From: Robert Swiecki Date: Fri, 9 Feb 2018 21:35:33 +0000 (+0100) Subject: nsjail: convert caps from queue to vector X-Git-Tag: 2.5~52 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d1d310e70f0f7d0fbcc5f44b98e531ac788aae89;p=platform%2Fupstream%2Fnsjail.git nsjail: convert caps from queue to vector --- diff --git a/caps.cc b/caps.cc index 0dd7460..a0bdaa8 100644 --- a/caps.cc +++ b/caps.cc @@ -224,13 +224,13 @@ bool initNs(struct nsjconf_t* nsjconf) { /* Set all requested caps in the inheritable set if these are present in the permitted set */ dbgmsg[0] = '\0'; - TAILQ_FOREACH(p, &nsjconf->caps, pointers) { - if (getPermitted(cap_data, p->val) == false) { - LOG_W("Capability %s is not permitted in the namespace", valToStr(p->val)); + for (const auto& cap : nsjconf->caps) { + if (getPermitted(cap_data, cap) == false) { + LOG_W("Capability %s is not permitted in the namespace", valToStr(cap)); return false; } - util::sSnPrintf(dbgmsg, sizeof(dbgmsg), " %s", valToStr(p->val)); - setInheritable(cap_data, p->val); + util::sSnPrintf(dbgmsg, sizeof(dbgmsg), " %s", valToStr(cap)); + setInheritable(cap_data, cap); } LOG_D("Adding the following capabilities to the inheritable set:%s", dbgmsg); @@ -260,12 +260,12 @@ bool initNs(struct nsjconf_t* nsjconf) { /* Make sure inheritable set is preserved across execve via the modified ambient set */ dbgmsg[0] = '\0'; - TAILQ_FOREACH(p, &nsjconf->caps, pointers) { - if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, (unsigned long)p->val, 0UL, 0UL) == + for (const auto& cap : nsjconf->caps) { + if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, (unsigned long)cap, 0UL, 0UL) == -1) { - PLOG_W("prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, %s)", valToStr(p->val)); + PLOG_W("prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, %s)", valToStr(cap)); } else { - util::sSnPrintf(dbgmsg, sizeof(dbgmsg), " %s", valToStr(p->val)); + util::sSnPrintf(dbgmsg, sizeof(dbgmsg), " %s", valToStr(cap)); } } LOG_D("Added the following capabilities to the ambient set:%s", dbgmsg); diff --git a/cmdline.cc b/cmdline.cc index 2f5b74f..91bb87e 100644 --- a/cmdline.cc +++ b/cmdline.cc @@ -392,7 +392,6 @@ std::unique_ptr parseArgs(int argc, char* argv[]) { TAILQ_INIT(&nsjconf->envs); TAILQ_INIT(&nsjconf->uids); TAILQ_INIT(&nsjconf->gids); - TAILQ_INIT(&nsjconf->caps); static char cmdlineTmpfsSz[PATH_MAX] = "size=4194304"; @@ -580,13 +579,11 @@ std::unique_ptr parseArgs(int argc, char* argv[]) { nsjconf->max_cpus = strtoul(optarg, NULL, 0); break; case 0x0509: { - struct ints_t* f = - reinterpret_cast(util::memAlloc(sizeof(struct ints_t))); - f->val = caps::nameToVal(optarg); - if (f->val == -1) { + int cap = caps::nameToVal(optarg); + if (cap == -1) { return nullptr; } - TAILQ_INSERT_HEAD(&nsjconf->caps, f, pointers); + nsjconf->caps.push_back(cap); } break; case 0x0601: nsjconf->is_root_rw = true; diff --git a/config.cc b/config.cc index 13afbbb..87dbc1c 100644 --- a/config.cc +++ b/config.cc @@ -139,11 +139,11 @@ static bool configParseInternal(struct nsjconf_t* nsjconf, const nsjail::NsJailC for (ssize_t i = 0; i < njc.cap_size(); i++) { struct ints_t* f = reinterpret_cast(util::memAlloc(sizeof(struct ints_t))); - f->val = caps::nameToVal(njc.cap(i).c_str()); - if (f->val == -1) { + int cap = caps::nameToVal(njc.cap(i).c_str()); + if (cap == -1) { return false; } - TAILQ_INSERT_HEAD(&nsjconf->caps, f, pointers); + nsjconf->caps.push_back(cap); } nsjconf->is_silent = njc.silent(); diff --git a/nsjail.h b/nsjail.h index 2b7161d..7412136 100644 --- a/nsjail.h +++ b/nsjail.h @@ -33,6 +33,8 @@ #include #include +#include + #if !defined(TEMP_FAILURE_RETRY) #define TEMP_FAILURE_RETRY(expression) \ (__extension__({ \ @@ -194,8 +196,7 @@ struct nsjconf_t { mountpts; TAILQ_HEAD(fdslistt, ints_t) open_fds; - TAILQ_HEAD(capslistt, ints_t) - caps; + std::vector caps; }; #endif /* _NSJAIL_H */