From: Robert Swiecki Date: Wed, 18 Oct 2017 12:27:34 +0000 (+0200) Subject: Move struct nsjail_t definition to nsjail.h and leave only macros in common.h X-Git-Tag: 2.1~8 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=58d6b3075c49e1a786074d2eafaeada38bb0a384;p=platform%2Fupstream%2Fnsjail.git Move struct nsjail_t definition to nsjail.h and leave only macros in common.h --- diff --git a/Makefile b/Makefile index df50b5e..1d13e23 100644 --- a/Makefile +++ b/Makefile @@ -96,21 +96,23 @@ indent: # DO NOT DELETE THIS LINE -- make depend depends on it. -nsjail.o: nsjail.h common.h caps.h cmdline.h log.h net.h subproc.h util.h -caps.o: caps.h common.h log.h util.h -cmdline.o: cmdline.h common.h caps.h config.h log.h mount.h user.h util.h -contain.o: contain.h common.h caps.h cgroup.h cpu.h log.h mount.h net.h pid.h -contain.o: user.h util.h uts.h -log.o: log.h common.h -cgroup.o: cgroup.h common.h log.h util.h -mount.o: mount.h common.h log.h subproc.h util.h -net.o: net.h common.h log.h subproc.h -pid.o: pid.h common.h log.h subproc.h -sandbox.o: sandbox.h common.h kafel/include/kafel.h log.h -subproc.o: subproc.h common.h cgroup.h contain.h log.h net.h sandbox.h user.h -subproc.o: util.h -user.o: user.h common.h log.h subproc.h util.h -util.o: util.h common.h log.h -uts.o: uts.h common.h log.h -cpu.o: cpu.h common.h log.h util.h -config.o: common.h caps.h cmdline.h config.h log.h mount.h user.h util.h +nsjail.o: nsjail.h caps.h cmdline.h log.h net.h subproc.h common.h util.h +caps.o: caps.h nsjail.h log.h util.h common.h +cmdline.o: cmdline.h nsjail.h caps.h config.h common.h log.h mount.h user.h +cmdline.o: util.h +contain.o: contain.h nsjail.h caps.h cgroup.h cpu.h log.h mount.h net.h pid.h +contain.o: user.h util.h common.h uts.h +log.o: log.h nsjail.h +cgroup.o: cgroup.h nsjail.h log.h util.h common.h +mount.o: mount.h nsjail.h log.h subproc.h common.h util.h +net.o: net.h nsjail.h log.h subproc.h common.h +pid.o: pid.h nsjail.h log.h subproc.h common.h +sandbox.o: sandbox.h nsjail.h common.h kafel/include/kafel.h log.h +subproc.o: subproc.h common.h nsjail.h cgroup.h contain.h log.h net.h +subproc.o: sandbox.h user.h util.h +user.o: user.h nsjail.h log.h subproc.h common.h util.h +util.o: util.h common.h log.h nsjail.h +uts.o: uts.h nsjail.h log.h +cpu.o: cpu.h nsjail.h log.h util.h common.h +config.o: common.h caps.h nsjail.h cmdline.h config.h log.h mount.h user.h +config.o: util.h diff --git a/caps.h b/caps.h index 6c68687..f2ccf88 100644 --- a/caps.h +++ b/caps.h @@ -22,7 +22,10 @@ #ifndef NS_CAPS_H #define NS_CAPS_H -#include "common.h" +#include +#include + +#include "nsjail.h" int capsNameToVal(const char* name); bool capsInitNs(struct nsjconf_t* nsjconf); diff --git a/cgroup.c b/cgroup.c index 54e9f78..7e502bb 100644 --- a/cgroup.c +++ b/cgroup.c @@ -23,6 +23,7 @@ #include #include +#include #include #include #include diff --git a/cgroup.h b/cgroup.h index 91aba86..c34cd24 100644 --- a/cgroup.h +++ b/cgroup.h @@ -25,7 +25,7 @@ #include #include -#include "common.h" +#include "nsjail.h" bool cgroupInitNsFromParent(struct nsjconf_t* nsjconf, pid_t pid); bool cgroupInitNs(void); diff --git a/cmdline.h b/cmdline.h index cf4d137..d107d1f 100644 --- a/cmdline.h +++ b/cmdline.h @@ -22,10 +22,12 @@ #ifndef NS_CMDLINE_H #define NS_CMDLINE_H +#include +#include #include #include -#include "common.h" +#include "nsjail.h" __rlim64_t cmdlineParseRLimit(int res, const char* optarg, unsigned long mul); void cmdlineLogParams(struct nsjconf_t* nsjconf); diff --git a/common.h b/common.h index 26222f8..fee22fb 100644 --- a/common.h +++ b/common.h @@ -1,6 +1,6 @@ /* - nsjail - common structures + nsjail - common macros ----------------------------------------- Copyright 2014 Google Inc. All Rights Reserved. @@ -22,15 +22,6 @@ #ifndef NS_COMMON_H #define NS_COMMON_H -#include -#include -#include -#include -#include -#include -#include -#include - #define ARRAYSIZE(array) (sizeof(array) / sizeof(*array)) #define UNUSED __attribute__((unused)) @@ -65,140 +56,4 @@ static void __attribute__ ((unused)) __clang_cleanup_func(void (^*dfunc) (void)) x, #x \ } -struct pids_t { - pid_t pid; - time_t start; - char remote_txt[64]; - struct sockaddr_in6 remote_addr; - int pid_syscall_fd; - TAILQ_ENTRY(pids_t) - pointers; -}; - -struct mounts_t { - const char* src; - const uint8_t* src_content; - size_t src_content_len; - const char* dst; - const char* fs_type; - const char* options; - uintptr_t flags; - bool isDir; - bool isSymlink; - bool mandatory; - bool mounted; - TAILQ_ENTRY(mounts_t) - pointers; -}; - -struct idmap_t { - uid_t inside_id; - uid_t outside_id; - size_t count; - bool is_newidmap; - TAILQ_ENTRY(idmap_t) - pointers; -}; - -struct ints_t { - int val; - TAILQ_ENTRY(ints_t) - pointers; -}; - -enum ns_mode_t { - MODE_LISTEN_TCP = 0, - MODE_STANDALONE_ONCE, - MODE_STANDALONE_EXECVE, - MODE_STANDALONE_RERUN -}; - -struct charptr_t { - const char* val; - TAILQ_ENTRY(charptr_t) - pointers; -}; - -enum llevel_t { - DEBUG = 0, - INFO, - WARNING, - ERROR, - FATAL, - HELP, - HELP_BOLD, -}; - -struct nsjconf_t { - const char* exec_file; - const char* hostname; - const char* cwd; - const char** argv; - int port; - const char* bindhost; - int log_fd; - const char* logfile; - enum llevel_t loglevel; - bool daemonize; - time_t tlimit; - size_t max_cpus; - bool keep_env; - bool keep_caps; - bool disable_no_new_privs; - __rlim64_t rl_as; - __rlim64_t rl_core; - __rlim64_t rl_cpu; - __rlim64_t rl_fsize; - __rlim64_t rl_nofile; - __rlim64_t rl_nproc; - __rlim64_t rl_stack; - unsigned long personality; - bool clone_newnet; - bool clone_newuser; - bool clone_newns; - bool clone_newpid; - bool clone_newipc; - bool clone_newuts; - bool clone_newcgroup; - enum ns_mode_t mode; - const char* chroot; - bool is_root_rw; - bool is_silent; - bool skip_setsid; - unsigned int max_conns_per_ip; - size_t tmpfs_size; - bool mount_proc; - const char* proc_path; - bool is_proc_rw; - bool iface_no_lo; - const char* iface_vs; - const char* iface_vs_ip; - const char* iface_vs_nm; - const char* iface_vs_gw; - const char* cgroup_mem_mount; - const char* cgroup_mem_parent; - size_t cgroup_mem_max; - const char* cgroup_pids_mount; - const char* cgroup_pids_parent; - size_t cgroup_pids_max; - FILE* kafel_file; - char* kafel_string; - uid_t orig_euid; - long num_cpus; - TAILQ_HEAD(udmaplist, idmap_t) - uids; - TAILQ_HEAD(gdmaplist, idmap_t) - gids; - TAILQ_HEAD(envlist, charptr_t) - envs; - TAILQ_HEAD(pidslist, pids_t) - pids; - TAILQ_HEAD(mountptslist, mounts_t) - mountpts; - TAILQ_HEAD(fdslistt, ints_t) - open_fds; - TAILQ_HEAD(capslistt, ints_t) - caps; -}; - #endif /* NS_COMMON_H */ diff --git a/contain.h b/contain.h index 4a15256..71057e7 100644 --- a/contain.h +++ b/contain.h @@ -24,7 +24,7 @@ #include -#include "common.h" +#include "nsjail.h" bool containSetupFD(struct nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err); bool containContain(struct nsjconf_t* nsjconf); diff --git a/cpu.h b/cpu.h index e58cd03..d4b71e5 100644 --- a/cpu.h +++ b/cpu.h @@ -23,9 +23,8 @@ #define NS_CPU_H #include -#include -#include "common.h" +#include "nsjail.h" bool cpuInit(struct nsjconf_t* nsjconf); diff --git a/log.c b/log.c index 569952a..b307d9c 100644 --- a/log.c +++ b/log.c @@ -18,6 +18,7 @@ limitations under the License. */ + #include "log.h" #include @@ -34,6 +35,8 @@ #include #include +#include "nsjail.h" + static int log_fd = STDERR_FILENO; static bool log_fd_isatty = true; static enum llevel_t log_level = INFO; diff --git a/log.h b/log.h index ea459a0..2d4fbc8 100644 --- a/log.h +++ b/log.h @@ -25,7 +25,7 @@ #include #include -#include "common.h" +#include "nsjail.h" #define LOG_HELP(...) logLog(HELP, __func__, __LINE__, false, __VA_ARGS__); #define LOG_HELP_BOLD(...) logLog(HELP_BOLD, __func__, __LINE__, false, __VA_ARGS__); diff --git a/mount.c b/mount.c index 90df190..98c3cd5 100644 --- a/mount.c +++ b/mount.c @@ -23,6 +23,7 @@ #include #include +#include #include #include #include diff --git a/mount.h b/mount.h index 71be2d0..c68a118 100644 --- a/mount.h +++ b/mount.h @@ -23,8 +23,9 @@ #define NS_MOUNT_H #include +#include -#include "common.h" +#include "nsjail.h" typedef enum { NS_DIR_NO = 0, diff --git a/net.h b/net.h index 5cd6ab2..57d9c25 100644 --- a/net.h +++ b/net.h @@ -25,7 +25,7 @@ #include #include -#include "common.h" +#include "nsjail.h" bool netLimitConns(struct nsjconf_t* nsjconf, int connsock); int netGetRecvSocket(const char* bindhost, int port); diff --git a/nsjail.h b/nsjail.h index 7194b93..d5f894f 100644 --- a/nsjail.h +++ b/nsjail.h @@ -23,7 +23,13 @@ #ifndef NS_NSJAIL_H #define NS_NSJAIL_H +#include #include +#include +#include +#include +#include +#include static const int nssigs[] = { SIGINT, @@ -33,4 +39,140 @@ static const int nssigs[] = { SIGTERM, }; +struct pids_t { + pid_t pid; + time_t start; + char remote_txt[64]; + struct sockaddr_in6 remote_addr; + int pid_syscall_fd; + TAILQ_ENTRY(pids_t) + pointers; +}; + +struct mounts_t { + const char* src; + const uint8_t* src_content; + size_t src_content_len; + const char* dst; + const char* fs_type; + const char* options; + uintptr_t flags; + bool isDir; + bool isSymlink; + bool mandatory; + bool mounted; + TAILQ_ENTRY(mounts_t) + pointers; +}; + +struct idmap_t { + uid_t inside_id; + uid_t outside_id; + size_t count; + bool is_newidmap; + TAILQ_ENTRY(idmap_t) + pointers; +}; + +struct ints_t { + int val; + TAILQ_ENTRY(ints_t) + pointers; +}; + +enum ns_mode_t { + MODE_LISTEN_TCP = 0, + MODE_STANDALONE_ONCE, + MODE_STANDALONE_EXECVE, + MODE_STANDALONE_RERUN +}; + +struct charptr_t { + const char* val; + TAILQ_ENTRY(charptr_t) + pointers; +}; + +enum llevel_t { + DEBUG = 0, + INFO, + WARNING, + ERROR, + FATAL, + HELP, + HELP_BOLD, +}; + +struct nsjconf_t { + const char* exec_file; + const char* hostname; + const char* cwd; + const char** argv; + int port; + const char* bindhost; + int log_fd; + const char* logfile; + enum llevel_t loglevel; + bool daemonize; + time_t tlimit; + size_t max_cpus; + bool keep_env; + bool keep_caps; + bool disable_no_new_privs; + __rlim64_t rl_as; + __rlim64_t rl_core; + __rlim64_t rl_cpu; + __rlim64_t rl_fsize; + __rlim64_t rl_nofile; + __rlim64_t rl_nproc; + __rlim64_t rl_stack; + unsigned long personality; + bool clone_newnet; + bool clone_newuser; + bool clone_newns; + bool clone_newpid; + bool clone_newipc; + bool clone_newuts; + bool clone_newcgroup; + enum ns_mode_t mode; + const char* chroot; + bool is_root_rw; + bool is_silent; + bool skip_setsid; + unsigned int max_conns_per_ip; + size_t tmpfs_size; + bool mount_proc; + const char* proc_path; + bool is_proc_rw; + bool iface_no_lo; + const char* iface_vs; + const char* iface_vs_ip; + const char* iface_vs_nm; + const char* iface_vs_gw; + const char* cgroup_mem_mount; + const char* cgroup_mem_parent; + size_t cgroup_mem_max; + const char* cgroup_pids_mount; + const char* cgroup_pids_parent; + size_t cgroup_pids_max; + FILE* kafel_file; + char* kafel_string; + uid_t orig_euid; + long num_cpus; + TAILQ_HEAD(udmaplist, idmap_t) + uids; + TAILQ_HEAD(gdmaplist, idmap_t) + gids; + TAILQ_HEAD(envlist, charptr_t) + envs; + TAILQ_HEAD(pidslist, pids_t) + pids; + TAILQ_HEAD(mountptslist, mounts_t) + mountpts; + TAILQ_HEAD(fdslistt, ints_t) + open_fds; + TAILQ_HEAD(capslistt, ints_t) + caps; +}; + #endif /* _NSJAIL_H */ diff --git a/pid.h b/pid.h index b8e30eb..121ebab 100644 --- a/pid.h +++ b/pid.h @@ -24,7 +24,7 @@ #include -#include "common.h" +#include "nsjail.h" bool pidInitNs(struct nsjconf_t* nsjconf); diff --git a/sandbox.h b/sandbox.h index e32b8d5..ebaf83b 100644 --- a/sandbox.h +++ b/sandbox.h @@ -24,7 +24,7 @@ #include -#include "common.h" +#include "nsjail.h" bool sandboxApply(struct nsjconf_t* nsjconf); diff --git a/subproc.c b/subproc.c index a816505..3067641 100644 --- a/subproc.c +++ b/subproc.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include diff --git a/user.c b/user.c index 1dd742c..5075c92 100644 --- a/user.c +++ b/user.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include diff --git a/user.h b/user.h index f02b65b..e2a768e 100644 --- a/user.h +++ b/user.h @@ -24,7 +24,7 @@ #include -#include "common.h" +#include "nsjail.h" bool userInitNsFromParent(struct nsjconf_t* nsjconf, pid_t pid); bool userInitNsFromChild(struct nsjconf_t* nsjconf); diff --git a/util.c b/util.c index 610e402..da3b518 100644 --- a/util.c +++ b/util.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include diff --git a/uts.h b/uts.h index 9eca8b2..636118b 100644 --- a/uts.h +++ b/uts.h @@ -23,9 +23,8 @@ #define NS_UTS_H #include -#include -#include "common.h" +#include "nsjail.h" bool utsInitNs(struct nsjconf_t* nsjconf);