net.o: net.h nsjail.h logs.h subproc.h
nsjail.o: nsjail.h cmdline.h logs.h macros.h net.h sandbox.h subproc.h util.h
pid.o: pid.h nsjail.h logs.h subproc.h
-sandbox.o: sandbox.h nsjail.h kafel/include/kafel.h logs.h
+sandbox.o: sandbox.h nsjail.h kafel/include/kafel.h logs.h util.h
subproc.o: subproc.h nsjail.h cgroup.h contain.h logs.h macros.h net.h
subproc.o: sandbox.h user.h util.h
uts.o: uts.h nsjail.h logs.h
.version = _LINUX_CAPABILITY_VERSION_3,
.pid = 0,
};
- if (syscall(__NR_capget, &cap_hdr, &cap_data) == -1) {
+ if (util::syscall(__NR_capget, (uintptr_t)&cap_hdr, (uintptr_t)&cap_data) == -1) {
PLOG_W("capget() failed");
return NULL;
}
.version = _LINUX_CAPABILITY_VERSION_3,
.pid = 0,
};
- if (syscall(__NR_capset, &cap_hdr, cap_data) == -1) {
+ if (util::syscall(__NR_capset, (uintptr_t)&cap_hdr, (uintptr_t)cap_data) == -1) {
PLOG_W("capset() failed");
return false;
}
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/wait.h>
-#include <syscall.h>
#include <unistd.h>
#include <memory>
* providing any special directory for old_root, which is sometimes not easy, given that
* e.g. /tmp might not always be present inside new_root
*/
- if (syscall(__NR_pivot_root, destdir->c_str(), destdir->c_str()) == -1) {
+ if (util::syscall(
+ __NR_pivot_root, (uintptr_t)destdir->c_str(), (uintptr_t)destdir->c_str()) == -1) {
PLOG_E("pivot_root('%s', '%s')", destdir->c_str(), destdir->c_str());
return false;
}
#include "kafel.h"
}
#include "logs.h"
+#include "util.h"
namespace sandbox {
"too old?)");
return false;
#else
- if (syscall(__NR_seccomp, (uintptr_t)SECCOMP_SET_MODE_FILTER,
+ if (util::syscall(__NR_seccomp, (uintptr_t)SECCOMP_SET_MODE_FILTER,
(uintptr_t)(SECCOMP_FILTER_FLAG_TSYNC | SECCOMP_FILTER_FLAG_LOG),
- &nsjconf->seccomp_fprog) == -1) {
+ (uintptr_t)&nsjconf->seccomp_fprog) == -1) {
PLOG_E(
"seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC | "
"SECCOMP_FILTER_FLAG_LOG) failed");
if (nsjconf->use_execveat) {
#if defined(__NR_execveat)
- syscall(__NR_execveat, (uintptr_t)nsjconf->exec_fd, "", (char* const*)argv.data(),
- environ, (uintptr_t)AT_EMPTY_PATH);
+ util::syscall(__NR_execveat, nsjconf->exec_fd, (uintptr_t) "",
+ (uintptr_t)argv.data(), (uintptr_t)environ, AT_EMPTY_PATH);
#else /* defined(__NR_execveat) */
- LOG_E("Your system doesn't support execveat() syscall");
+ LOG_E("Your system doesn't support execveat() util::syscall");
return;
#endif /* defined(__NR_execveat) */
} else {
p.remote_txt = net::connToText(sock, /* remote= */ true, &p.remote_addr);
char fname[PATH_MAX];
- snprintf(fname, sizeof(fname), "/proc/%d/syscall", (int)pid);
+ snprintf(fname, sizeof(fname), "/proc/%d/util::syscall", (int)pid);
p.pid_syscall_fd = TEMP_FAILURE_RETRY(open(fname, O_RDONLY | O_CLOEXEC));
nsjconf->pids.push_back(p);
}
static void seccompViolation(nsjconf_t* nsjconf, siginfo_t* si) {
- LOG_W("pid=%d commited a syscall/seccomp violation and exited with SIGSYS", si->si_pid);
+ LOG_W(
+ "pid=%d commited a util::syscall/seccomp violation and exited with SIGSYS", si->si_pid);
const pids_t* p = getPidElem(nsjconf, si->si_pid);
if (p == NULL) {
static bool setResGid(gid_t gid) {
LOG_D("setresgid(%d)", gid);
#if defined(__NR_setresgid32)
- if (syscall(__NR_setresgid32, (uintptr_t)gid, (uintptr_t)gid, (uintptr_t)gid) == -1) {
+ if (util::syscall(__NR_setresgid32, (uintptr_t)gid, (uintptr_t)gid, (uintptr_t)gid) == -1) {
PLOG_W("setresgid32(%d)", (int)gid);
return false;
}
#else /* defined(__NR_setresgid32) */
- if (syscall(__NR_setresgid, (uintptr_t)gid, (uintptr_t)gid, (uintptr_t)gid) == -1) {
+ if (util::syscall(__NR_setresgid, (uintptr_t)gid, (uintptr_t)gid, (uintptr_t)gid) == -1) {
PLOG_W("setresgid(%d)", gid);
return false;
}
static bool setResUid(uid_t uid) {
LOG_D("setresuid(%d)", uid);
#if defined(__NR_setresuid32)
- if (syscall(__NR_setresuid32, (uintptr_t)uid, (uintptr_t)uid, (uintptr_t)uid) == -1) {
+ if (util::syscall(__NR_setresuid32, (uintptr_t)uid, (uintptr_t)uid, (uintptr_t)uid) == -1) {
PLOG_W("setresuid32(%d)", (int)uid);
return false;
}
#else /* defined(__NR_setresuid32) */
- if (syscall(__NR_setresuid, (uintptr_t)uid, (uintptr_t)uid, (uintptr_t)uid) == -1) {
+ if (util::syscall(__NR_setresuid, (uintptr_t)uid, (uintptr_t)uid, (uintptr_t)uid) == -1) {
PLOG_W("setresuid(%d)", uid);
return false;
}