BIN = nsjail
LIBS = kafel/libkafel.a
-SRCS_C = log.c cgroup.c mount.c user.c util.c
-SRCS_CXX = caps.cc cmdline.cc config.cc contain.cc cpu.cc net.cc nsjail.cc pid.cc sandbox.cc subproc.cc uts.cc
+SRCS_C = log.c mount.c util.c
+SRCS_CXX = caps.cc cgroup.cc cmdline.cc config.cc contain.cc cpu.cc net.cc nsjail.cc pid.cc sandbox.cc subproc.cc uts.cc user.cc
SRCS_PROTO = config.proto
SRCS_PB_CXX = $(SRCS_PROTO:.proto=.pb.cc)
SRCS_PB_H = $(SRCS_PROTO:.proto=.pb.h)
# DO NOT DELETE THIS LINE -- make depend depends on it.
log.o: log.h nsjail.h
-cgroup.o: cgroup.h nsjail.h log.h util.h
mount.o: mount.h nsjail.h common.h log.h subproc.h util.h
util.o: util.h nsjail.h common.h log.h
caps.o: caps.h nsjail.h common.h log.h util.h
+cgroup.o: cgroup.h nsjail.h log.h util.h
cmdline.o: cmdline.h nsjail.h common.h log.h mount.h util.h caps.h config.h
cmdline.o: sandbox.h user.h
config.o: common.h config.h nsjail.h log.h mount.h util.h caps.h cmdline.h
config.o: user.h
-contain.o: contain.h nsjail.h cgroup.h log.h mount.h caps.h cpu.h net.h pid.h
+contain.o: contain.h nsjail.h log.h mount.h caps.h cgroup.h cpu.h net.h pid.h
contain.o: user.h uts.h
cpu.o: cpu.h nsjail.h log.h util.h
net.o: net.h nsjail.h log.h subproc.h
nsjail.o: nsjail.h cmdline.h common.h log.h net.h subproc.h util.h
pid.o: pid.h nsjail.h log.h subproc.h
sandbox.o: sandbox.h nsjail.h kafel/include/kafel.h log.h
-subproc.o: subproc.h nsjail.h contain.h net.h sandbox.h user.h cgroup.h
+subproc.o: subproc.h nsjail.h cgroup.h contain.h net.h sandbox.h user.h
subproc.o: common.h log.h util.h
uts.o: uts.h nsjail.h log.h
+user.o: user.h nsjail.h common.h log.h util.h subproc.h
#include <sys/stat.h>
#include <unistd.h>
+extern "C" {
#include "log.h"
#include "util.h"
+}
+
+namespace cgroup {
-static bool cgroupInitNsFromParentMem(struct nsjconf_t* nsjconf, pid_t pid) {
+static bool initNsFromParentMem(struct nsjconf_t* nsjconf, pid_t pid) {
if (nsjconf->cgroup_mem_max == (size_t)0) {
return true;
}
return true;
}
-static bool cgroupInitNsFromParentPids(struct nsjconf_t* nsjconf, pid_t pid) {
+static bool initNsFromParentPids(struct nsjconf_t* nsjconf, pid_t pid) {
if (nsjconf->cgroup_pids_max == 0U) {
return true;
}
return true;
}
-static bool cgroupInitNsFromParentNetCls(struct nsjconf_t* nsjconf, pid_t pid) {
+static bool initNsFromParentNetCls(struct nsjconf_t* nsjconf, pid_t pid) {
if (nsjconf->cgroup_net_cls_classid == 0U) {
return true;
}
return true;
}
-static bool cgroupInitNsFromParentCpu(struct nsjconf_t* nsjconf, pid_t pid) {
+static bool initNsFromParentCpu(struct nsjconf_t* nsjconf, pid_t pid) {
if (nsjconf->cgroup_cpu_ms_per_sec == 0U) {
return true;
}
return true;
}
-bool cgroupInitNsFromParent(struct nsjconf_t* nsjconf, pid_t pid) {
- if (!cgroupInitNsFromParentMem(nsjconf, pid)) {
+bool initNsFromParent(struct nsjconf_t* nsjconf, pid_t pid) {
+ if (!initNsFromParentMem(nsjconf, pid)) {
return false;
}
- if (!cgroupInitNsFromParentPids(nsjconf, pid)) {
+ if (!initNsFromParentPids(nsjconf, pid)) {
return false;
}
- if (!cgroupInitNsFromParentNetCls(nsjconf, pid)) {
+ if (!initNsFromParentNetCls(nsjconf, pid)) {
return false;
}
- if (!cgroupInitNsFromParentCpu(nsjconf, pid)) {
+ if (!initNsFromParentCpu(nsjconf, pid)) {
return false;
}
return true;
}
-void cgroupFinishFromParentMem(struct nsjconf_t* nsjconf, pid_t pid) {
+void finishFromParentMem(struct nsjconf_t* nsjconf, pid_t pid) {
if (nsjconf->cgroup_mem_max == (size_t)0) {
return;
}
return;
}
-void cgroupFinishFromParentPids(struct nsjconf_t* nsjconf, pid_t pid) {
+void finishFromParentPids(struct nsjconf_t* nsjconf, pid_t pid) {
if (nsjconf->cgroup_pids_max == 0U) {
return;
}
return;
}
-void cgroupFinishFromParentCpu(struct nsjconf_t* nsjconf, pid_t pid) {
+void finishFromParentCpu(struct nsjconf_t* nsjconf, pid_t pid) {
if (nsjconf->cgroup_cpu_ms_per_sec == 0U) {
return;
}
return;
}
-void cgroupFinishFromParentNetCls(struct nsjconf_t* nsjconf, pid_t pid) {
+void finishFromParentNetCls(struct nsjconf_t* nsjconf, pid_t pid) {
if (nsjconf->cgroup_net_cls_classid == 0U) {
return;
}
return;
}
-void cgroupFinishFromParent(struct nsjconf_t* nsjconf, pid_t pid) {
- cgroupFinishFromParentMem(nsjconf, pid);
- cgroupFinishFromParentPids(nsjconf, pid);
- cgroupFinishFromParentNetCls(nsjconf, pid);
- cgroupFinishFromParentCpu(nsjconf, pid);
+void finishFromParent(struct nsjconf_t* nsjconf, pid_t pid) {
+ finishFromParentMem(nsjconf, pid);
+ finishFromParentPids(nsjconf, pid);
+ finishFromParentNetCls(nsjconf, pid);
+ finishFromParentCpu(nsjconf, pid);
}
-bool cgroupInitNs(void) { return true; }
+bool initNs(void) { return true; }
+
+} // namespace cgroup
#include "nsjail.h"
-bool cgroupInitNsFromParent(struct nsjconf_t* nsjconf, pid_t pid);
-bool cgroupInitNs(void);
-void cgroupFinishFromParent(struct nsjconf_t* nsjconf, pid_t pid);
+namespace cgroup {
+
+bool initNsFromParent(struct nsjconf_t* nsjconf, pid_t pid);
+bool initNs(void);
+void finishFromParent(struct nsjconf_t* nsjconf, pid_t pid);
+
+} // namespace cgroup
#endif /* _CGROUP_H */
#include <unistd.h>
extern "C" {
-#include "cgroup.h"
#include "log.h"
#include "mount.h"
}
#include "caps.h"
+#include "cgroup.h"
#include "cpu.h"
#include "net.h"
#include "pid.h"
static bool containInitUtsNs(struct nsjconf_t* nsjconf) { return uts::initNs(nsjconf); }
-static bool containInitCgroupNs(void) { return cgroupInitNs(); }
+static bool containInitCgroupNs(void) { return cgroup::initNs(); }
static bool containDropPrivs(struct nsjconf_t* nsjconf) {
#ifndef PR_SET_NO_NEW_PRIVS
#include <time.h>
#include <unistd.h>
+#include "cgroup.h"
#include "contain.h"
#include "net.h"
#include "sandbox.h"
#include "user.h"
extern "C" {
-#include "cgroup.h"
#include "common.h"
#include "log.h"
#include "util.h"
LOG_E("Couldn't initialize net user namespace");
_exit(0xff);
}
- if (cgroupInitNsFromParent(nsjconf, getpid()) == false) {
+ if (cgroup::initNsFromParent(nsjconf, getpid()) == false) {
LOG_E("Couldn't initialize net user namespace");
_exit(0xff);
}
}
if (wait4(si.si_pid, &status, WNOHANG, NULL) == si.si_pid) {
- cgroupFinishFromParent(nsjconf, si.si_pid);
+ cgroup::finishFromParent(nsjconf, si.si_pid);
const char* remote_txt = "[UNKNOWN]";
struct pids_t* elem = getPidElem(nsjconf, si.si_pid);
LOG_E("Couldn't create and put MACVTAP interface into NS of PID '%d'", pid);
return false;
}
- if (cgroupInitNsFromParent(nsjconf, pid) == false) {
+ if (cgroup::initNsFromParent(nsjconf, pid) == false) {
LOG_E("Couldn't initialize cgroup user namespace");
exit(0xff);
}
return (gid_t)-1;
}
-bool parseId(struct nsjconf_t* nsjconf, const char* i_id, const char* o_id, size_t cnt,
- bool is_gid, bool is_newidmap) {
+bool parseId(struct nsjconf_t* nsjconf, const char* i_id, const char* o_id, size_t cnt, bool is_gid,
+ bool is_newidmap) {
uid_t inside_id;
uid_t outside_id;
projects / platform / upstream / nsjail.git / commitdiff