nsjconf->rl_nproc = configRLimit(RLIMIT_NPROC, njc.rlimit_nproc_type(), njc.rlimit_nproc());
nsjconf->rl_stack = configRLimit(
RLIMIT_STACK, njc.rlimit_stack_type(), njc.rlimit_stack(), 1024UL * 1024UL);
- nsjconf->rl_mlock = configRLimit(
- RLIMIT_MEMLOCK, njc.rlimit_memlock_type(), njc.rlimit_memlock(), 1024UL);
- nsjconf->rl_rtpr = configRLimit(RLIMIT_RTPRIO, njc.rlimit_rtprio_type(), njc.rlimit_rtprio());
- nsjconf->rl_msgq = configRLimit(RLIMIT_MSGQUEUE, njc.rlimit_msgqueue_type(), njc.rlimit_msgqueue());
+ nsjconf->rl_mlock =
+ configRLimit(RLIMIT_MEMLOCK, njc.rlimit_memlock_type(), njc.rlimit_memlock(), 1024UL);
+ nsjconf->rl_rtpr =
+ configRLimit(RLIMIT_RTPRIO, njc.rlimit_rtprio_type(), njc.rlimit_rtprio());
+ nsjconf->rl_msgq =
+ configRLimit(RLIMIT_MSGQUEUE, njc.rlimit_msgqueue_type(), njc.rlimit_msgqueue());
nsjconf->disable_rl = njc.disable_rl();
nsjconf->clone_newuts = njc.clone_newuts();
nsjconf->clone_newcgroup = njc.clone_newcgroup();
nsjconf->clone_newtime = njc.clone_newtime();
-
+
nsjconf->no_pivotroot = njc.no_pivotroot();
for (ssize_t i = 0; i < njc.uidmap_size(); i++) {
optional string cwd = 9 [default = "/"];
/* Defines whether to use switch_root or pivot_root */
- optional bool no_pivotroot = 88 [default = false];
-
+ optional bool no_pivotroot = 88 [default = false];
+
/* TCP port to listen to. Valid with mode=LISTEN only */
optional uint32 port = 10 [default = 0];
/* Host to bind to for mode=LISTEN. Must be in IPv6 format */
/* In KB, use the soft limit value by default */
optional uint64 rlimit_memlock = 88 [default = 64];
optional RLimit rlimit_memlock_type = 89 [default = SOFT];
- optional uint64 rlimit_rtprio = 90 [default = 0];
+ optional uint64 rlimit_rtprio = 90 [default = 0];
optional RLimit rlimit_rtprio_type = 91 [default = SOFT];
- optional uint64 rlimit_msgqueue = 92 [default = 1024]; /* In bytes */
+ optional uint64 rlimit_msgqueue = 92 [default = 1024]; /* In bytes */
optional RLimit rlimit_msgqueue_type = 93 [default = SOFT];
/* Disable all rlimits, default to limits set by parent */
PLOG_E("umount2('%s', MNT_DETACH)", tmpdir->c_str());
return false;
}
-
- if (!nsjconf->no_pivotroot) {
- /*
- * This requires some explanation: It's actually possible to pivot_root('/', '/').
- * After this operation has been completed, the old root is mounted over the new
- * root, and it's OK to simply umount('/') now, and to have new_root as '/'. This
- * allows us not care about providing any special directory for old_root, which is
- * sometimes not easy, given that e.g. /tmp might not always be present inside
- * new_root
- */
- if (util::syscall(
- __NR_pivot_root, (uintptr_t)destdir->c_str(), (uintptr_t)destdir->c_str()) == -1) {
- PLOG_E("pivot_root('%s', '%s')", destdir->c_str(), destdir->c_str());
- return false;
- }
-
- if (umount2("/", MNT_DETACH) == -1) {
- PLOG_E("umount2('/', MNT_DETACH)");
- return false;
- }
- } else {
- /*
- * pivot_root would normally un-mount the old root, however in certain cases this
- * operation is forbidden. There are systems (mainly embedded) that keep their root
- * file system in RAM, when initially loaded by the kernel (e.g. initramfs),
- * and there is no other file system that is mounted on top of it.In such systems,
- * there is no option to pivot_root!
- * For more information, see kernel.org/doc/Documentation/filesystems/ramfs-rootfs-initramfs.txt.
- * switch_root alternative:
- * Innstead of un-mounting the old rootfs, it is over mounted by moving the new root to it.
- */
-
- /* NOTE: Using mount move and chroot allows escaping back into the old root when proper
- * capabilities are kept in the user namespace. It can be acheived by unmounting the new root
- * and using setns to re-enter the mount namespace.
- */
- LOG_W(
- "Using no_pivotroot is escapable when user posseses relevant capabilities, "
- "Use it with care!"
- );
-
- if (chdir(destdir->c_str()) == -1) {
- PLOG_E("chdir('%s')", destdir->c_str());
- return false;
- }
-
- /* mount moving the new root on top of '/'. This operation is atomic and doesn't involve
- un-mounting '/' at any stage */
- if (mount(".", "/", NULL, MS_MOVE, NULL) == -1) {
- PLOG_E("mount('/', %s, NULL, MS_MOVE, NULL)", destdir->c_str());
- return false;
- }
-
- if (chroot(".") == -1) {
- PLOG_E("chroot('%s')", destdir->c_str());
- return false;
- }
- }
-
- for (const auto& p : nsjconf->mountpts) {
- if (!remountPt(p) && p.is_mandatory) {
- return false;
- }
- }
+
+ if (!nsjconf->no_pivotroot) {
+ /*
+ * This requires some explanation: It's actually possible to pivot_root('/', '/').
+ * After this operation has been completed, the old root is mounted over the new
+ * root, and it's OK to simply umount('/') now, and to have new_root as '/'. This
+ * allows us not care about providing any special directory for old_root, which is
+ * sometimes not easy, given that e.g. /tmp might not always be present inside
+ * new_root
+ */
+ if (util::syscall(__NR_pivot_root, (uintptr_t)destdir->c_str(),
+ (uintptr_t)destdir->c_str()) == -1) {
+ PLOG_E("pivot_root('%s', '%s')", destdir->c_str(), destdir->c_str());
+ return false;
+ }
+
+ if (umount2("/", MNT_DETACH) == -1) {
+ PLOG_E("umount2('/', MNT_DETACH)");
+ return false;
+ }
+ } else {
+ /*
+ * pivot_root would normally un-mount the old root, however in certain cases this
+ * operation is forbidden. There are systems (mainly embedded) that keep their root
+ * file system in RAM, when initially loaded by the kernel (e.g. initramfs),
+ * and there is no other file system that is mounted on top of it.In such systems,
+ * there is no option to pivot_root!
+ * For more information, see
+ * kernel.org/doc/Documentation/filesystems/ramfs-rootfs-initramfs.txt. switch_root
+ * alternative: Innstead of un-mounting the old rootfs, it is over mounted by moving
+ * the new root to it.
+ */
+
+ /* NOTE: Using mount move and chroot allows escaping back into the old root when
+ * proper capabilities are kept in the user namespace. It can be acheived by
+ * unmounting the new root and using setns to re-enter the mount namespace.
+ */
+ LOG_W(
+ "Using no_pivotroot is escapable when user posseses relevant capabilities, "
+ "Use it with care!");
+
+ if (chdir(destdir->c_str()) == -1) {
+ PLOG_E("chdir('%s')", destdir->c_str());
+ return false;
+ }
+
+ /* mount moving the new root on top of '/'. This operation is atomic and doesn't
+ involve un-mounting '/' at any stage */
+ if (mount(".", "/", NULL, MS_MOVE, NULL) == -1) {
+ PLOG_E("mount('/', %s, NULL, MS_MOVE, NULL)", destdir->c_str());
+ return false;
+ }
+
+ if (chroot(".") == -1) {
+ PLOG_E("chroot('%s')", destdir->c_str());
+ return false;
+ }
+ }
+
+ for (const auto& p : nsjconf->mountpts) {
+ if (!remountPt(p) && p.is_mandatory) {
+ return false;
+ }
+ }
return true;
}
projects / platform / upstream / nsjail.git / commitdiff