BIN = nsjail
LIBS = kafel/libkafel.a
-SRCS_C = caps.c contain.c log.c cgroup.c mount.c net.c pid.c sandbox.c user.c util.c uts.c cpu.c
-SRCS_CXX = cmdline.cc config.cc nsjail.cc subproc.cc
+SRCS_C = caps.c log.c cgroup.c mount.c net.c pid.c sandbox.c user.c util.c uts.c cpu.c
+SRCS_CXX = cmdline.cc config.cc contain.cc nsjail.cc subproc.cc
SRCS_PROTO = config.proto
SRCS_PB_CXX = $(SRCS_PROTO:.proto=.pb.cc)
SRCS_PB_H = $(SRCS_PROTO:.proto=.pb.h)
# DO NOT DELETE THIS LINE -- make depend depends on it.
caps.o: caps.h nsjail.h common.h log.h util.h
-contain.o: contain.h nsjail.h caps.h cgroup.h cpu.h log.h mount.h net.h pid.h
-contain.o: user.h uts.h
log.o: log.h nsjail.h
cgroup.o: cgroup.h nsjail.h log.h util.h
mount.o: mount.h nsjail.h common.h log.h subproc.h util.h
cmdline.o: util.h config.h
config.o: common.h caps.h nsjail.h config.h log.h mount.h user.h util.h
config.o: cmdline.h
+contain.o: contain.h nsjail.h caps.h cgroup.h cpu.h log.h mount.h net.h pid.h
+contain.o: user.h uts.h
nsjail.o: nsjail.h cmdline.h common.h log.h net.h subproc.h util.h
-subproc.o: subproc.h nsjail.h cgroup.h common.h contain.h log.h net.h
+subproc.o: subproc.h nsjail.h contain.h cgroup.h common.h log.h net.h
subproc.o: sandbox.h user.h util.h
#include <sys/resource.h>
#include <unistd.h>
+extern "C" {
#include "caps.h"
#include "cgroup.h"
#include "cpu.h"
#include "pid.h"
#include "user.h"
#include "uts.h"
+}
+
+namespace contain {
static bool containUserNs(struct nsjconf_t* nsjconf) { return userInitNsFromChild(nsjconf); }
return false;
}
-bool containSetupFD(struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err) {
+bool setupFD(struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err) {
if (nsjconf->mode != MODE_LISTEN_TCP) {
if (nsjconf->is_silent == false) {
return true;
return true;
}
-bool containContain(struct nsjconf_t* nsjconf) {
+bool containProc(struct nsjconf_t* nsjconf) {
if (containUserNs(nsjconf) == false) {
return false;
}
}
return true;
}
+
+} // namespace contain
#include "nsjail.h"
-bool containSetupFD(struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err);
-bool containContain(struct nsjconf_t* nsjconf);
+namespace contain {
+
+bool setupFD(struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err);
+bool containProc(struct nsjconf_t* nsjconf);
+
+} // namespace contain
#endif /* NS_CONTAIN_H */
#include <time.h>
#include <unistd.h>
+#include "contain.h"
+
extern "C" {
#include "cgroup.h"
#include "common.h"
-#include "contain.h"
#include "log.h"
#include "net.h"
#include "sandbox.h"
static int subprocNewProc(
struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err, int pipefd) {
- if (containSetupFD(nsjconf, fd_in, fd_out, fd_err) == false) {
+ if (contain::setupFD(nsjconf, fd_in, fd_out, fd_err) == false) {
_exit(0xff);
}
if (!resetEnv()) {
_exit(0xff);
}
}
- if (containContain(nsjconf) == false) {
+ if (contain::containProc(nsjconf) == false) {
_exit(0xff);
}
if (nsjconf->keep_env == false) {
projects / platform / upstream / nsjail.git / commitdiff