{ { "macvlan_vs_nm", required_argument, NULL, 0x702 }, "Netmask of the 'vs' interface (e.g. \"255.255.255.0\")" },
{ { "macvlan_vs_gw", required_argument, NULL, 0x703 }, "Default GW for the 'vs' interface (e.g. \"192.168.0.1\")" },
};
-
-struct custom_option deprecated_opts[] = {
- // Compatibilty flags for MACVLAN.
- // TODO(rswiecki): Remove this at some point.
- { { "iface", required_argument, NULL, 'I' }, "Interface which will be cloned (MACVLAN) and put inside the subprocess' namespace as 'vs'" },
- { { "iface_vs_ip", required_argument, NULL, 0x701 }, "IP of the 'vs' interface (e.g. \"192.168.0.1\")" },
- { { "iface_vs_nm", required_argument, NULL, 0x702 }, "Netmask of the 'vs' interface (e.g. \"255.255.255.0\")" },
- { { "iface_vs_gw", required_argument, NULL, 0x703 }, "Default GW for the 'vs' interface (e.g. \"192.168.0.1\")" },
- { { "enable_clone_newcgroup", no_argument, NULL, 0x0408 }, "Use CLONE_NEWCGROUP (it's enabled by default now)" },
-};
// clang-format on
static const char* logYesNo(bool yes) {
for (size_t i = 0; i < ARR_SZ(custom_opts); i++) {
cmdlineOptUsage(&custom_opts[i]);
}
- LOG_HELP_BOLD("\nDeprecated options:");
- for (size_t i = 0; i < ARR_SZ(deprecated_opts); i++) {
- cmdlineOptUsage(&deprecated_opts[i]);
- // Find replacement flag.
- for (size_t j = 0; j < ARR_SZ(custom_opts); j++) {
- if (custom_opts[j].opt.val == deprecated_opts[i].opt.val) {
- LOG_HELP_BOLD(
- "\tDEPRECATED: Use %s instead.", custom_opts[j].opt.name);
- break;
- }
- }
- }
LOG_HELP_BOLD("\n Examples: ");
LOG_HELP(" Wait on a port 31337 for connections, and run /bin/sh");
LOG_HELP_BOLD(" nsjail -Ml --port 31337 --chroot / -- /bin/sh -i");
LOG_I(
"Jail parameters: hostname:'%s', chroot:'%s', process:'%s', bind:[%s]:%d, "
"max_conns_per_ip:%u, time_limit:%" PRId64
- " , personality:%#lx, daemonize:%s, clone_newnet:%s, "
+ ", personality:%#lx, daemonize:%s, clone_newnet:%s, "
"clone_newuser:%s, clone_newns:%s, clone_newpid:%s, clone_newipc:%s, clonew_newuts:%s, "
"clone_newcgroup:%s, keep_caps:%s, disable_no_new_privs:%s, max_cpus:%zu",
nsjconf->hostname.c_str(), nsjconf->chroot.c_str(),
std::vector<std::string> tmpfs_mounts;
// Generate options array for getopt_long.
- size_t options_length = ARR_SZ(custom_opts) + ARR_SZ(deprecated_opts) + 1;
+ size_t options_length = ARR_SZ(custom_opts) + 1;
struct option opts[options_length];
for (unsigned i = 0; i < ARR_SZ(custom_opts); i++) {
opts[i] = custom_opts[i].opt;
}
- for (unsigned i = 0; i < ARR_SZ(deprecated_opts); i++) {
- opts[ARR_SZ(custom_opts) + i] = deprecated_opts[i].opt;
- }
// Last, NULL option as a terminator.
struct option terminator = {NULL, 0, NULL, 0};
memcpy(&opts[options_length - 1].name, &terminator, sizeof(terminator));
return false;
}
- struct ifreq ifr;
- memset(&ifr, '\0', sizeof(ifr));
+ struct ifreq ifr = {};
snprintf(ifr.ifr_name, IF_NAMESIZE, "%s", ifacename);
if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) {
static bool ifaceConfig(const std::string& iface, const std::string& ip, const std::string& mask,
const std::string& gw) {
- struct ifreq ifr;
- memset(&ifr, '\0', sizeof(ifr));
- snprintf(ifr.ifr_name, IF_NAMESIZE, "%s", iface.c_str());
- struct in_addr addr;
-
int sock = socket(AF_INET, SOCK_STREAM, IPPROTO_IP);
if (sock == -1) {
PLOG_E("socket(AF_INET, SOCK_STREAM, IPPROTO_IP)");
return false;
}
+ struct in_addr addr;
if (inet_pton(AF_INET, ip.c_str(), &addr) != 1) {
PLOG_E("Cannot convert '%s' into an IPv4 address", ip.c_str());
close(sock);
return true;
}
+ struct ifreq ifr = {};
+ snprintf(ifr.ifr_name, IF_NAMESIZE, "%s", iface.c_str());
struct sockaddr_in* sa = (struct sockaddr_in*)(&ifr.ifr_addr);
sa->sin_family = AF_INET;
sa->sin_addr = addr;
return true;
}
- struct rtentry rt;
- memset(&rt, '\0', sizeof(rt));
-
+ struct rtentry rt = {};
struct sockaddr_in* sdest = (struct sockaddr_in*)(&rt.rt_dst);
struct sockaddr_in* smask = (struct sockaddr_in*)(&rt.rt_genmask);
struct sockaddr_in* sgate = (struct sockaddr_in*)(&rt.rt_gateway);
projects / platform / upstream / nsjail.git / commitdiff