projects / platform / upstream / nsjail.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 737b300)
subproc: warn about CLONE_NEWTIME and clone(), and remove notice about CLONE_NEWCGROU...
authorRobert Swiecki <robert@swiecki.net>
Fri, 16 Jul 2021 20:53:40 +0000 (22:53 +0200)
committerRobert Swiecki <robert@swiecki.net>
Fri, 16 Jul 2021 20:53:40 +0000 (22:53 +0200)
subproc.cc patch | blob | history

diff --git a/subproc.cc b/subproc.cc
index bb25ec336d53c1715abe6ca8ba6a1a4805fafdf5..bd2bdfe75cb4169cd67efc9ac194fae0c68ff4a8 100644 (file)
--- a/subproc.cc
+++ b/subproc.cc
@@ -469,15 +469,6 @@ pid_t runChild(nsjconf_t* nsjconf, int netfd, int fd_in, int fd_out, int fd_err)
        if (pid == -1) {
                auto saved_errno = errno;
                PLOG_W("clone(flags=%s) failed", cloneFlagsToStr(flags).c_str());
-               if (flags & CLONE_NEWCGROUP) {
-                       LOG_W(
-                           "nsjail tried to use the CLONE_NEWCGROUP clone flag, which is "
-                           "supported under kernel versions >= 4.6 only");
-               } else if (flags & CLONE_NEWTIME) {
-                       LOG_W(
-                           "nsjail tried to use the CLONE_NEWTIME clone flag, which is "
-                           "supported under kernel versions >= 5.13 only");
-               }
                close(parent_fd);
                errno = saved_errno;
                return pid;
@@ -528,6 +519,12 @@ pid_t cloneProc(uintptr_t flags, int exit_signal) {
                return -1;
        }
 
+       if (flags & CLONE_NEWTIME) {
+               LOG_W(
+                   "CLONE_NEWTIME reuqested, but it's only supported with the unshare() mode "
+                   "(-Me)");
+       }
+
 #if defined(__NR_clone3)
        struct clone_args ca = {
            .flags = (uint64_t)flags,
Domain: System / System Framework;