StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Rename GetCloneFlags

Browse Source 
PiperOrigin-RevId: 553448623
Change-Id: Ia49b16dd4b8795ba95bab8a8ea0c7ffc50bba628
This commit is contained in:
Wiktor Garbacz 2023-08-03 05:41:58 -07:00 committed by Copybara-Service
parent 8fbe21ce0e
commit fc8a2340c7
4 changed files with 10 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sandboxed_api/sandbox2/executor.cc
View File

@ -143,7 +143,7 @@ absl::StatusOr<SandboxeeProcess> Executor::StartSubProcess(int32_t clone_flags,
}
if (ns) {
clone_flags |= ns->GetCloneFlags();
clone_flags |= ns->clone_flags();
*request.mutable_mount_tree() = ns->mounts().GetMountTree();
request.set_hostname(ns->hostname());
request.set_allow_mount_propagation(ns->allow_mount_propagation());

2
sandboxed_api/sandbox2/monitor_base.cc
View File

@ -194,7 +194,7 @@ void MonitorBase::Launch() {
}
// Get PID of the sandboxee.
bool should_have_init = ns && (ns->GetCloneFlags() & CLONE_NEWPID);
bool should_have_init = ns && (ns->clone_flags() & CLONE_NEWPID);
absl::StatusOr<SandboxeeProcess> process =
executor_->StartSubProcess(clone_flags, ns, type_);

10
sandboxed_api/sandbox2/namespace.cc
View File

@ -195,18 +195,14 @@ void LogFilesystem(const std::string& dir) {
Namespace::Namespace(bool allow_unrestricted_networking, Mounts mounts,
std::string hostname, bool allow_mount_propagation)
: clone_flags_(CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWPID |
CLONE_NEWIPC),
mounts_(std::move(mounts)),
: mounts_(std::move(mounts)),
hostname_(std::move(hostname)),
allow_mount_propagation_(allow_mount_propagation) {
if (!allow_unrestricted_networking) {
clone_flags_ |= CLONE_NEWNET;
if (allow_unrestricted_networking) {
clone_flags_ &= ~CLONE_NEWNET;
}
}
int32_t Namespace::GetCloneFlags() const { return clone_flags_; }
void Namespace::InitializeNamespaces(uid_t uid, gid_t gid, int32_t clone_flags,
const Mounts& mounts,
const std::string& hostname,

10
sandboxed_api/sandbox2/namespace.h
View File

@ -45,12 +45,11 @@ class Namespace final {
Namespace(bool allow_unrestricted_networking, Mounts mounts,
std::string hostname, bool allow_mount_propagation);
// Returns all needed CLONE_NEW* flags.
int32_t GetCloneFlags() const;
// Stores information about this namespace in the protobuf structure.
void GetNamespaceDescription(NamespaceDescription* pb_description);
int32_t clone_flags() const { return clone_flags_; }
Mounts& mounts() { return mounts_; }
const Mounts& mounts() const { return mounts_; }
@ -59,10 +58,11 @@ class Namespace final {
bool allow_mount_propagation() const { return allow_mount_propagation_; }
private:
int32_t clone_flags_;
int32_t clone_flags_ = CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWUTS |
CLONE_NEWPID | CLONE_NEWIPC | CLONE_NEWNET;
Mounts mounts_;
std::string hostname_;
bool allow_mount_propagation_;
bool allow_mount_propagation_ = false;
};
} // namespace sandbox2