logYesNo(nsjconf->disable_no_new_privs), nsjconf->max_cpus);
for (const auto& p : nsjconf->mountpts) {
- LOG_I("%s: %s", p.isSymlink ? "Symlink" : "Mount point",
+ LOG_I("%s: %s", p.is_symlink ? "Symlink" : "Mount point",
mnt::describeMountPt(p).c_str());
}
for (const auto& uid : nsjconf->uids) {
if (dst.empty()) {
dst = src;
}
- if (!mnt::addMountPtTail(nsjconf.get(), src.c_str(), dst.c_str(),
- /* fs_type= */ "", /* options= */ "",
- MS_BIND | MS_REC | MS_PRIVATE | MS_RDONLY,
- /* isDir= */ mnt::NS_DIR_MAYBE, /* mandatory= */ true, NULL, NULL,
- NULL, 0, /* is_symlink= */ false)) {
+ if (!mnt::addMountPtTail(nsjconf.get(), src, dst, /* fs_type= */ "",
+ /* options= */ "", MS_BIND | MS_REC | MS_PRIVATE | MS_RDONLY,
+ /* is_dir= */ mnt::NS_DIR_MAYBE, /* is_mandatory= */ true,
+ /* src_env= */ "", /* dst_env= */ "", /* src_content= */ "",
+ /* is_symlink= */ false)) {
return nullptr;
}
}; break;
if (dst.empty()) {
dst = src;
}
- if (!mnt::addMountPtTail(nsjconf.get(), src.c_str(), dst.c_str(),
- /* fs_type= */ "", /* options= */ "", MS_BIND | MS_REC | MS_PRIVATE,
- /* isDir= */ mnt::NS_DIR_MAYBE, /* mandatory= */ true, NULL, NULL,
- NULL, 0, /* is_symlink= */ false)) {
+ if (!mnt::addMountPtTail(nsjconf.get(), src, dst, /* fs_type= */ "",
+ /* options= */ "", MS_BIND | MS_REC | MS_PRIVATE,
+ /* is_dir= */ mnt::NS_DIR_MAYBE, /* is_mandatory= */ true,
+ /* src_env= */ "", /* dst_env= */ "", /* src_content= */ "",
+ /* is_symlink= */ false)) {
return nullptr;
}
}; break;
case 'T': {
- if (!mnt::addMountPtTail(nsjconf.get(), /* src= */ NULL, optarg, "tmpfs",
+ if (!mnt::addMountPtTail(nsjconf.get(), /* src= */ "", optarg, "tmpfs",
/* options= */ cmdlineTmpfsSz, /* flags= */ 0,
- /* isDir= */ mnt::NS_DIR_YES,
- /* mandatory= */ true, NULL, NULL, NULL, 0,
+ /* is_dir= */ mnt::NS_DIR_YES, /* is_mandatory= */ true,
+ /* src_env= */ "", /* dst_env= */ "", /* src_content= */ "",
/* is_symlink= */ false)) {
return nullptr;
}
}
std::string fs_type = argByColon(optarg, 2);
std::string options = argByColon(optarg, 3);
- if (!mnt::addMountPtTail(nsjconf.get(), src.c_str(), dst.c_str(),
- /* fs_type= */ fs_type.c_str(), /* options= */ options.c_str(),
- /* flags= */ 0,
- /* isDir= */ mnt::NS_DIR_MAYBE, /* mandatory= */ true, NULL, NULL,
- NULL, 0, /* is_symlink= */ false)) {
+ if (!mnt::addMountPtTail(nsjconf.get(), src, dst, /* fs_type= */ fs_type,
+ /* options= */ options, /* flags= */ 0,
+ /* is_dir= */ mnt::NS_DIR_MAYBE, /* is_mandatory= */ true,
+ /* src_env= */ "", /* dst_env= */ "", /* src_content= */ "",
+ /* is_symlink= */ false)) {
return nullptr;
}
}; break;
}
if (!nsjconf->proc_path.empty()) {
- if (!mnt::addMountPtTail(nsjconf.get(), /* src= */ NULL, nsjconf->proc_path.c_str(),
- "proc", "", nsjconf->is_proc_rw ? 0 : MS_RDONLY,
- /* isDir= */ mnt::NS_DIR_YES,
- /* mandatory= */ true, NULL, NULL, NULL, 0, /* is_symlink= */ false)) {
+ if (!mnt::addMountPtTail(nsjconf.get(), /* src= */ "", nsjconf->proc_path, "proc",
+ /* options= */ "", nsjconf->is_proc_rw ? 0 : MS_RDONLY,
+ /* is_dir= */ mnt::NS_DIR_YES, /* is_mandatory= */ true, /* src_env= */ "",
+ /* dst_env= */ "", /* src_content= */ "", /* is_symlink= */ false)) {
return nullptr;
}
}
if (!(nsjconf->chroot.empty())) {
- if (!mnt::addMountPtHead(nsjconf.get(), nsjconf->chroot.c_str(), "/",
- /* fs_type= */ "",
+ if (!mnt::addMountPtHead(nsjconf.get(), nsjconf->chroot, "/", /* fs_type= */ "",
/* options= */ "",
nsjconf->is_root_rw ? (MS_BIND | MS_REC | MS_PRIVATE)
: (MS_BIND | MS_REC | MS_PRIVATE | MS_RDONLY),
- /* isDir= */ mnt::NS_DIR_YES, /* mandatory= */ true, NULL, NULL, NULL, 0,
- /* is_symlink= */ false)) {
+ /* is_dir= */ mnt::NS_DIR_YES, /* is_mandatory= */ true, /* src_env= */ "",
+ /* dst_env= */ "", /* src_content= */ "", /* is_symlink= */ false)) {
return nullptr;
}
} else {
- if (!mnt::addMountPtHead(nsjconf.get(), /* src= */ NULL, "/", "tmpfs",
+ if (!mnt::addMountPtHead(nsjconf.get(), /* src= */ "", "/", "tmpfs",
/* options= */ "", nsjconf->is_root_rw ? 0 : MS_RDONLY,
- /* isDir= */ mnt::NS_DIR_YES,
- /* mandatory= */ true, NULL, NULL, NULL, 0, /* is_symlink= */ false)) {
+ /* is_dir= */ mnt::NS_DIR_YES,
+ /* is_mandatory= */ true, /* src_env= */ "", /* dst_env= */ "",
+ /* src_content= */ "", /* is_symlink= */ false)) {
return nullptr;
}
}
nsjconf->proc_path.clear();
}
for (ssize_t i = 0; i < njc.mount_size(); i++) {
- const char* src = (njc.mount(i).has_src()) ? njc.mount(i).src().c_str() : NULL;
- const char* src_env = (njc.mount(i).has_prefix_src_env())
- ? njc.mount(i).prefix_src_env().c_str()
- : NULL;
- const char* dst = (njc.mount(i).has_dst()) ? njc.mount(i).dst().c_str() : NULL;
- const char* dst_env = (njc.mount(i).has_prefix_dst_env())
- ? njc.mount(i).prefix_dst_env().c_str()
- : NULL;
- const char* fstype =
- (njc.mount(i).has_fstype()) ? njc.mount(i).fstype().c_str() : NULL;
- const char* options =
- (njc.mount(i).has_options()) ? njc.mount(i).options().c_str() : NULL;
+ std::string src = njc.mount(i).src();
+ std::string src_env = njc.mount(i).prefix_src_env();
+ std::string dst = njc.mount(i).dst();
+ std::string dst_env = njc.mount(i).prefix_dst_env();
+ std::string fstype = njc.mount(i).fstype();
+ std::string options = njc.mount(i).options();
uintptr_t flags = (njc.mount(i).rw() == false) ? MS_RDONLY : 0;
flags |= njc.mount(i).is_bind() ? (MS_BIND | MS_REC | MS_PRIVATE) : 0;
- bool mandatory = njc.mount(i).mandatory();
+ bool is_mandatory = njc.mount(i).mandatory();
+ bool is_symlink = njc.mount(i).is_symlink();
+ std::string src_content = njc.mount(i).src_content();
- mnt::isDir_t isDir = mnt::NS_DIR_MAYBE;
+ mnt::isDir_t is_dir = mnt::NS_DIR_MAYBE;
if (njc.mount(i).has_is_dir()) {
- isDir = njc.mount(i).is_dir() ? mnt::NS_DIR_YES : mnt::NS_DIR_NO;
+ is_dir = njc.mount(i).is_dir() ? mnt::NS_DIR_YES : mnt::NS_DIR_NO;
}
- const char* src_content = NULL;
- size_t src_content_len = 0;
- if (njc.mount(i).has_src_content()) {
- src_content = njc.mount(i).src_content().data();
- src_content_len = njc.mount(i).src_content().size();
- }
-
- if (mnt::addMountPtTail(nsjconf, src, dst, fstype, options, flags, isDir, mandatory,
- src_env, dst_env, src_content, src_content_len,
- njc.mount(i).is_symlink()) == false) {
- LOG_E("Couldn't add mountpoint for src:'%s' dst:'%s'", src, dst);
+ if (!mnt::addMountPtTail(nsjconf, src, dst, fstype, options, flags, is_dir,
+ is_mandatory, src_env, dst_env, src_content, is_symlink)) {
+ LOG_E("Couldn't add mountpoint for src:'%s' dst:'%s'", src.c_str(),
+ dst.c_str());
return false;
}
}
}
message MountPt {
/* Can be skipped for filesystems like 'proc' */
- optional string src = 1;
+ optional string src = 1 [default = ""];
/* Should 'src' path be prefixed with this envvar? */
- optional string prefix_src_env = 2;
+ optional string prefix_src_env = 2 [default = ""];
/* If specified, contains buffer that will be written to the dst file */
- optional bytes src_content = 3;
+ optional bytes src_content = 3 [default = ""];
/* Mount point inside jail */
- required string dst = 4;
+ required string dst = 4 [default = ""];
/* Should 'dst' path be prefixed with this envvar? */
- optional string prefix_dst_env = 5;
+ optional string prefix_dst_env = 5 [default = ""];
/* Can be empty for mount --bind mounts */
optional string fstype = 6 [default = ""];
/* E.g. size=5000000 for 'tmpfs' */
snprintf(srcpath, sizeof(srcpath), "none");
}
- if (mpt->isSymlink) {
+ if (mpt->is_symlink) {
if (!util::createDirRecursively(dst)) {
LOG_W("Couldn't create upper directories for '%s'", dst);
return false;
}
- } else if (mpt->isDir) {
+ } else if (mpt->is_dir) {
if (!util::createDirRecursively(dst)) {
LOG_W("Couldn't create upper directories for '%s'", dst);
return false;
}
}
- if (mpt->isSymlink) {
+ if (mpt->is_symlink) {
LOG_D("symlink('%s', '%s')", srcpath, dst);
if (symlink(srcpath, dst) == -1) {
- if (mpt->mandatory) {
+ if (mpt->is_mandatory) {
PLOG_W("symlink('%s', '%s')", srcpath, dst);
return false;
} else {
if (!mpt.mounted) {
return true;
}
- if (mpt.isSymlink) {
+ if (mpt.is_symlink) {
return true;
}
if ((mpt.flags & MS_RDONLY) == 0) {
}
for (auto& p : nsjconf->mountpts) {
- if (!mountPt(&p, destdir, tmpdir) && p.mandatory) {
+ if (!mountPt(&p, destdir, tmpdir) && p.is_mandatory) {
return false;
}
}
}
for (const auto& p : nsjconf->mountpts) {
- if (!remountRO(p) && p.mandatory) {
+ if (!remountRO(p) && p.is_mandatory) {
return false;
}
}
return false;
}
-static bool addMountPt(mount_t* mnt, const char* src, const char* dst, const char* fstype,
- const char* options, uintptr_t flags, isDir_t isDir, bool mandatory, const char* src_env,
- const char* dst_env, const char* src_content, size_t src_content_len, bool is_symlink) {
- if (src_env) {
- const char* e = getenv(src_env);
+static bool addMountPt(mount_t* mnt, const std::string& src, const std::string& dst,
+ const std::string& fstype, const std::string& options, uintptr_t flags, isDir_t is_dir,
+ bool is_mandatory, const std::string& src_env, const std::string& dst_env,
+ const std::string& src_content, bool is_symlink) {
+ if (!src_env.empty()) {
+ const char* e = getenv(src_env.c_str());
if (e == NULL) {
- LOG_W("No such envvar:'%s'", src_env);
+ LOG_W("No such envvar:'%s'", src_env.c_str());
return false;
}
mnt->src = e;
}
- if (src) {
- mnt->src.append(src);
- }
+ mnt->src.append(src);
- if (dst_env) {
- const char* e = getenv(dst_env);
+ if (!dst_env.empty()) {
+ const char* e = getenv(dst_env.c_str());
if (e == NULL) {
- LOG_W("No such envvar:'%s'", dst_env);
+ LOG_W("No such envvar:'%s'", dst_env.c_str());
return false;
}
mnt->dst = e;
}
- if (dst) {
- mnt->dst.append(dst);
- }
+ mnt->dst.append(dst);
- if (fstype) {
- mnt->fs_type = fstype;
- }
- if (options) {
- mnt->options = options;
- }
- if (src_content) {
- mnt->src_content.assign(src_content, src_content_len);
- }
+ mnt->fs_type = fstype;
+ mnt->options = options;
mnt->flags = flags;
- mnt->isDir = true;
- mnt->isSymlink = is_symlink;
- mnt->mandatory = mandatory;
+ mnt->is_symlink = is_symlink;
+ mnt->is_mandatory = is_mandatory;
mnt->mounted = false;
+ mnt->src_content = src_content;
- switch (isDir) {
+ switch (is_dir) {
case NS_DIR_YES:
- mnt->isDir = true;
+ mnt->is_dir = true;
break;
case NS_DIR_NO:
- mnt->isDir = false;
+ mnt->is_dir = false;
break;
case NS_DIR_MAYBE: {
- if (src_content) {
- mnt->isDir = false;
+ if (!src_content.empty()) {
+ mnt->is_dir = false;
} else if (mnt->src.empty()) {
- mnt->isDir = true;
+ mnt->is_dir = true;
} else if (mnt->flags & MS_BIND) {
- mnt->isDir = mnt::isDir(mnt->src.c_str());
+ mnt->is_dir = mnt::isDir(mnt->src.c_str());
} else {
- mnt->isDir = true;
+ mnt->is_dir = true;
}
} break;
default:
- LOG_F("Unknown isDir value: %d", isDir);
- break;
+ LOG_E("Unknown is_dir value: %d", is_dir);
+ return false;
}
return true;
}
-bool addMountPtHead(nsjconf_t* nsjconf, const char* src, const char* dst, const char* fstype,
- const char* options, uintptr_t flags, isDir_t isDir, bool mandatory, const char* src_env,
- const char* dst_env, const char* src_content, size_t src_content_len, bool is_symlink) {
+bool addMountPtHead(nsjconf_t* nsjconf, const std::string& src, const std::string& dst,
+ const std::string& fstype, const std::string& options, uintptr_t flags, isDir_t is_dir,
+ bool is_mandatory, const std::string& src_env, const std::string& dst_env,
+ const std::string& src_content, bool is_symlink) {
mount_t mnt;
- if (!addMountPt(&mnt, src, dst, fstype, options, flags, isDir, mandatory, src_env, dst_env,
- src_content, src_content_len, is_symlink)) {
+ if (!addMountPt(&mnt, src, dst, fstype, options, flags, is_dir, is_mandatory, src_env,
+ dst_env, src_content, is_symlink)) {
return false;
}
nsjconf->mountpts.insert(nsjconf->mountpts.begin(), mnt);
return true;
}
-bool addMountPtTail(nsjconf_t* nsjconf, const char* src, const char* dst, const char* fstype,
- const char* options, uintptr_t flags, isDir_t isDir, bool mandatory, const char* src_env,
- const char* dst_env, const char* src_content, size_t src_content_len, bool is_symlink) {
+bool addMountPtTail(nsjconf_t* nsjconf, const std::string& src, const std::string& dst,
+ const std::string& fstype, const std::string& options, uintptr_t flags, isDir_t is_dir,
+ bool is_mandatory, const std::string& src_env, const std::string& dst_env,
+ const std::string& src_content, bool is_symlink) {
mount_t mnt;
- if (!addMountPt(&mnt, src, dst, fstype, options, flags, isDir, mandatory, src_env, dst_env,
- src_content, src_content_len, is_symlink)) {
+ if (!addMountPt(&mnt, src, dst, fstype, options, flags, is_dir, is_mandatory, src_env,
+ dst_env, src_content, is_symlink)) {
return false;
}
nsjconf->mountpts.push_back(mnt);
snprintf(mount_pt_descr, sizeof(mount_pt_descr),
"src:'%s' dst:'%s' type:'%s' flags:%s options:'%s' isDir:%s", mpt.src.c_str(),
mpt.dst.c_str(), mpt.fs_type.c_str(), flagsToStr(mpt.flags).c_str(),
- mpt.options.c_str(), mpt.isDir ? "true" : "false");
+ mpt.options.c_str(), mpt.is_dir ? "true" : "false");
- if (!mpt.mandatory) {
+ if (!mpt.is_mandatory) {
util::sSnPrintf(mount_pt_descr, sizeof(mount_pt_descr), " mandatory:false");
}
if (!mpt.src_content.empty()) {
util::sSnPrintf(mount_pt_descr, sizeof(mount_pt_descr), " src_content_len:%zu",
mpt.src_content.length());
}
- if (mpt.isSymlink) {
+ if (mpt.is_symlink) {
util::sSnPrintf(mount_pt_descr, sizeof(mount_pt_descr), " symlink:true");
}
} isDir_t;
bool initNs(nsjconf_t* nsjconf);
-bool addMountPtHead(nsjconf_t* nsjconf, const char* src, const char* dst, const char* fstype,
- const char* options, uintptr_t flags, isDir_t isDir, bool mandatory, const char* src_env,
- const char* dst_env, const char* src_content, size_t src_content_len, bool is_symlink);
-bool addMountPtTail(nsjconf_t* nsjconf, const char* src, const char* dst, const char* fstype,
- const char* options, uintptr_t flags, isDir_t isDir, bool mandatory, const char* src_env,
- const char* dst_env, const char* src_content, size_t src_content_len, bool is_symlink);
+bool addMountPtHead(nsjconf_t* nsjconf, const std::string& src, const std::string& dst,
+ const std::string& fstype, const std::string& options, uintptr_t flags, isDir_t is_dir,
+ bool is_mandatory, const std::string& src_env, const std::string& dst_env,
+ const std::string& src_content, bool is_symlink);
+bool addMountPtTail(nsjconf_t* nsjconf, const std::string& src, const std::string& dst,
+ const std::string& fstype, const std::string& options, uintptr_t flags, isDir_t is_dir,
+ bool is_mandatory, const std::string& src_env, const std::string& dst_env,
+ const std::string& src_content, bool is_symlink);
const std::string describeMountPt(const mount_t& mpt);
} // namespace mnt
std::string fs_type;
std::string options;
uintptr_t flags;
- bool isDir;
- bool isSymlink;
- bool mandatory;
+ bool is_dir;
+ bool is_symlink;
+ bool is_mandatory;
bool mounted;
};
projects / platform / upstream / nsjail.git / commitdiff