Move contain fnctions into contain.c

contain.c

@@ -48,17 +48,17 @@
 #include "util.h"
 #include "uts.h"
 
-bool containInitNetNs(struct nsjconf_t * nsjconf)
+static bool containInitNetNs(struct nsjconf_t *nsjconf)
 {
 	return netInitNsFromChild(nsjconf);
 }
 
-bool containInitUtsNs(struct nsjconf_t * nsjconf)
+static bool containInitUtsNs(struct nsjconf_t *nsjconf)
 {
 	return utsInitNs(nsjconf);
 }
 
-bool containDropPrivs(struct nsjconf_t * nsjconf)
+static bool containDropPrivs(struct nsjconf_t *nsjconf)
 {
 	/*
 	 * Best effort because of /proc/self/setgroups
@@ -114,7 +114,7 @@ bool containDropPrivs(struct nsjconf_t * nsjconf)
 	return true;
 }
 
-bool containPrepareEnv(struct nsjconf_t * nsjconf)
+static bool containPrepareEnv(struct nsjconf_t *nsjconf)
 {
 	if (prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0) == -1) {
 		PLOG_E("prctl(PR_SET_PDEATHSIG, SIGKILL)");
@@ -134,12 +134,12 @@ bool containPrepareEnv(struct nsjconf_t * nsjconf)
 	return true;
 }
 
-bool containInitMountNs(struct nsjconf_t * nsjconf)
+static bool containInitMountNs(struct nsjconf_t *nsjconf)
 {
 	return mountInitNs(nsjconf);
 }
 
-bool containSetLimits(struct nsjconf_t * nsjconf)
+static bool containSetLimits(struct nsjconf_t *nsjconf)
 {
 	struct rlimit64 rl;
 	rl.rlim_cur = rl.rlim_max = nsjconf->rl_as;
@@ -240,7 +240,7 @@ static bool containMakeFdsCOEProc(void)
 	return true;
 }
 
-bool containMakeFdsCOE(void)
+static bool containMakeFdsCOE(void)
 {
 	if (containMakeFdsCOEProc() == true) {
 		return true;
@@ -283,3 +283,31 @@ bool containSetupFD(struct nsjconf_t * nsjconf, int fd_in, int fd_out, int fd_er
 	}
 	return true;
 }
+
+bool containContain(struct nsjconf_t * nsjconf)
+{
+	if (containInitMountNs(nsjconf) == false) {
+		return false;
+	}
+	if (containInitNetNs(nsjconf) == false) {
+		return false;
+	}
+	if (containInitUtsNs(nsjconf) == false) {
+		return false;
+	}
+	if (containDropPrivs(nsjconf) == false) {
+		return false;
+	}
+	/* */
+	/* As non-root */
+	if (containSetLimits(nsjconf) == false) {
+		return false;
+	}
+	if (containPrepareEnv(nsjconf) == false) {
+		return false;
+	}
+	if (containMakeFdsCOE() == false) {
+		return false;
+	}
+	return true;
+}

contain.h

@@ -26,13 +26,7 @@
 
 #include "common.h"
 
-bool containInitNetNs(struct nsjconf_t *nsjconf);
-bool containInitUtsNs(struct nsjconf_t *nsjconf);
-bool containDropPrivs(struct nsjconf_t *nsjconf);
-bool containPrepareEnv(struct nsjconf_t *nsjconf);
-bool containInitMountNs(struct nsjconf_t *nsjconf);
-bool containSetLimits(struct nsjconf_t *nsjconf);
-bool containMakeFdsCOE(void);
 bool containSetupFD(struct nsjconf_t *nsjconf, int fd_in, int fd_out, int fd_err, int fd_log);
+bool containContain(struct nsjconf_t *nsjconf);
 
 #endif				/* _CONTAIN_H */

subproc.c

@@ -61,34 +61,9 @@ static int subprocNewProc(struct nsjconf_t *nsjconf, int fd_in, int fd_out, int
 	if (doneChar != subprocDoneChar) {
 		exit(1);
 	}
-	if (containInitMountNs(nsjconf) == false) {
+	if (containContain(nsjconf) == false) {
 		exit(1);
 	}
-	if (containInitNetNs(nsjconf) == false) {
-		exit(1);
-	}
-	if (containInitUtsNs(nsjconf) == false) {
-		exit(1);
-	}
-	if (containDropPrivs(nsjconf) == false) {
-		exit(1);
-	}
-	/* */
-	/* As non-root */
-	if (containSetLimits(nsjconf) == false) {
-		exit(1);
-	}
-	if (containPrepareEnv(nsjconf) == false) {
-		exit(1);
-	}
-	if (containMakeFdsCOE() == false) {
-		exit(1);
-	}
-	/* Should be the last one in the sequence */
-	if (sandboxApply(nsjconf) == false) {
-		exit(1);
-	}
-
 	if (nsjconf->keep_env == false) {
 		clearenv();
 	}
@@ -101,6 +76,11 @@ static int subprocNewProc(struct nsjconf_t *nsjconf, int fd_in, int fd_out, int
 	for (size_t i = 0; nsjconf->argv[i]; i++) {
 		LOG_D(" Arg[%zu]: '%s'", i, nsjconf->argv[i]);
 	}
+
+	/* Should be the last one in the sequence */
+	if (sandboxApply(nsjconf) == false) {
+		exit(1);
+	}
 	execv(nsjconf->argv[0], &nsjconf->argv[0]);
 
 	PLOG_E("execve('%s') failed", nsjconf->argv[0]);