}
LOG_D("Adding the following capabilities to the inheritable set:%s", dbgmsg);
- if (setCaps(cap_data) == false) {
+ if (!setCaps(cap_data)) {
return false;
}
/* Make sure the inheritable set is preserved across execve via the ambient set */
dbgmsg[0] = '\0';
for (size_t i = 0; i < ARRAYSIZE(capNames); i++) {
- if (getPermitted(cap_data, capNames[i].val) == false) {
+ if (!getPermitted(cap_data, capNames[i].val)) {
continue;
}
if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, (unsigned long)capNames[i].val, 0UL,
*/
dbgmsg[0] = '\0';
for (const auto& cap : nsjconf->caps) {
- if (getPermitted(cap_data, cap) == false) {
+ if (!getPermitted(cap_data, cap)) {
LOG_W("Capability %s is not permitted in the namespace",
capToStr(cap).c_str());
return false;
}
LOG_D("Adding the following capabilities to the inheritable set:%s", dbgmsg);
- if (setCaps(cap_data) == false) {
+ if (!setCaps(cap_data)) {
return false;
}
if (strcasecmp(optarg, "max") == 0 || strcasecmp(optarg, "hard") == 0) {
return cur.rlim_max;
}
- if (util::isANumber(optarg) == false) {
+ if (!util::isANumber(optarg)) {
LOG_F(
"RLIMIT %d needs a numeric or 'max'/'hard'/'def'/'soft'/'inf' value ('%s' "
"provided)",
nsjconf->cwd = optarg;
break;
case 'C':
- if (config::parseFile(nsjconf.get(), optarg) == false) {
+ if (!config::parseFile(nsjconf.get(), optarg)) {
LOG_F("Couldn't parse configuration from '%s' file", optarg);
}
break;
std::string fstype = njc.mount(i).fstype();
std::string options = njc.mount(i).options();
- uintptr_t flags = (njc.mount(i).rw() == false) ? MS_RDONLY : 0;
+ uintptr_t flags = (!njc.mount(i).rw()) ? MS_RDONLY : 0;
flags |= njc.mount(i).is_bind() ? (MS_BIND | MS_REC | MS_PRIVATE) : 0;
bool is_mandatory = njc.mount(i).mandatory();
bool is_symlink = njc.mount(i).is_symlink();
#ifndef PR_SET_NO_NEW_PRIVS
#define PR_SET_NO_NEW_PRIVS 38
#endif
- if (nsjconf->disable_no_new_privs == false) {
+ if (!nsjconf->disable_no_new_privs) {
if (prctl(PR_SET_NO_NEW_PRIVS, 1UL, 0UL, 0UL, 0UL) == -1) {
/* Only new kernels support it */
PLOG_W("prctl(PR_SET_NO_NEW_PRIVS, 1)");
}
}
- if (caps::initNs(nsjconf) == false) {
+ if (!caps::initNs(nsjconf)) {
return false;
}
if (setpriority(PRIO_PROCESS, 0, 19) == -1 && errno != 0) {
PLOG_W("setpriority(19)");
}
- if (nsjconf->skip_setsid == false) {
+ if (!nsjconf->skip_setsid) {
setsid();
}
return true;
bool setupFD(nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err) {
if (nsjconf->mode != MODE_LISTEN_TCP) {
- if (nsjconf->is_silent == false) {
+ if (!nsjconf->is_silent) {
return true;
}
if (TEMP_FAILURE_RETRY(fd_in = fd_out = fd_err = open("/dev/null", O_RDWR)) == -1) {
}
bool containProc(nsjconf_t* nsjconf) {
- if (containUserNs(nsjconf) == false) {
+ if (!containUserNs(nsjconf)) {
return false;
}
- if (containInitPidNs(nsjconf) == false) {
+ if (!containInitPidNs(nsjconf)) {
return false;
}
- if (containInitMountNs(nsjconf) == false) {
+ if (!containInitMountNs(nsjconf)) {
return false;
}
- if (containInitNetNs(nsjconf) == false) {
+ if (!containInitNetNs(nsjconf)) {
return false;
}
- if (containInitUtsNs(nsjconf) == false) {
+ if (!containInitUtsNs(nsjconf)) {
return false;
}
- if (containInitCgroupNs() == false) {
+ if (!containInitCgroupNs()) {
return false;
}
- if (containDropPrivs(nsjconf) == false) {
+ if (!containDropPrivs(nsjconf)) {
return false;
}
/* */
/* As non-root */
- if (containCPU(nsjconf) == false) {
+ if (!containCPU(nsjconf)) {
return false;
}
- if (containSetLimits(nsjconf) == false) {
+ if (!containSetLimits(nsjconf)) {
return false;
}
- if (containPrepareEnv(nsjconf) == false) {
+ if (!containPrepareEnv(nsjconf)) {
return false;
}
- if (containMakeFdsCOE(nsjconf) == false) {
+ if (!containMakeFdsCOE(nsjconf)) {
return false;
}
return true;
#include <netlink/route/link.h>
#include <netlink/route/link/macvlan.h>
bool initNsFromParent(nsjconf_t* nsjconf, int pid) {
- if (nsjconf->clone_newnet == false) {
+ if (!nsjconf->clone_newnet) {
return true;
}
if (nsjconf->iface_vs.empty()) {
#else // defined(NSJAIL_NL3_WITH_MACVLAN)
bool initNsFromParent(nsjconf_t* nsjconf, int pid) {
- if (nsjconf->clone_newnet == false) {
+ if (!nsjconf->clone_newnet) {
return true;
}
if (nsjconf->iface_vs.empty()) {
return false;
}
- if (ifaceUp(IFACE_NAME) == false) {
+ if (!ifaceUp(IFACE_NAME)) {
close(sock);
return false;
}
if (!nsjconf) {
LOG_F("Couldn't parse cmdline options");
}
- if (nsjconf->clone_newuser == false && geteuid() != 0) {
+ if (!nsjconf->clone_newuser && geteuid() != 0) {
LOG_W("--disable_clone_newuser might require root() privs");
}
if (nsjconf->daemonize && (daemon(0, 0) == -1)) {
PLOG_F("daemon");
}
cmdline::logParams(nsjconf.get());
- if (nsjailSetSigHandlers() == false) {
+ if (!nsjailSetSigHandlers()) {
LOG_F("nsjailSetSigHandlers() failed");
}
- if (nsjailSetTimer(nsjconf.get()) == false) {
+ if (!nsjailSetTimer(nsjconf.get())) {
LOG_F("nsjailSetTimer() failed");
}
if (!sandbox::preparePolicy(nsjconf.get())) {
static const char kSubprocDoneChar = 'D';
static int subprocNewProc(nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err, int pipefd) {
- if (contain::setupFD(nsjconf, fd_in, fd_out, fd_err) == false) {
+ if (!contain::setupFD(nsjconf, fd_in, fd_out, fd_err)) {
_exit(0xff);
}
if (!resetEnv()) {
}
if (pipefd == -1) {
- if (user::initNsFromParent(nsjconf, getpid()) == false) {
+ if (!user::initNsFromParent(nsjconf, getpid())) {
LOG_E("Couldn't initialize net user namespace");
_exit(0xff);
}
- if (cgroup::initNsFromParent(nsjconf, getpid()) == false) {
+ if (!cgroup::initNsFromParent(nsjconf, getpid())) {
LOG_E("Couldn't initialize net user namespace");
_exit(0xff);
}
_exit(0xff);
}
}
- if (contain::containProc(nsjconf) == false) {
+ if (!contain::containProc(nsjconf)) {
_exit(0xff);
}
- if (nsjconf->keep_env == false) {
+ if (!nsjconf->keep_env) {
clearenv();
}
for (const auto& env : nsjconf->envs) {
}
/* Should be the last one in the sequence */
- if (sandbox::applyPolicy(nsjconf) == false) {
+ if (!sandbox::applyPolicy(nsjconf)) {
exit(0xff);
}
}
static bool initParent(nsjconf_t* nsjconf, pid_t pid, int pipefd) {
- if (net::initNsFromParent(nsjconf, pid) == false) {
+ if (!net::initNsFromParent(nsjconf, pid)) {
LOG_E("Couldn't create and put MACVTAP interface into NS of PID '%d'", pid);
return false;
}
- if (cgroup::initNsFromParent(nsjconf, pid) == false) {
+ if (!cgroup::initNsFromParent(nsjconf, pid)) {
LOG_E("Couldn't initialize cgroup user namespace");
exit(0xff);
}
- if (user::initNsFromParent(nsjconf, pid) == false) {
+ if (!user::initNsFromParent(nsjconf, pid)) {
LOG_E("Couldn't initialize user namespaces for pid %d", pid);
return false;
}
}
void runChild(nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err) {
- if (net::limitConns(nsjconf, fd_in) == false) {
+ if (!net::limitConns(nsjconf, fd_in)) {
return;
}
unsigned long flags = 0UL;
}
addProc(nsjconf, pid, fd_in);
- if (initParent(nsjconf, pid, parent_fd) == false) {
+ if (!initParent(nsjconf, pid, parent_fd)) {
close(parent_fd);
return;
}
}
bool initNsFromParent(nsjconf_t* nsjconf, pid_t pid) {
- if (setGroups(pid) == false) {
+ if (!setGroups(pid)) {
return false;
}
- if (nsjconf->clone_newuser == false) {
+ if (!nsjconf->clone_newuser) {
return true;
}
- if (uidGidMap(nsjconf, pid) == false) {
+ if (!uidGidMap(nsjconf, pid)) {
return false;
}
return true;
return false;
}
- if (writeToFd(fd, buf, len) == false) {
+ if (!writeToFd(fd, buf, len)) {
PLOG_E("Couldn't write '%zu' bytes to file '%s' (fd='%d')", len, filename, fd);
close(fd);
unlink(filename);
namespace uts {
bool initNs(nsjconf_t* nsjconf) {
- if (nsjconf->clone_newuts == false) {
+ if (!nsjconf->clone_newuts) {
return true;
}