projects / platform / upstream / nsjail.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a42203a)
More c++ isms
authorRobert Swiecki <robert@swiecki.net>
Tue, 22 May 2018 12:27:18 +0000 (14:27 +0200)
committerRobert Swiecki <robert@swiecki.net>
Tue, 22 May 2018 12:27:18 +0000 (14:27 +0200)
caps.cc patch | blob | history
mnt.cc patch | blob | history
nsjail.cc patch | blob | history
subproc.cc patch | blob | history
util.cc patch | blob | history

diff --git a/caps.cc b/caps.cc
index 878465fdebc67ec0638f60730354ea9fde8654ed..37d2fd1a41c882e431f7a7cce130230f9ad7f2b2 100644 (file)
--- a/caps.cc
+++ b/caps.cc
@@ -36,10 +36,10 @@
 
 namespace caps {
 
-static struct {
+struct {
        const int val;
        const char* const name;
-} const capNames[] = {
+} static const capNames[] = {
     NS_VALSTR_STRUCT(CAP_CHOWN),
     NS_VALSTR_STRUCT(CAP_DAC_OVERRIDE),
     NS_VALSTR_STRUCT(CAP_DAC_READ_SEARCH),
@@ -171,10 +171,10 @@ static bool initNsKeepCaps(cap_user_data_t cap_data) {
 
        /* Copy all permitted caps to the inheritable set */
        dbgmsg[0] = '\0';
-       for (size_t i = 0; i < ARR_SZ(capNames); i++) {
-               if (getPermitted(cap_data, capNames[i].val)) {
-                       util::sSnPrintf(dbgmsg, sizeof(dbgmsg), " %s", capNames[i].name);
-                       setInheritable(cap_data, capNames[i].val);
+       for (const auto& i : capNames) {
+               if (getPermitted(cap_data, i.val)) {
+                       util::sSnPrintf(dbgmsg, sizeof(dbgmsg), " %s", i.name);
+                       setInheritable(cap_data, i.val);
                }
        }
        LOG_D("Adding the following capabilities to the inheritable set:%s", dbgmsg);
@@ -185,15 +185,15 @@ static bool initNsKeepCaps(cap_user_data_t cap_data) {
 
        /* Make sure the inheritable set is preserved across execve via the ambient set */
        dbgmsg[0] = '\0';
-       for (size_t i = 0; i < ARR_SZ(capNames); i++) {
-               if (!getPermitted(cap_data, capNames[i].val)) {
+       for (const auto& i : capNames) {
+               if (!getPermitted(cap_data, i.val)) {
                        continue;
                }
-               if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, (unsigned long)capNames[i].val, 0UL,
-                       0UL) == -1) {
-                       PLOG_W("prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, %s)", capNames[i].name);
+               if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, (unsigned long)i.val, 0UL, 0UL) ==
+                   -1) {
+                       PLOG_W("prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, %s)", i.name);
                } else {
-                       util::sSnPrintf(dbgmsg, sizeof(dbgmsg), " %s", capNames[i].name);
+                       util::sSnPrintf(dbgmsg, sizeof(dbgmsg), " %s", i.name);
                }
        }
        LOG_D("Added the following capabilities to the ambient set:%s", dbgmsg);
@@ -247,14 +247,13 @@ bool initNs(nsjconf_t* nsjconf) {
         */
        dbgmsg.clear();
        if (getEffective(cap_data, CAP_SETPCAP)) {
-               for (size_t i = 0; i < ARR_SZ(capNames); i++) {
-                       if (getInheritable(cap_data, capNames[i].val)) {
+               for (const auto& i : capNames) {
+                       if (getInheritable(cap_data, i.val)) {
                                continue;
                        }
-                       dbgmsg.append(" ").append(capNames[i].name);
-                       if (prctl(PR_CAPBSET_DROP, (unsigned long)capNames[i].val, 0UL, 0UL, 0UL) ==
-                           -1) {
-                               PLOG_W("prctl(PR_CAPBSET_DROP, %s)", capNames[i].name);
+                       dbgmsg.append(" ").append(i.name);
+                       if (prctl(PR_CAPBSET_DROP, (unsigned long)i.val, 0UL, 0UL, 0UL) == -1) {
+                               PLOG_W("prctl(PR_CAPBSET_DROP, %s)", i.name);
                                return false;
                        }
                }
diff --git a/mnt.cc b/mnt.cc
index a6cd103e4b559a227f82456c332db4857b2bc397..f51a348df3a9fd3503a421a2a54ce70579b9fb8e 100644 (file)
--- a/mnt.cc
+++ b/mnt.cc
@@ -57,10 +57,10 @@ namespace mnt {
 static const std::string flagsToStr(uintptr_t flags) {
        std::string res;
 
-       static struct {
+       struct {
                const uintptr_t flag;
                const char* const name;
-       } const mountFlags[] = {
+       } static const mountFlags[] = {
            NS_VALSTR_STRUCT(MS_RDONLY),
            NS_VALSTR_STRUCT(MS_NOSUID),
            NS_VALSTR_STRUCT(MS_NODEV),
@@ -88,12 +88,12 @@ static const std::string flagsToStr(uintptr_t flags) {
        };
 
        uintptr_t knownFlagMask = 0U;
-       for (size_t i = 0; i < ARR_SZ(mountFlags); i++) {
-               if (flags & mountFlags[i].flag) {
-                       res.append(mountFlags[i].name);
+       for (const auto& i : mountFlags) {
+               if (flags & i.flag) {
+                       res.append(i.name);
                        res.append("|");
                }
-               knownFlagMask |= mountFlags[i].flag;
+               knownFlagMask |= i.flag;
        }
 
        if (((flags & ~(knownFlagMask)) == 0) && !res.empty()) {
@@ -239,10 +239,10 @@ static bool remountRO(const mount_t& mpt) {
                return false;
        }
 
-       static struct {
+       struct {
                const unsigned long mount_flag;
                const unsigned long vfs_flag;
-       } const mountPairs[] = {
+       } static const mountPairs[] = {
            {MS_RDONLY, ST_RDONLY},
            {MS_NOSUID, ST_NOSUID},
            {MS_NODEV, ST_NODEV},
@@ -255,9 +255,9 @@ static bool remountRO(const mount_t& mpt) {
        };
 
        unsigned long new_flags = MS_REMOUNT | MS_RDONLY | MS_BIND;
-       for (size_t i = 0; i < ARR_SZ(mountPairs); i++) {
-               if (vfs.f_flag & mountPairs[i].vfs_flag) {
-                       new_flags |= mountPairs[i].mount_flag;
+       for (const auto& i : mountPairs) {
+               if (vfs.f_flag & i.vfs_flag) {
+                       new_flags |= i.mount_flag;
                }
        }
 
diff --git a/nsjail.cc b/nsjail.cc
index f16fea1cf9f1dda734e9ada49c2ac0153684906b..d3afd1ff51d127ce279d58cba1bcaf2397196729 100644 (file)
--- a/nsjail.cc
+++ b/nsjail.cc
@@ -77,8 +77,8 @@ static bool nsjailSetSigHandler(int sig) {
 }
 
 static bool nsjailSetSigHandlers(void) {
-       for (size_t i = 0; i < ARR_SZ(nssigs); i++) {
-               if (!nsjailSetSigHandler(nssigs[i])) {
+       for (const auto& i : nssigs) {
+               if (!nsjailSetSigHandler(i)) {
                        return false;
                }
        }
diff --git a/subproc.cc b/subproc.cc
index 2031ebe6b4e9605d518da1a73ea264c9ba7c8a38..04693a550551b92acf5941e2726323d08024fcf4 100644 (file)
--- a/subproc.cc
+++ b/subproc.cc
@@ -62,10 +62,10 @@ namespace subproc {
 static const std::string cloneFlagsToStr(uintptr_t flags) {
        std::string res;
 
-       static struct {
+       struct {
                const uintptr_t flag;
                const char* const name;
-       } const cloneFlags[] = {
+       } static const cloneFlags[] = {
            NS_VALSTR_STRUCT(CLONE_VM),
            NS_VALSTR_STRUCT(CLONE_FS),
            NS_VALSTR_STRUCT(CLONE_FILES),
@@ -92,11 +92,11 @@ static const std::string cloneFlagsToStr(uintptr_t flags) {
        };
 
        uintptr_t knownFlagMask = CSIGNAL;
-       for (const auto& f : cloneFlags) {
-               if (flags & f.flag) {
-                       res.append(f.name).append("|");
+       for (const auto& i : cloneFlags) {
+               if (flags & i.flag) {
+                       res.append(i.name).append("|");
                }
-               knownFlagMask |= f.flag;
+               knownFlagMask |= i.flag;
        }
 
        if (flags & ~(knownFlagMask)) {
diff --git a/util.cc b/util.cc
index bbbcaf7fd954035a4188b30d6cf37784da5a1311..d0e4f8e43350be10f30eebfbcaf4f904d3b32f96 100644 (file)
--- a/util.cc
+++ b/util.cc
@@ -195,7 +195,9 @@ static void rndInitThread(void) {
 #endif /* defined(__NR_getrandom) */
        int fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
        if (fd == -1) {
-               PLOG_D("Couldn't open /dev/urandom for reading. Using gettimeofday fall-back");
+               PLOG_D(
+                   "Couldn't open /dev/urandom for reading. Using gettimeofday "
+                   "fall-back");
                struct timeval tv;
                gettimeofday(&tv, NULL);
                rndX = tv.tv_usec + ((uint64_t)tv.tv_sec << 32);
@@ -217,10 +219,10 @@ uint64_t rnd64(void) {
 const std::string sigName(int signo) {
        std::string res;
 
-       static struct {
+       struct {
                const int signo;
                const char* const name;
-       } const sigNames[] = {
+       } static const sigNames[] = {
            NS_VALSTR_STRUCT(SIGINT),
            NS_VALSTR_STRUCT(SIGILL),
            NS_VALSTR_STRUCT(SIGABRT),
@@ -252,9 +254,9 @@ const std::string sigName(int signo) {
            NS_VALSTR_STRUCT(SIGWINCH),
        };
 
-       for (size_t i = 0; i < ARR_SZ(sigNames); i++) {
-               if (signo == sigNames[i].signo) {
-                       res.append(sigNames[i].name);
+       for (const auto& i : sigNames) {
+               if (signo == i.signo) {
+                       res.append(i.name);
                        return res;
                }
        }
Domain: System / System Framework;