LOG_I(
"Jail parameters: hostname:'%s', chroot:'%s', process:'%s', bind:[%s]:%d, "
- "max_conns_per_ip:%u, time_limit:%" PRId64 " , personality:%#lx, daemonize:%s, clone_newnet:%s, "
+ "max_conns_per_ip:%u, time_limit:%" PRId64
+ " , personality:%#lx, daemonize:%s, clone_newnet:%s, "
"clone_newuser:%s, clone_newns:%s, clone_newpid:%s, clone_newipc:%s, clonew_newuts:%s, "
"clone_newcgroup:%s, keep_caps:%s, disable_no_new_privs:%s, max_cpus:%zu",
nsjconf->hostname.c_str(), nsjconf->chroot.c_str(),
static int listenMode(nsjconf_t* nsjconf) {
int listenfd = net::getRecvSocket(nsjconf->bindhost.c_str(), nsjconf->port);
if (listenfd == -1) {
- return 0;
+ return EXIT_FAILURE;
}
for (;;) {
if (sigFatal > 0) {
subproc::killAll(nsjconf);
logs::logStop(sigFatal);
close(listenfd);
- return 0;
+ return EXIT_SUCCESS;
}
if (showProc) {
showProc = false;
if (sigFatal > 0) {
subproc::killAll(nsjconf);
logs::logStop(sigFatal);
- return -1;
+ return (128 + sigFatal);
}
pause();
for (const auto& pid : nsjconf->pids) {
time_t diff = now - pid.start;
uint64_t left = nsjconf->tlimit ? nsjconf->tlimit - (uint64_t)diff : 0;
- LOG_I("PID: %d, Remote host: %s, Run time: %ld sec. (time left: %" PRId64 " sec.)", pid.pid,
- pid.remote_txt.c_str(), (long)diff, left);
+ LOG_I("PID: %d, Remote host: %s, Run time: %ld sec. (time left: %" PRId64 " sec.)",
+ pid.pid, pid.remote_txt.c_str(), (long)diff, left);
}
}
pid_t pid = p.pid;
time_t diff = now - p.start;
if ((uint64_t)diff >= nsjconf->tlimit) {
- LOG_I("PID: %d run time >= time limit (%ld >= %" PRId64 ") (%s). Killing it", pid,
- (long)diff, (long)nsjconf->tlimit, p.remote_txt.c_str());
+ LOG_I("PID: %d run time >= time limit (%ld >= %" PRId64
+ ") (%s). Killing it",
+ pid, (long)diff, (long)nsjconf->tlimit, p.remote_txt.c_str());
/*
* Probably a kernel bug - some processes cannot be killed with KILL if
* they're namespaced, and in a stopped state
projects / platform / upstream / nsjail.git / commitdiff