nsjail: convert caps from queue to vector

diff --git a/caps.cc b/caps.cc
index 0dd7460c8d5843886cfc2ed44a16d14f136bd151..a0bdaa8771a72f83fc734d4e9bcd6d951fa67acb 100644 (file)
--- a/caps.cc
+++ b/caps.cc
@@ -224,13 +224,13 @@ bool initNs(struct nsjconf_t* nsjconf) {
        /* Set all requested caps in the inheritable set if these are present in the permitted set
         */
        dbgmsg[0] = '\0';
-       TAILQ_FOREACH(p, &nsjconf->caps, pointers) {
-               if (getPermitted(cap_data, p->val) == false) {
-                       LOG_W("Capability %s is not permitted in the namespace", valToStr(p->val));
+       for (const auto& cap : nsjconf->caps) {
+               if (getPermitted(cap_data, cap) == false) {
+                       LOG_W("Capability %s is not permitted in the namespace", valToStr(cap));
                        return false;
                }
-               util::sSnPrintf(dbgmsg, sizeof(dbgmsg), " %s", valToStr(p->val));
-               setInheritable(cap_data, p->val);
+               util::sSnPrintf(dbgmsg, sizeof(dbgmsg), " %s", valToStr(cap));
+               setInheritable(cap_data, cap);
        }
        LOG_D("Adding the following capabilities to the inheritable set:%s", dbgmsg);
 
@@ -260,12 +260,12 @@ bool initNs(struct nsjconf_t* nsjconf) {
 
        /* Make sure inheritable set is preserved across execve via the modified ambient set */
        dbgmsg[0] = '\0';
-       TAILQ_FOREACH(p, &nsjconf->caps, pointers) {
-               if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, (unsigned long)p->val, 0UL, 0UL) ==
+       for (const auto& cap : nsjconf->caps) {
+               if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, (unsigned long)cap, 0UL, 0UL) ==
                    -1) {
-                       PLOG_W("prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, %s)", valToStr(p->val));
+                       PLOG_W("prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, %s)", valToStr(cap));
                } else {
-                       util::sSnPrintf(dbgmsg, sizeof(dbgmsg), " %s", valToStr(p->val));
+                       util::sSnPrintf(dbgmsg, sizeof(dbgmsg), " %s", valToStr(cap));
                }
        }
        LOG_D("Added the following capabilities to the ambient set:%s", dbgmsg);

diff --git a/cmdline.cc b/cmdline.cc
index 2f5b74f6f9315fd22d35df47f1259b23528a8e37..91bb87eb57eb77aa26c184f7fd4de8fe109f684a 100644 (file)
--- a/cmdline.cc
+++ b/cmdline.cc
@@ -392,7 +392,6 @@ std::unique_ptr<struct nsjconf_t> parseArgs(int argc, char* argv[]) {
        TAILQ_INIT(&nsjconf->envs);
        TAILQ_INIT(&nsjconf->uids);
        TAILQ_INIT(&nsjconf->gids);
-       TAILQ_INIT(&nsjconf->caps);
 
        static char cmdlineTmpfsSz[PATH_MAX] = "size=4194304";
 
@@ -580,13 +579,11 @@ std::unique_ptr<struct nsjconf_t> parseArgs(int argc, char* argv[]) {
                        nsjconf->max_cpus = strtoul(optarg, NULL, 0);
                        break;
                case 0x0509: {
-                       struct ints_t* f =
-                           reinterpret_cast<struct ints_t*>(util::memAlloc(sizeof(struct ints_t)));
-                       f->val = caps::nameToVal(optarg);
-                       if (f->val == -1) {
+                       int cap = caps::nameToVal(optarg);
+                       if (cap == -1) {
                                return nullptr;
                        }
-                       TAILQ_INSERT_HEAD(&nsjconf->caps, f, pointers);
+                       nsjconf->caps.push_back(cap);
                } break;
                case 0x0601:
                        nsjconf->is_root_rw = true;

diff --git a/config.cc b/config.cc
index 13afbbbe9cabd26f54eb8a6b2cdd00cfb53f67d0..87dbc1c1b68e67fc7cda9159013e509a37aac549 100644 (file)
--- a/config.cc
+++ b/config.cc
@@ -139,11 +139,11 @@ static bool configParseInternal(struct nsjconf_t* nsjconf, const nsjail::NsJailC
        for (ssize_t i = 0; i < njc.cap_size(); i++) {
                struct ints_t* f =
                    reinterpret_cast<struct ints_t*>(util::memAlloc(sizeof(struct ints_t)));
-               f->val = caps::nameToVal(njc.cap(i).c_str());
-               if (f->val == -1) {
+               int cap = caps::nameToVal(njc.cap(i).c_str());
+               if (cap == -1) {
                        return false;
                }
-               TAILQ_INSERT_HEAD(&nsjconf->caps, f, pointers);
+               nsjconf->caps.push_back(cap);
        }
 
        nsjconf->is_silent = njc.silent();

diff --git a/nsjail.h b/nsjail.h
index 2b7161d6465880e1928c5f97c61d2c5ad6158a05..74121364f01eafb8ddbdd4f75e866b69bf4e152c 100644 (file)
--- a/nsjail.h
+++ b/nsjail.h
@@ -33,6 +33,8 @@
 #include <time.h>
 #include <unistd.h>
 
+#include <vector>
+
 #if !defined(TEMP_FAILURE_RETRY)
 #define TEMP_FAILURE_RETRY(expression)                     \
        (__extension__({                                   \
@@ -194,8 +196,7 @@ struct nsjconf_t {
        mountpts;
        TAILQ_HEAD(fdslistt, ints_t)
        open_fds;
-       TAILQ_HEAD(capslistt, ints_t)
-       caps;
+       std::vector<int> caps;
 };
 
 #endif /* _NSJAIL_H */