From: Robert Swiecki Date: Mon, 29 Feb 2016 14:36:31 +0000 (+0100) Subject: Default values for 'vs' interface X-Git-Tag: 1.1~21 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=4cb1c01938d76a8827a33cea2e33a86cf1da64f0;p=platform%2Fupstream%2Fnsjail.git Default values for 'vs' interface --- diff --git a/cmdline.c b/cmdline.c index d4b4735..1b718b5 100644 --- a/cmdline.c +++ b/cmdline.c @@ -282,12 +282,11 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf) .max_conns_per_ip = 0, .tmpfs_size = 4 * (1024 * 1024), .mount_proc = true, - .iface = NULL, .iface_no_lo = false, - .iface_vs_ip = "0.0.0.0", - .iface_vs_nm = "255.255.255.255", + .iface = NULL, + .iface_vs_ip = "192.168.255.2", + .iface_vs_nm = "255.255.255.0", .iface_vs_gw = "0.0.0.0", - .sbinip_fd = -1, }; /* *INDENT-OFF* */ @@ -351,8 +350,8 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf) {{"tmpfsmount", required_argument, NULL, 'T'}, "List of mountpoints to be mounted as RW/tmpfs inside the container. Can be specified multiple times. Supports 'dest' syntax"}, {{"tmpfs_size", required_argument, NULL, 0x0602}, "Number of bytes to allocate for tmpfsmounts (default: 4194304)"}, {{"disable_proc", no_argument, NULL, 0x0603}, "Disable mounting /proc in the jail"}, - {{"iface", required_argument, NULL, 'I'}, "Interface which will be cloned (MACVTAP) and put inside the subprocess' namespace as 'vs'"}, {{"iface_no_lo", no_argument, NULL, 0x700}, "Don't Bring up the 'lo' interface"}, + {{"iface", required_argument, NULL, 'I'}, "Interface which will be cloned (MACVTAP) and put inside the subprocess' namespace as 'vs'"}, {{"iface_vs_ip", required_argument, NULL, 0x701}, "IP of the 'vs' interface"}, {{"iface_vs_nm", required_argument, NULL, 0x702}, "Netmask of the 'vs' interface"}, {{"iface_vs_gw", required_argument, NULL, 0x703}, "Default GW for the 'vs' interface"}, @@ -560,12 +559,12 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf) break; } break; - case 'I': - nsjconf->iface = optarg; - break; case 0x700: nsjconf->iface_no_lo = true; break; + case 'I': + nsjconf->iface = optarg; + break; case 0x701: nsjconf->iface_vs_ip = optarg; break; @@ -622,9 +621,5 @@ bool cmdlineParse(int argc, char *argv[], struct nsjconf_t * nsjconf) return false; } - if ((nsjconf->sbinip_fd = open("/sbin/ip", O_RDONLY)) == -1) { - PLOG_E("No /sbin/ip on your system. Networking support is limited"); - } - return true; } diff --git a/common.h b/common.h index 2be3814..0f3eb88 100644 --- a/common.h +++ b/common.h @@ -98,12 +98,11 @@ struct nsjconf_t { unsigned int max_conns_per_ip; size_t tmpfs_size; bool mount_proc; - char *iface; bool iface_no_lo; + const char *iface; const char *iface_vs_ip; const char *iface_vs_nm; const char *iface_vs_gw; - int sbinip_fd; TAILQ_HEAD(envlist, charptr_t) envs; TAILQ_HEAD(pidslist, pids_t) pids; TAILQ_HEAD(mountptslist, mounts_t) mountpts; diff --git a/net.c b/net.c index 8e5b1ee..b2406df 100644 --- a/net.c +++ b/net.c @@ -56,8 +56,8 @@ static bool netSystemSbinIp(struct nsjconf_t *nsjconf, char *const *argv) return false; } if (pid == 0) { - fexecve(nsjconf->sbinip_fd, argv, environ); - PLOG_E("fexecve('fd=%d')", nsjconf->sbinip_fd); + execve("/sbin/ip", argv, environ); + PLOG_E("execve('/sbin/ip'"); _exit(1); } @@ -97,7 +97,7 @@ bool netCloneMacVtapAndNS(struct nsjconf_t *nsjconf, int pid) snprintf(iface, sizeof(iface), "NS.TAP.%d", pid); char *const argv_add[] = - { "ip", "link", "add", "link", nsjconf->iface, iface, "type", "macvtap", NULL }; + { "ip", "link", "add", "link", (char *)nsjconf->iface, iface, "type", "macvtap", NULL }; if (netSystemSbinIp(nsjconf, argv_add) == false) { LOG_E("Couldn't create MACVTAP interface for '%s'", nsjconf->iface); return false; @@ -342,6 +342,12 @@ bool netConfigureVs(struct nsjconf_t * nsjconf) return false; } + if (addr.s_addr == INADDR_ANY) { + LOG_I("Gateway address for '%s' is 0.0.0.0. Not adding the default route", + IFACE_NAME); + return true; + } + struct rtentry rt; memset(&rt, '\0', sizeof(rt));