char net_cls_cgroup_path[PATH_MAX];
snprintf(net_cls_cgroup_path, sizeof(net_cls_cgroup_path), "%s/%s/NSJAIL.%d",
- nsjconf->cgroup_net_cls_mount.c_str(), nsjconf->cgroup_net_cls_parent.c_str(), (int)pid);
+ nsjconf->cgroup_net_cls_mount.c_str(), nsjconf->cgroup_net_cls_parent.c_str(),
+ (int)pid);
LOG_D("Create '%s' for PID=%d", net_cls_cgroup_path, (int)pid);
if (mkdir(net_cls_cgroup_path, 0700) == -1 && errno != EEXIST) {
PLOG_E("mkdir('%s', 0700) failed", net_cls_cgroup_path);
}
char net_cls_cgroup_path[PATH_MAX];
snprintf(net_cls_cgroup_path, sizeof(net_cls_cgroup_path), "%s/%s/NSJAIL.%d",
- nsjconf->cgroup_net_cls_mount.c_str(), nsjconf->cgroup_net_cls_parent.c_str(), (int)pid);
+ nsjconf->cgroup_net_cls_mount.c_str(), nsjconf->cgroup_net_cls_parent.c_str(),
+ (int)pid);
LOG_D("Remove '%s'", net_cls_cgroup_path);
if (rmdir(net_cls_cgroup_path) == -1) {
PLOG_W("rmdir('%s') failed", net_cls_cgroup_path);
char pid_str[256];
snprintf(pid_str, sizeof(pid_str), "%d", pid);
- const std::vector<std::string> argv {"/sbin/ip", "link", "add", "link", (char*)nsjconf->iface_vs.c_str(), "name", IFACE_NAME, "netns", pid_str, "type", "macvlan", "mode", "bridge" };
+ const std::vector<std::string> argv{"/sbin/ip", "link", "add", "link",
+ (char*)nsjconf->iface_vs.c_str(), "name", IFACE_NAME, "netns", pid_str, "type",
+ "macvlan", "mode", "bridge"};
if (subproc::systemExe(argv, environ) != 0) {
LOG_E("Couldn't create MACVTAP interface for '%s'", nsjconf->iface_vs.c_str());
return false;
std::string iface_vs_ip;
std::string iface_vs_nm;
std::string iface_vs_gw;
- std::string cgroup_mem_mount;
- std::string cgroup_mem_parent;
+ std::string cgroup_mem_mount;
+ std::string cgroup_mem_parent;
size_t cgroup_mem_max;
- std::string cgroup_pids_mount;
- std::string cgroup_pids_parent;
+ std::string cgroup_pids_mount;
+ std::string cgroup_pids_parent;
unsigned int cgroup_pids_max;
- std::string cgroup_net_cls_mount;
- std::string cgroup_net_cls_parent;
+ std::string cgroup_net_cls_mount;
+ std::string cgroup_net_cls_parent;
unsigned int cgroup_net_cls_classid;
- std::string cgroup_cpu_mount;
- std::string cgroup_cpu_parent;
+ std::string cgroup_cpu_mount;
+ std::string cgroup_cpu_parent;
unsigned int cgroup_cpu_ms_per_sec;
std::string kafel_file_path;
std::string kafel_string;
std::vector<const char*> argv;
for (const auto& a : args) {
- argv.push_back(a.c_str());
+ argv.push_back(a.c_str());
}
argv.push_back(nullptr);
static bool gidMapExternal(nsjconf_t* nsjconf, pid_t pid UNUSED) {
bool use = false;
- std::vector<std::string> argv = { "/usr/bin/newgidmap", std::to_string(pid) };
+ std::vector<std::string> argv = {"/usr/bin/newgidmap", std::to_string(pid)};
for (const auto& gid : nsjconf->gids) {
if (!gid.is_newidmap) {
continue;
static bool uidMapExternal(nsjconf_t* nsjconf, pid_t pid UNUSED) {
bool use = false;
- std::vector<std::string> argv = { "/usr/bin/newuidmap", std::to_string(pid) };
+ std::vector<std::string> argv = {"/usr/bin/newuidmap", std::to_string(pid)};
for (const auto& uid : nsjconf->uids) {
if (!uid.is_newidmap) {
continue;
projects / platform / upstream / nsjail.git / commitdiff