) {
|
||||
if (containContain(nsjconf) == false) {
|
||||
exit(1);
|
||||
}
|
||||
if (containInitNetNs(nsjconf) == false) {
|
||||
exit(1);
|
||||
}
|
||||
if (containInitUtsNs(nsjconf) == false) {
|
||||
exit(1);
|
||||
}
|
||||
if (containDropPrivs(nsjconf) == false) {
|
||||
exit(1);
|
||||
}
|
||||
/* */
|
||||
/* As non-root */
|
||||
if (containSetLimits(nsjconf) == false) {
|
||||
exit(1);
|
||||
}
|
||||
if (containPrepareEnv(nsjconf) == false) {
|
||||
exit(1);
|
||||
}
|
||||
if (containMakeFdsCOE() == false) {
|
||||
exit(1);
|
||||
}
|
||||
/* Should be the last one in the sequence */
|
||||
if (sandboxApply(nsjconf) == false) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (nsjconf->keep_env == false) {
|
||||
clearenv();
|
||||
}
|
||||
@ -101,6 +76,11 @@ static int subprocNewProc(struct nsjconf_t *nsjconf, int fd_in, int fd_out, int
|
||||
for (size_t i = 0; nsjconf->argv[i]; i++) {
|
||||
LOG_D(" Arg[%zu]: '%s'", i, nsjconf->argv[i]);
|
||||
}
|
||||
|
||||
/* Should be the last one in the sequence */
|
||||
if (sandboxApply(nsjconf) == false) {
|
||||
exit(1);
|
||||
}
|
||||
execv(nsjconf->argv[0], &nsjconf->argv[0]);
|
||||
|
||||
PLOG_E("execve('%s') failed", nsjconf->argv[0]);
|
||||
|
Loading…
Reference in New Issue
Block a user