#include "util.h"
#include "uts.h"
-bool containInitNetNs(struct nsjconf_t * nsjconf)
+static bool containInitNetNs(struct nsjconf_t *nsjconf)
{
return netInitNsFromChild(nsjconf);
}
-bool containInitUtsNs(struct nsjconf_t * nsjconf)
+static bool containInitUtsNs(struct nsjconf_t *nsjconf)
{
return utsInitNs(nsjconf);
}
-bool containDropPrivs(struct nsjconf_t * nsjconf)
+static bool containDropPrivs(struct nsjconf_t *nsjconf)
{
/*
* Best effort because of /proc/self/setgroups
return true;
}
-bool containPrepareEnv(struct nsjconf_t * nsjconf)
+static bool containPrepareEnv(struct nsjconf_t *nsjconf)
{
if (prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0) == -1) {
PLOG_E("prctl(PR_SET_PDEATHSIG, SIGKILL)");
return true;
}
-bool containInitMountNs(struct nsjconf_t * nsjconf)
+static bool containInitMountNs(struct nsjconf_t *nsjconf)
{
return mountInitNs(nsjconf);
}
-bool containSetLimits(struct nsjconf_t * nsjconf)
+static bool containSetLimits(struct nsjconf_t *nsjconf)
{
struct rlimit64 rl;
rl.rlim_cur = rl.rlim_max = nsjconf->rl_as;
return true;
}
-bool containMakeFdsCOE(void)
+static bool containMakeFdsCOE(void)
{
if (containMakeFdsCOEProc() == true) {
return true;
}
return true;
}
+
+bool containContain(struct nsjconf_t * nsjconf)
+{
+ if (containInitMountNs(nsjconf) == false) {
+ return false;
+ }
+ if (containInitNetNs(nsjconf) == false) {
+ return false;
+ }
+ if (containInitUtsNs(nsjconf) == false) {
+ return false;
+ }
+ if (containDropPrivs(nsjconf) == false) {
+ return false;
+ }
+ /* */
+ /* As non-root */
+ if (containSetLimits(nsjconf) == false) {
+ return false;
+ }
+ if (containPrepareEnv(nsjconf) == false) {
+ return false;
+ }
+ if (containMakeFdsCOE() == false) {
+ return false;
+ }
+ return true;
+}
#include "common.h"
-bool containInitNetNs(struct nsjconf_t *nsjconf);
-bool containInitUtsNs(struct nsjconf_t *nsjconf);
-bool containDropPrivs(struct nsjconf_t *nsjconf);
-bool containPrepareEnv(struct nsjconf_t *nsjconf);
-bool containInitMountNs(struct nsjconf_t *nsjconf);
-bool containSetLimits(struct nsjconf_t *nsjconf);
-bool containMakeFdsCOE(void);
bool containSetupFD(struct nsjconf_t *nsjconf, int fd_in, int fd_out, int fd_err, int fd_log);
+bool containContain(struct nsjconf_t *nsjconf);
#endif /* _CONTAIN_H */
if (doneChar != subprocDoneChar) {
exit(1);
}
- if (containInitMountNs(nsjconf) == false) {
+ if (containContain(nsjconf) == false) {
exit(1);
}
- if (containInitNetNs(nsjconf) == false) {
- exit(1);
- }
- if (containInitUtsNs(nsjconf) == false) {
- exit(1);
- }
- if (containDropPrivs(nsjconf) == false) {
- exit(1);
- }
- /* */
- /* As non-root */
- if (containSetLimits(nsjconf) == false) {
- exit(1);
- }
- if (containPrepareEnv(nsjconf) == false) {
- exit(1);
- }
- if (containMakeFdsCOE() == false) {
- exit(1);
- }
- /* Should be the last one in the sequence */
- if (sandboxApply(nsjconf) == false) {
- exit(1);
- }
-
if (nsjconf->keep_env == false) {
clearenv();
}
for (size_t i = 0; nsjconf->argv[i]; i++) {
LOG_D(" Arg[%zu]: '%s'", i, nsjconf->argv[i]);
}
+
+ /* Should be the last one in the sequence */
+ if (sandboxApply(nsjconf) == false) {
+ exit(1);
+ }
execv(nsjconf->argv[0], &nsjconf->argv[0]);
PLOG_E("execve('%s') failed", nsjconf->argv[0]);
projects / platform / upstream / nsjail.git / commitdiff