BIN = nsjail
LIBS = kafel/libkafel.a
-SRCS_C = log.c
-SRCS_CXX = caps.cc cgroup.cc cmdline.cc config.cc contain.cc cpu.cc mnt.cc net.cc nsjail.cc pid.cc sandbox.cc subproc.cc uts.cc user.cc util.cc
+SRCS_C =
+SRCS_CXX = caps.cc cgroup.cc cmdline.cc config.cc contain.cc cpu.cc log.cc mnt.cc net.cc nsjail.cc pid.cc sandbox.cc subproc.cc uts.cc user.cc util.cc
SRCS_PROTO = config.proto
SRCS_PB_CXX = $(SRCS_PROTO:.proto=.pb.cc)
SRCS_PB_H = $(SRCS_PROTO:.proto=.pb.h)
makedepend -Y -Ykafel/include -- -- $(SRCS_C) $(SRCS_CXX) $(SRCS_PB_CXX)
indent:
- clang-format -style="{BasedOnStyle: google, IndentWidth: 8, UseTab: Always, IndentCaseLabels: false, ColumnLimit: 100, AlignAfterOpenBracket: false}" -i -sort-includes *.c *.h $(SRCS_CXX)
+ clang-format -style="{BasedOnStyle: google, IndentWidth: 8, UseTab: Always, IndentCaseLabels: false, ColumnLimit: 100, AlignAfterOpenBracket: false}" -i -sort-includes *.h $(SRCS_CXX)
clang-format -style="{BasedOnStyle: google, IndentWidth: 4, UseTab: Always, ColumnLimit: 100}" -i $(SRCS_PROTO)
# DO NOT DELETE THIS LINE -- make depend depends on it.
-log.o: log.h nsjail.h
-caps.o: caps.h nsjail.h log.h common.h util.h
+caps.o: caps.h nsjail.h common.h log.h util.h
cgroup.o: cgroup.h nsjail.h log.h util.h
-cmdline.o: cmdline.h nsjail.h log.h caps.h common.h config.h mnt.h sandbox.h
+cmdline.o: cmdline.h nsjail.h caps.h common.h config.h log.h mnt.h sandbox.h
cmdline.o: user.h util.h
-config.o: log.h nsjail.h caps.h cmdline.h common.h config.h mnt.h user.h
-config.o: util.h
-contain.o: contain.h nsjail.h log.h caps.h cgroup.h cpu.h mnt.h net.h pid.h
+config.o: caps.h nsjail.h cmdline.h common.h config.h config.pb.h log.h mnt.h
+config.o: user.h util.h
+contain.o: contain.h nsjail.h caps.h cgroup.h cpu.h log.h mnt.h net.h pid.h
contain.o: user.h uts.h
cpu.o: cpu.h nsjail.h log.h util.h
-mnt.o: mnt.h nsjail.h log.h common.h subproc.h util.h
+log.o: log.h nsjail.h
+mnt.o: mnt.h nsjail.h common.h log.h subproc.h util.h
net.o: net.h nsjail.h log.h subproc.h
nsjail.o: nsjail.h cmdline.h common.h log.h net.h subproc.h util.h
pid.o: pid.h nsjail.h log.h subproc.h
sandbox.o: sandbox.h nsjail.h kafel/include/kafel.h log.h
-subproc.o: subproc.h nsjail.h cgroup.h common.h contain.h net.h sandbox.h
-subproc.o: user.h util.h log.h
+subproc.o: subproc.h nsjail.h cgroup.h common.h contain.h log.h net.h
+subproc.o: sandbox.h user.h util.h
uts.o: uts.h nsjail.h log.h
-user.o: user.h nsjail.h log.h common.h subproc.h util.h
+user.o: user.h nsjail.h common.h log.h subproc.h util.h
util.o: util.h nsjail.h common.h log.h
+config.pb.o: config.pb.h
#include <sys/types.h>
#include <unistd.h>
-extern "C" {
-#include "log.h"
-}
-
#include "common.h"
+#include "log.h"
#include "util.h"
namespace caps {
#include <sys/stat.h>
#include <unistd.h>
-extern "C" {
#include "log.h"
-}
-
#include "util.h"
namespace cgroup {
#include <memory>
-extern "C" {
-#include "log.h"
-}
-
#include "caps.h"
#include "common.h"
#include "config.h"
+#include "log.h"
#include "mnt.h"
#include "sandbox.h"
#include "user.h"
nsjconf->cwd = optarg;
break;
case 'C':
- if (configParse(nsjconf.get(), optarg) == false) {
+ if (config::parseFile(nsjconf.get(), optarg) == false) {
LOG_F("Couldn't parse configuration from '%s' file", optarg);
}
break;
break;
case 'l':
nsjconf->logfile = optarg;
- if (logInitLogFile(nsjconf.get()) == false) {
+ if (log::initLogFile(nsjconf.get()) == false) {
return nullptr;
}
break;
case 'L':
nsjconf->log_fd = strtol(optarg, NULL, 0);
- if (logInitLogFile(nsjconf.get()) == false) {
+ if (log::initLogFile(nsjconf.get()) == false) {
return nullptr;
}
break;
break;
case 'v':
nsjconf->loglevel = DEBUG;
- if (logInitLogFile(nsjconf.get()) == false) {
+ if (log::initLogFile(nsjconf.get()) == false) {
return nullptr;
}
break;
case 'q':
nsjconf->loglevel = WARNING;
- if (logInitLogFile(nsjconf.get()) == false) {
+ if (log::initLogFile(nsjconf.get()) == false) {
return nullptr;
}
break;
case 'Q':
nsjconf->loglevel = FATAL;
- if (logInitLogFile(nsjconf.get()) == false) {
+ if (log::initLogFile(nsjconf.get()) == false) {
return nullptr;
}
break;
TAILQ_INSERT_HEAD(&nsjconf->gids, p, pointers);
}
- if (logInitLogFile(nsjconf.get()) == false) {
+ if (log::initLogFile(nsjconf.get()) == false) {
return nullptr;
}
#include <string>
#include <vector>
-extern "C" {
-#include "log.h"
-}
#include "caps.h"
#include "cmdline.h"
#include "common.h"
#include "config.h"
#include "config.pb.h"
+#include "log.h"
#include "mnt.h"
#include "user.h"
#include "util.h"
+namespace config {
+
#define DUP_IF_SET(njc, val) (njc.has_##val() ? njc.val().c_str() : NULL)
static uint64_t configRLimit(
}
if (njc.has_log_fd() || njc.has_log_file() || njc.has_log_level()) {
- if (logInitLogFile(nsjconf) == false) {
+ if (log::initLogFile(nsjconf) == false) {
return false;
}
}
LOG_W("config.cc: '%s'", message.c_str());
}
-extern "C" bool configParse(struct nsjconf_t* nsjconf, const char* file) {
+bool parseFile(struct nsjconf_t* nsjconf, const char* file) {
LOG_I("Parsing configuration from '%s'", file);
int fd = open(file, O_RDONLY | O_CLOEXEC);
return true;
}
+
+} // namespace config
#ifndef NS_CONFIG_H
#define NS_CONFIG_H
-#ifdef __cplusplus
-extern "C" {
-#endif
-
#include <stdbool.h>
#include "nsjail.h"
-bool configParse(struct nsjconf_t* nsjconf, const char* file);
+namespace config {
+
+bool parseFile(struct nsjconf_t* nsjconf, const char* file);
+
+} // namespace config
-#ifdef __cplusplus
-} // extern "C"
-#endif
#endif /* NS_CONFIG_H */
#include <sys/resource.h>
#include <unistd.h>
-extern "C" {
-#include "log.h"
-}
-
#include "caps.h"
#include "cgroup.h"
#include "cpu.h"
+#include "log.h"
#include "mnt.h"
#include "net.h"
#include "pid.h"
#include <string.h>
#include <unistd.h>
-extern "C" {
#include "log.h"
-}
-
#include "util.h"
namespace cpu {
+++ /dev/null
-/*
-
- nsjail - logging
- -----------------------------------------
-
- Copyright 2014 Google Inc. All Rights Reserved.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
-*/
-
-#include "log.h"
-
-#include <errno.h>
-#include <fcntl.h>
-#include <getopt.h>
-#include <limits.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/stat.h>
-#include <sys/syscall.h>
-#include <sys/types.h>
-#include <time.h>
-#include <unistd.h>
-
-#include "nsjail.h"
-
-static int log_fd = STDERR_FILENO;
-static bool log_fd_isatty = true;
-static enum llevel_t log_level = INFO;
-
-#define _LOG_DEFAULT_FILE "/var/log/nsjail.log"
-
-__attribute__((constructor)) static void log_init(void) { log_fd_isatty = isatty(log_fd); }
-
-/*
- * Log to stderr by default. Use a dup()d fd, because in the future we'll associate the
- * connection socket with fd (0, 1, 2).
- */
-bool logInitLogFile(struct nsjconf_t* nsjconf) {
- /* Close previous log_fd */
- if (log_fd > STDERR_FILENO) {
- close(log_fd);
- log_fd = STDERR_FILENO;
- }
- log_fd = nsjconf->log_fd;
- log_level = nsjconf->loglevel;
-
- if (nsjconf->logfile == NULL && nsjconf->daemonize) {
- nsjconf->logfile = _LOG_DEFAULT_FILE;
- }
- if (nsjconf->logfile == NULL) {
- log_fd = fcntl(log_fd, F_DUPFD_CLOEXEC, 0);
- } else {
- if (TEMP_FAILURE_RETRY(
- log_fd = open(nsjconf->logfile, O_CREAT | O_RDWR | O_APPEND, 0640)) == -1) {
- log_fd = STDERR_FILENO;
- PLOG_E("Couldn't open logfile open('%s')", nsjconf->logfile);
- return false;
- }
- }
- log_fd_isatty = (isatty(log_fd) == 1 ? true : false);
- return true;
-}
-
-void logLog(enum llevel_t ll, const char* fn, int ln, bool perr, const char* fmt, ...) {
- if (ll < log_level) {
- return;
- }
-
- char strerr[512];
- if (perr) {
- snprintf(strerr, sizeof(strerr), "%s", strerror(errno));
- }
- struct ll_t {
- const char* const descr;
- const char* const prefix;
- const bool print_funcline;
- const bool print_time;
- };
- static struct ll_t const logLevels[] = {
- {"D", "\033[0;4m", true, true},
- {"I", "\033[1m", false, true},
- {"W", "\033[0;33m", true, true},
- {"E", "\033[1;31m", true, true},
- {"F", "\033[7;35m", true, true},
- {"HR", "\033[0m", false, false},
- {"HB", "\033[1m", false, false},
- };
-
- time_t ltstamp = time(NULL);
- struct tm utctime;
- localtime_r(<stamp, &utctime);
- char timestr[32];
- if (strftime(timestr, sizeof(timestr) - 1, "%FT%T%z", &utctime) == 0) {
- timestr[0] = '\0';
- }
-
- /* Start printing logs */
- if (log_fd_isatty) {
- dprintf(log_fd, "%s", logLevels[ll].prefix);
- }
- if (logLevels[ll].print_time) {
- dprintf(log_fd, "[%s] ", timestr);
- }
- if (logLevels[ll].print_funcline) {
- dprintf(log_fd, "[%s][%d] %s():%d ", logLevels[ll].descr, (int)getpid(), fn, ln);
- }
-
- va_list args;
- va_start(args, fmt);
- vdprintf(log_fd, fmt, args);
- va_end(args);
- if (perr) {
- dprintf(log_fd, ": %s", strerr);
- }
- if (log_fd_isatty) {
- dprintf(log_fd, "\033[0m");
- }
- dprintf(log_fd, "\n");
- /* End printing logs */
-
- if (ll == FATAL) {
- exit(0xff);
- }
-}
-
-void logStop(int sig) { LOG_I("Server stops due to fatal signal (%d) caught. Exiting", sig); }
--- /dev/null
+/*
+
+ nsjail - logging
+ -----------------------------------------
+
+ Copyright 2014 Google Inc. All Rights Reserved.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+
+#include "log.h"
+
+#include <errno.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <limits.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/syscall.h>
+#include <sys/types.h>
+#include <time.h>
+#include <unistd.h>
+
+#include "nsjail.h"
+
+namespace log {
+
+static int log_fd = STDERR_FILENO;
+static bool log_fd_isatty = true;
+static enum llevel_t log_level = INFO;
+
+#define _LOG_DEFAULT_FILE "/var/log/nsjail.log"
+
+__attribute__((constructor)) static void log_init(void) { log_fd_isatty = isatty(log_fd); }
+
+/*
+ * Log to stderr by default. Use a dup()d fd, because in the future we'll associate the
+ * connection socket with fd (0, 1, 2).
+ */
+bool initLogFile(struct nsjconf_t* nsjconf) {
+ /* Close previous log_fd */
+ if (log_fd > STDERR_FILENO) {
+ close(log_fd);
+ log_fd = STDERR_FILENO;
+ }
+ log_fd = nsjconf->log_fd;
+ log_level = nsjconf->loglevel;
+
+ if (nsjconf->logfile == NULL && nsjconf->daemonize) {
+ nsjconf->logfile = _LOG_DEFAULT_FILE;
+ }
+ if (nsjconf->logfile == NULL) {
+ log_fd = fcntl(log_fd, F_DUPFD_CLOEXEC, 0);
+ } else {
+ if (TEMP_FAILURE_RETRY(
+ log_fd = open(nsjconf->logfile, O_CREAT | O_RDWR | O_APPEND, 0640)) == -1) {
+ log_fd = STDERR_FILENO;
+ PLOG_E("Couldn't open logfile open('%s')", nsjconf->logfile);
+ return false;
+ }
+ }
+ log_fd_isatty = (isatty(log_fd) == 1 ? true : false);
+ return true;
+}
+
+void logMsg(enum llevel_t ll, const char* fn, int ln, bool perr, const char* fmt, ...) {
+ if (ll < log_level) {
+ return;
+ }
+
+ char strerr[512];
+ if (perr) {
+ snprintf(strerr, sizeof(strerr), "%s", strerror(errno));
+ }
+ struct ll_t {
+ const char* const descr;
+ const char* const prefix;
+ const bool print_funcline;
+ const bool print_time;
+ };
+ static struct ll_t const logLevels[] = {
+ {"D", "\033[0;4m", true, true},
+ {"I", "\033[1m", false, true},
+ {"W", "\033[0;33m", true, true},
+ {"E", "\033[1;31m", true, true},
+ {"F", "\033[7;35m", true, true},
+ {"HR", "\033[0m", false, false},
+ {"HB", "\033[1m", false, false},
+ };
+
+ time_t ltstamp = time(NULL);
+ struct tm utctime;
+ localtime_r(<stamp, &utctime);
+ char timestr[32];
+ if (strftime(timestr, sizeof(timestr) - 1, "%FT%T%z", &utctime) == 0) {
+ timestr[0] = '\0';
+ }
+
+ /* Start printing logs */
+ if (log_fd_isatty) {
+ dprintf(log_fd, "%s", logLevels[ll].prefix);
+ }
+ if (logLevels[ll].print_time) {
+ dprintf(log_fd, "[%s] ", timestr);
+ }
+ if (logLevels[ll].print_funcline) {
+ dprintf(log_fd, "[%s][%d] %s():%d ", logLevels[ll].descr, (int)getpid(), fn, ln);
+ }
+
+ va_list args;
+ va_start(args, fmt);
+ vdprintf(log_fd, fmt, args);
+ va_end(args);
+ if (perr) {
+ dprintf(log_fd, ": %s", strerr);
+ }
+ if (log_fd_isatty) {
+ dprintf(log_fd, "\033[0m");
+ }
+ dprintf(log_fd, "\n");
+ /* End printing logs */
+
+ if (ll == FATAL) {
+ exit(0xff);
+ }
+}
+
+void logStop(int sig) { LOG_I("Server stops due to fatal signal (%d) caught. Exiting", sig); }
+
+} // namespace log
#include "nsjail.h"
-#define LOG_HELP(...) logLog(HELP, __func__, __LINE__, false, __VA_ARGS__);
-#define LOG_HELP_BOLD(...) logLog(HELP_BOLD, __func__, __LINE__, false, __VA_ARGS__);
-
-#define LOG_D(...) logLog(DEBUG, __func__, __LINE__, false, __VA_ARGS__);
-#define LOG_I(...) logLog(INFO, __func__, __LINE__, false, __VA_ARGS__);
-#define LOG_W(...) logLog(WARNING, __func__, __LINE__, false, __VA_ARGS__);
-#define LOG_E(...) logLog(ERROR, __func__, __LINE__, false, __VA_ARGS__);
-#define LOG_F(...) logLog(FATAL, __func__, __LINE__, false, __VA_ARGS__);
-
-#define PLOG_D(...) logLog(DEBUG, __func__, __LINE__, true, __VA_ARGS__);
-#define PLOG_I(...) logLog(INFO, __func__, __LINE__, true, __VA_ARGS__);
-#define PLOG_W(...) logLog(WARNING, __func__, __LINE__, true, __VA_ARGS__);
-#define PLOG_E(...) logLog(ERROR, __func__, __LINE__, true, __VA_ARGS__);
-#define PLOG_F(...) logLog(FATAL, __func__, __LINE__, true, __VA_ARGS__);
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-bool logInitLogFile(struct nsjconf_t* nsjconf);
-void logLog(enum llevel_t ll, const char* fn, int ln, bool perr, const char* fmt, ...)
+#define LOG_HELP(...) log::logMsg(HELP, __func__, __LINE__, false, __VA_ARGS__);
+#define LOG_HELP_BOLD(...) log::logMsg(HELP_BOLD, __func__, __LINE__, false, __VA_ARGS__);
+
+#define LOG_D(...) log::logMsg(DEBUG, __func__, __LINE__, false, __VA_ARGS__);
+#define LOG_I(...) log::logMsg(INFO, __func__, __LINE__, false, __VA_ARGS__);
+#define LOG_W(...) log::logMsg(WARNING, __func__, __LINE__, false, __VA_ARGS__);
+#define LOG_E(...) log::logMsg(ERROR, __func__, __LINE__, false, __VA_ARGS__);
+#define LOG_F(...) log::logMsg(FATAL, __func__, __LINE__, false, __VA_ARGS__);
+
+#define PLOG_D(...) log::logMsg(DEBUG, __func__, __LINE__, true, __VA_ARGS__);
+#define PLOG_I(...) log::logMsg(INFO, __func__, __LINE__, true, __VA_ARGS__);
+#define PLOG_W(...) log::logMsg(WARNING, __func__, __LINE__, true, __VA_ARGS__);
+#define PLOG_E(...) log::logMsg(ERROR, __func__, __LINE__, true, __VA_ARGS__);
+#define PLOG_F(...) log::logMsg(FATAL, __func__, __LINE__, true, __VA_ARGS__);
+
+namespace log {
+
+bool initLogFile(struct nsjconf_t* nsjconf);
+void logMsg(enum llevel_t ll, const char* fn, int ln, bool perr, const char* fmt, ...)
__attribute__((format(printf, 5, 6)));
void logStop(int sig);
-#ifdef __cplusplus
-} // extern "C"
-#endif
+} // namespace log
#endif /* NS_LOG_H */
#include <syscall.h>
#include <unistd.h>
-extern "C" {
-#include "log.h"
-}
-
#include "common.h"
+#include "log.h"
#include "subproc.h"
#include "util.h"
#include <sys/types.h>
#include <unistd.h>
-extern "C" {
#include "log.h"
-}
-
#include "subproc.h"
extern char** environ;
for (;;) {
if (nsjailSigFatal > 0) {
subproc::killAll(nsjconf);
- logStop(nsjailSigFatal);
+ log::logStop(nsjailSigFatal);
close(listenfd);
return;
}
}
if (nsjailSigFatal > 0) {
subproc::killAll(nsjconf);
- logStop(nsjailSigFatal);
+ log::logStop(nsjailSigFatal);
return -1;
}
}))
#endif /* !defined(TEMP_FAILURE_RETRY) */
-#ifdef __cplusplus
-extern "C" {
-#endif
-
static const int nssigs[] = {
SIGINT,
SIGQUIT,
caps;
};
-#ifdef __cplusplus
-} // extern "C"
-#endif
-
#endif /* _NSJAIL_H */
#include <sys/prctl.h>
#include <unistd.h>
-extern "C" {
#include "log.h"
-}
-
#include "subproc.h"
namespace pid {
extern "C" {
#include "kafel.h"
-#include "log.h"
}
+#include "log.h"
namespace sandbox {
#include "cgroup.h"
#include "common.h"
#include "contain.h"
+#include "log.h"
#include "net.h"
#include "sandbox.h"
#include "user.h"
#include "util.h"
-extern "C" {
-#include "log.h"
-} // extern "C"
-
namespace subproc {
#if !defined(CLONE_NEWCGROUP)
#include <sys/types.h>
#include <unistd.h>
-extern "C" {
-#include "log.h"
-}
-
#include "common.h"
+#include "log.h"
#include "subproc.h"
#include "util.h"
#include <unistd.h>
#include "common.h"
-
-extern "C" {
#include "log.h"
-}
namespace util {
#include <string.h>
#include <unistd.h>
-extern "C" {
#include "log.h"
-}
namespace uts {
projects / platform / upstream / nsjail.git / commitdiff