logYesNo(nsjconf->clone_newuser), logYesNo(nsjconf->clone_newns),
logYesNo(nsjconf->clone_newpid), logYesNo(nsjconf->clone_newipc),
logYesNo(nsjconf->clone_newuts), logYesNo(nsjconf->apply_sandbox), logYesNo(nsjconf->keep_caps));
- for (size_t i = 0; i < nsjconf->bindmountpts->fs_count; i++) {
- LOG_I("Additional bind mount point: '%s'", nsjconf->bindmountpts->mountpt[i]);
+
+ struct constchar_t *p;
+ LIST_FOREACH(p, &nsjconf->bindmountpts, pointers) {
+ LOG_I("Additional bind mount point: '%s'", p->value);
}
- for (size_t i = 0; i < nsjconf->tmpfsmountpts->fs_count; i++) {
- LOG_I("Additional tmpfs mount point: '%s'", nsjconf->tmpfsmountpts->mountpt[i]);
+ LIST_FOREACH(p, &nsjconf->tmpfsmountpts, pointers) {
+ LOG_I("Additional tmpfs mount point: '%s'", p->value);
}
}
.mode = MODE_LISTEN_TCP,
.is_root_rw = false,
.is_silent = false,
- .bindmountpts = NULL,
- .tmpfsmountpts = NULL,
.iface = NULL,
.initial_uid = getuid(),
.initial_gid = getgid(),
/* *INDENT-OFF* */
LIST_INIT(&nsjconf->pids);
+ LIST_INIT(&nsjconf->bindmountpts);
+ LIST_INIT(&nsjconf->tmpfsmountpts);
+
const char *user = "nobody";
const char *group = "nobody";
const char *logfile = NULL;
- nsjconf->bindmountpts = malloc(sizeof(*(nsjconf->bindmountpts)));
- if (nsjconf->bindmountpts == NULL) {
- LOG_F("malloc");
- }
- nsjconf->bindmountpts->fs_count = 0;
- nsjconf->tmpfsmountpts = malloc(sizeof(*(nsjconf->bindmountpts)));
- if (nsjconf->tmpfsmountpts == NULL) {
- LOG_F("malloc");
- }
- nsjconf->tmpfsmountpts->fs_count = 0;
/* *INDENT-OFF* */
struct custom_option custom_opts[] = {
nsjconf->is_silent = true;
break;
case 'B':
- nsjconf->bindmountpts->fs_count++;
- size_t sz =
- sizeof(*(nsjconf->bindmountpts)) +
- (sizeof(nsjconf->bindmountpts->mountpt[0]) * nsjconf->bindmountpts->fs_count);
- if (realloc(nsjconf->bindmountpts, sz) == NULL) {
- LOG_F("realloc(%zu)", sz);
+ {
+ struct constchar_t *p = malloc(sizeof(struct constchar_t));
+ if (p == NULL) {
+ PLOG_F("malloc(%zu)", sizeof(struct constchar_t));
+ }
+ p->value = optarg;
+ LIST_INSERT_HEAD(&nsjconf->bindmountpts, p, pointers);
}
- nsjconf->bindmountpts->mountpt[nsjconf->bindmountpts->fs_count - 1] = optarg;
break;
case 'T':
- nsjconf->tmpfsmountpts->fs_count++;
- sz = sizeof(*(nsjconf->tmpfsmountpts)) +
- (sizeof(nsjconf->tmpfsmountpts->mountpt[0]) * nsjconf->tmpfsmountpts->fs_count);
- if (realloc(nsjconf->tmpfsmountpts, sz) == NULL) {
- LOG_F("realloc(%zu)", sz);
+ {
+ struct constchar_t *p = malloc(sizeof(struct constchar_t));
+ if (p == NULL) {
+ PLOG_F("malloc(%zu)", sizeof(struct constchar_t));
+ }
+ p->value = optarg;
+ LIST_INSERT_HEAD(&nsjconf->tmpfsmountpts, p, pointers);
}
- nsjconf->tmpfsmountpts->mountpt[nsjconf->tmpfsmountpts->fs_count - 1] = optarg;
break;
case 'M':
switch (optarg[0]) {
LIST_ENTRY(pids_t) pointers;
};
+struct constchar_t {
+ const char *value;
+ LIST_ENTRY(pids_t) pointers;
+};
+
enum mode_t {
MODE_LISTEN_TCP = 0,
MODE_STANDALONE_ONCE,
enum mode_t mode;
bool is_root_rw;
bool is_silent;
- struct mountfs_t *bindmountpts;
- struct mountfs_t *tmpfsmountpts;
char *iface;
uid_t initial_uid;
gid_t initial_gid;
unsigned int max_conns_per_ip;
LIST_HEAD(pidslist, pids_t) pids;
+ LIST_HEAD(bindmountptslist, constchar_t) bindmountpts;
+ LIST_HEAD(tmpfsmountptslist, constchar_t) tmpfsmountpts;
};
#endif /* _COMMON_H */
return false;
}
+ struct constchar_t *p;
char mount_pt[PATH_MAX];
- for (size_t i = 0; i < nsjconf->bindmountpts->fs_count; i++) {
- snprintf(mount_pt, sizeof(mount_pt), "%s/%s", newrootdir, nsjconf->bindmountpts->mountpt[i]);
+ LIST_FOREACH(p, &nsjconf->bindmountpts, pointers) {
+ snprintf(mount_pt, sizeof(mount_pt), "%s/%s", newrootdir, p->value);
if (mkdir(mount_pt, 0700) == -1 && errno != EEXIST) {
PLOG_E("mkdir('%s')", mount_pt);
return false;
}
- LOG_D("Mounting (bind) '%s' on '%s'", nsjconf->bindmountpts->mountpt[i], mount_pt);
- if (mount(nsjconf->bindmountpts->mountpt[i], mount_pt, NULL, MS_BIND | MS_REC, NULL)
+ LOG_D("Mounting (bind) '%s' on '%s'", p->value, mount_pt);
+ if (mount(p->value, mount_pt, NULL, MS_BIND | MS_REC, NULL)
== -1) {
- PLOG_E("mount('%s', '%s', MS_BIND|MS_REC", nsjconf->bindmountpts->mountpt[i], mount_pt);
+ PLOG_E("mount('%s', '%s', MS_BIND|MS_REC", p->value, mount_pt);
return false;
}
}
/* It only makes sense with "--chroot /", so don't worry about erorrs */
umount2(destdir, MNT_DETACH);
- for (size_t i = 0; i < nsjconf->tmpfsmountpts->fs_count; i++) {
- if (mkdir(nsjconf->tmpfsmountpts->mountpt[i], 0700) == -1 && errno != EEXIST) {
+ LIST_FOREACH(p, &nsjconf->tmpfsmountpts, pointers) {
+ if (mkdir(p->value, 0700) == -1 && errno != EEXIST) {
PLOG_E("mkdir('%s'); You probably need to create it in your --chroot ('%s') directory",
- nsjconf->tmpfsmountpts->mountpt[i], nsjconf->chroot);
+ p->value, nsjconf->chroot);
return false;
}
- LOG_D("Mounting (tmpfs) '%s'", nsjconf->tmpfsmountpts->mountpt[i]);
- if (mount(NULL, nsjconf->tmpfsmountpts->mountpt[i], "tmpfs", 0, "size=4194304")
+ LOG_D("Mounting (tmpfs) '%s'", p->value);
+ if (mount(NULL, p->value, "tmpfs", 0, "size=4194304")
== -1) {
- PLOG_E("mount('%s', 'tmpfs')", nsjconf->tmpfsmountpts->mountpt[i]);
+ PLOG_E("mount('%s', 'tmpfs')", p->value);
return false;
}
}
projects / platform / upstream / nsjail.git / commitdiff