Rename GetCloneFlags

PiperOrigin-RevId: 553448623
Change-Id: Ia49b16dd4b8795ba95bab8a8ea0c7ffc50bba628

sandboxed_api/sandbox2/executor.cc

@@ -143,7 +143,7 @@ absl::StatusOr<SandboxeeProcess> Executor::StartSubProcess(int32_t clone_flags,
   }
 
   if (ns) {
-    clone_flags |= ns->GetCloneFlags();
+    clone_flags |= ns->clone_flags();
     *request.mutable_mount_tree() = ns->mounts().GetMountTree();
     request.set_hostname(ns->hostname());
     request.set_allow_mount_propagation(ns->allow_mount_propagation());

sandboxed_api/sandbox2/monitor_base.cc

@@ -194,7 +194,7 @@ void MonitorBase::Launch() {
   }
 
   // Get PID of the sandboxee.
-  bool should_have_init = ns && (ns->GetCloneFlags() & CLONE_NEWPID);
+  bool should_have_init = ns && (ns->clone_flags() & CLONE_NEWPID);
   absl::StatusOr<SandboxeeProcess> process =
       executor_->StartSubProcess(clone_flags, ns, type_);
 

sandboxed_api/sandbox2/namespace.cc

@@ -195,18 +195,14 @@ void LogFilesystem(const std::string& dir) {
 
 Namespace::Namespace(bool allow_unrestricted_networking, Mounts mounts,
                      std::string hostname, bool allow_mount_propagation)
-    : clone_flags_(CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWPID |
+    : mounts_(std::move(mounts)),
-                   CLONE_NEWIPC),
-      mounts_(std::move(mounts)),
       hostname_(std::move(hostname)),
       allow_mount_propagation_(allow_mount_propagation) {
-  if (!allow_unrestricted_networking) {
+  if (allow_unrestricted_networking) {
-    clone_flags_ |= CLONE_NEWNET;
+    clone_flags_ &= ~CLONE_NEWNET;
   }
 }
 
-int32_t Namespace::GetCloneFlags() const { return clone_flags_; }
-
 void Namespace::InitializeNamespaces(uid_t uid, gid_t gid, int32_t clone_flags,
                                      const Mounts& mounts,
                                      const std::string& hostname,

sandboxed_api/sandbox2/namespace.h

@@ -45,12 +45,11 @@ class Namespace final {
   Namespace(bool allow_unrestricted_networking, Mounts mounts,
             std::string hostname, bool allow_mount_propagation);
 
-  // Returns all needed CLONE_NEW* flags.
-  int32_t GetCloneFlags() const;
-
   // Stores information about this namespace in the protobuf structure.
   void GetNamespaceDescription(NamespaceDescription* pb_description);
 
+  int32_t clone_flags() const { return clone_flags_; }
+
   Mounts& mounts() { return mounts_; }
   const Mounts& mounts() const { return mounts_; }
 
@@ -59,10 +58,11 @@ class Namespace final {
   bool allow_mount_propagation() const { return allow_mount_propagation_; }
 
  private:
-  int32_t clone_flags_;
+  int32_t clone_flags_ = CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWUTS |
+                         CLONE_NEWPID | CLONE_NEWIPC | CLONE_NEWNET;
   Mounts mounts_;
   std::string hostname_;
-  bool allow_mount_propagation_;
+  bool allow_mount_propagation_ = false;
 };
 
 }  // namespace sandbox2