#include <sys/types.h>
#include <unistd.h>
+#include <string>
+
#include "logs.h"
#include "macros.h"
#include "util.h"
return -1;
}
-static const char* valToStr(int val) {
- static __thread char capsStr[1024];
+static const std::string capToStr(int val) {
+ std::string res;
for (size_t i = 0; i < ARRAYSIZE(capNames); i++) {
if (val == capNames[i].val) {
- snprintf(capsStr, sizeof(capsStr), "%s", capNames[i].name);
- return capsStr;
+ return capNames[i].name;
}
}
- snprintf(capsStr, sizeof(capsStr), "CAP_UNKNOWN(%d)", val);
- return capsStr;
+ res.append("CAP_UNKNOWN(");
+ res.append(std::to_string(val));
+ res.append(")");
+ return res;
}
static cap_user_data_t getCaps() {
dbgmsg[0] = '\0';
for (const auto& cap : nsjconf->caps) {
if (getPermitted(cap_data, cap) == false) {
- LOG_W("Capability %s is not permitted in the namespace", valToStr(cap));
+ LOG_W("Capability %s is not permitted in the namespace",
+ capToStr(cap).c_str());
return false;
}
- util::sSnPrintf(dbgmsg, sizeof(dbgmsg), " %s", valToStr(cap));
+ util::sSnPrintf(dbgmsg, sizeof(dbgmsg), " %s", capToStr(cap).c_str());
setInheritable(cap_data, cap);
}
LOG_D("Adding the following capabilities to the inheritable set:%s", dbgmsg);
for (const auto& cap : nsjconf->caps) {
if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, (unsigned long)cap, 0UL, 0UL) ==
-1) {
- PLOG_W("prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, %s)", valToStr(cap));
+ PLOG_W("prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, %s)",
+ capToStr(cap).c_str());
} else {
- util::sSnPrintf(dbgmsg, sizeof(dbgmsg), " %s", valToStr(cap));
+ util::sSnPrintf(dbgmsg, sizeof(dbgmsg), " %s", capToStr(cap).c_str());
}
}
LOG_D("Added the following capabilities to the ambient set:%s", dbgmsg);
#include <syscall.h>
#include <unistd.h>
+#include <string>
+
#include "logs.h"
#include "macros.h"
#include "subproc.h"
#define MS_LAZYTIME (1 << 25)
#endif /* if !defined(MS_LAZYTIME) */
-const char* flagsToStr(uintptr_t flags) {
- static __thread char mountFlagsStr[1024];
- mountFlagsStr[0] = '\0';
+static const std::string flagsToStr(uintptr_t flags) {
+ std::string res;
static struct {
const uintptr_t flag;
NS_VALSTR_STRUCT(MS_LAZYTIME),
};
+ uintptr_t knownFlagMask = 0U;
for (size_t i = 0; i < ARRAYSIZE(mountFlags); i++) {
if (flags & mountFlags[i].flag) {
- util::sSnPrintf(
- mountFlagsStr, sizeof(mountFlagsStr), "%s|", mountFlags[i].name);
+ res.append(mountFlags[i].name);
+ res.append("|");
}
- }
-
- uintptr_t knownFlagMask = 0U;
- for (size_t i = 0; i < ARRAYSIZE(mountFlags); i++) {
knownFlagMask |= mountFlags[i].flag;
}
- util::sSnPrintf(mountFlagsStr, sizeof(mountFlagsStr), "%#tx", flags & ~(knownFlagMask));
- return mountFlagsStr;
+
+ char flagstr[32];
+ snprintf(flagstr, sizeof(flagstr), "%#tx", flags & ~(knownFlagMask));
+ res.append(flagstr);
+
+ return res;
}
static bool isDir(const char* path) {
}
}
- LOG_D("Re-mounting R/O '%s' (flags:%s)", mpt.dst.c_str(), flagsToStr(new_flags));
+ LOG_D("Re-mounting R/O '%s' (flags:%s)", mpt.dst.c_str(), flagsToStr(new_flags).c_str());
if (mount(mpt.dst.c_str(), mpt.dst.c_str(), NULL, new_flags, 0) == -1) {
- PLOG_W("mount('%s', flags:%s)", mpt.dst.c_str(), flagsToStr(new_flags));
+ PLOG_W("mount('%s', flags:%s)", mpt.dst.c_str(), flagsToStr(new_flags).c_str());
return false;
}
snprintf(mount_pt_descr, sizeof(mount_pt_descr),
"src:'%s' dst:'%s' type:'%s' flags:%s options:'%s' isDir:%s", mpt.src.c_str(),
- mpt.dst.c_str(), mpt.fs_type.c_str(), flagsToStr(mpt.flags), mpt.options.c_str(),
- mpt.isDir ? "true" : "false");
+ mpt.dst.c_str(), mpt.fs_type.c_str(), flagsToStr(mpt.flags).c_str(),
+ mpt.options.c_str(), mpt.isDir ? "true" : "false");
if (!mpt.mandatory) {
util::sSnPrintf(mount_pt_descr, sizeof(mount_pt_descr), " mandatory:false");
#include <stdbool.h>
#include <stdint.h>
+#include <string>
+
#include "nsjail.h"
namespace mnt {
NS_DIR_MAYBE,
} isDir_t;
-const char* flagsToStr(uintptr_t flags);
bool initNs(nsjconf_t* nsjconf);
bool addMountPtHead(nsjconf_t* nsjconf, const char* src, const char* dst, const char* fstype,
const char* options, uintptr_t flags, isDir_t isDir, bool mandatory, const char* src_env,
}
static bool nsjailSetSigHandler(int sig) {
- LOG_D("Setting sighandler for signal %s (%d)", util::sigName(sig), sig);
+ LOG_D("Setting sighandler for signal %s (%d)", util::sigName(sig).c_str(), sig);
sigset_t smask;
sigemptyset(&smask);
#include <time.h>
#include <unistd.h>
+#include <string>
+
#include "cgroup.h"
#include "contain.h"
#include "logs.h"
#define CLONE_NEWCGROUP 0x02000000
#endif /* !defined(CLONE_NEWCGROUP) */
-static const char* cloneFlagsToStr(uintptr_t flags) {
- static __thread char cloneFlagName[1024];
- cloneFlagName[0] = '\0';
+static const std::string cloneFlagsToStr(uintptr_t flags) {
+ std::string res;
static struct {
const uintptr_t flag;
NS_VALSTR_STRUCT(CLONE_IO),
};
+ uintptr_t knownFlagMask = CSIGNAL;
for (size_t i = 0; i < ARRAYSIZE(cloneFlags); i++) {
if (flags & cloneFlags[i].flag) {
- util::sSnPrintf(
- cloneFlagName, sizeof(cloneFlagName), "%s|", cloneFlags[i].name);
+ res.append(cloneFlags[i].name);
+ res.append("|");
}
- }
-
- uintptr_t knownFlagMask = CSIGNAL;
- for (size_t i = 0; i < ARRAYSIZE(cloneFlags); i++) {
knownFlagMask |= cloneFlags[i].flag;
}
+
if (flags & ~(knownFlagMask)) {
- util::sSnPrintf(
- cloneFlagName, sizeof(cloneFlagName), "%#tx|", flags & ~(knownFlagMask));
+ char flagstr[32];
+ snprintf(flagstr, sizeof(flagstr), "%#tx|", flags & ~(knownFlagMask));
+ res.append(flagstr);
}
- util::sSnPrintf(cloneFlagName, sizeof(cloneFlagName), "%s", util::sigName(flags & CSIGNAL));
- return cloneFlagName;
+ res.append(util::sigName(flags & CSIGNAL).c_str());
+ return res;
}
/* Reset the execution environment for the new process */
/* Set all previously changed signals to their default behavior */
for (size_t i = 0; i < ARRAYSIZE(nssigs); i++) {
if (signal(nssigs[i], SIG_DFL) == SIG_ERR) {
- PLOG_W("signal(%s, SIG_DFL)", util::sigName(nssigs[i]));
+ PLOG_W("signal(%s, SIG_DFL)", util::sigName(nssigs[i]).c_str());
return false;
}
}
for (auto p = nsjconf->pids.begin(); p != nsjconf->pids.end(); ++p) {
if (p->pid == pid) {
LOG_D("Removing pid '%d' from the queue (IP:'%s', start time:'%s')", p->pid,
- p->remote_txt, util::timeToStr(p->start));
+ p->remote_txt, util::timeToStr(p->start).c_str());
close(p->pid_syscall_fd);
nsjconf->pids.erase(p);
return;
if (WIFSIGNALED(status)) {
LOG_I(
"PID: %d (%s) terminated with signal: %s (%d), (PIDs left: %d)",
- si.si_pid, remote_txt, util::sigName(WTERMSIG(status)),
+ si.si_pid, remote_txt, util::sigName(WTERMSIG(status)).c_str(),
WTERMSIG(status), countProc(nsjconf) - 1);
removeProc(nsjconf, si.si_pid);
rv = 100 + WTERMSIG(status);
flags |= (nsjconf->clone_newcgroup ? CLONE_NEWCGROUP : 0);
if (nsjconf->mode == MODE_STANDALONE_EXECVE) {
- LOG_D("Entering namespace with flags:%s", cloneFlagsToStr(flags));
+ LOG_D("Entering namespace with flags:%s", cloneFlagsToStr(flags).c_str());
if (unshare(flags) == -1) {
- PLOG_E("unshare(%s)", cloneFlagsToStr(flags));
+ PLOG_E("unshare(%s)", cloneFlagsToStr(flags).c_str());
_exit(0xff);
}
subprocNewProc(nsjconf, fd_in, fd_out, fd_err, -1);
}
flags |= SIGCHLD;
- LOG_D("Creating new process with clone flags:%s", cloneFlagsToStr(flags));
+ LOG_D("Creating new process with clone flags:%s", cloneFlagsToStr(flags).c_str());
int sv[2];
if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, sv) == -1) {
"doesn't support CLONE_NEWUSER. Alternatively, you might want to recompile "
"your kernel with support for namespaces or check the setting of the "
"kernel.unprivileged_userns_clone sysctl",
- cloneFlagsToStr(flags));
+ cloneFlagsToStr(flags).c_str());
close(parent_fd);
return;
}
}
if (setjmp(env) == 0) {
- LOG_D("Cloning process with flags:%s", cloneFlagsToStr(flags));
+ LOG_D("Cloning process with flags:%s", cloneFlagsToStr(flags).c_str());
/*
* Avoid the problem of the stack growing up/down under different CPU architectures,
* by using middle of the static stack buffer (which is temporary, and used only
if (WIFSIGNALED(status)) {
int exit_signal = WTERMSIG(status);
LOG_W("PID %d killed by signal: %d (%s)", pid, exit_signal,
- util::sigName(exit_signal));
+ util::sigName(exit_signal).c_str());
return 2;
}
LOG_W("Unknown exit status: %d", status);
#include <time.h>
#include <unistd.h>
+#include <string>
+
#include "logs.h"
#include "macros.h"
return rndX;
}
-const char* sigName(int signo) {
- static __thread char sigstr[32];
- sigstr[0] = '\0';
+const std::string sigName(int signo) {
+ std::string res;
static struct {
const int signo;
for (size_t i = 0; i < ARRAYSIZE(sigNames); i++) {
if (signo == sigNames[i].signo) {
- snprintf(sigstr, sizeof(sigstr), "%s", sigNames[i].name);
- return sigstr;
+ res.append(sigNames[i].name);
+ return res;
}
}
if (signo > SIGRTMIN) {
- snprintf(sigstr, sizeof(sigstr), "SIG%d-RTMIN+%d", signo, signo - SIGRTMIN);
- return sigstr;
+ res.append("SIG");
+ res.append(std::to_string(signo));
+ res.append("-RTMIN+");
+ res.append(std::to_string(signo - SIGRTMIN));
+ return res;
}
- snprintf(sigstr, sizeof(sigstr), "UNKNOWN-%d", signo);
- return sigstr;
+
+ res.append("SIGUNKNOWN(");
+ res.append(std::to_string(signo));
+ res.append(")");
+ return res;
}
-static __thread char timestr[64];
-const char* timeToStr(time_t t) {
+const std::string timeToStr(time_t t) {
+ char timestr[128];
struct tm utctime;
localtime_r(&t, &utctime);
if (strftime(timestr, sizeof(timestr) - 1, "%FT%T%z", &utctime) == 0) {
#include <stdint.h>
#include <stdlib.h>
+#include <string>
+
#include "nsjail.h"
namespace util {
int sSnPrintf(char* str, size_t size, const char* format, ...);
bool isANumber(const char* s);
uint64_t rnd64(void);
-const char* sigName(int signo);
-const char* timeToStr(time_t t);
+const std::string sigName(int signo);
+const std::string timeToStr(time_t t);
} // namespace util
projects / platform / upstream / nsjail.git / commitdiff