Skip to content

Commit

Permalink
Convert process-wrapper to C++.
Browse files Browse the repository at this point in the history 
No functional changes.

Change-Id: Ia87c19b70dd1ff8fa7465ad90c499cf351b9687b
PiperOrigin-RevId: 156188343
  • Loading branch information
@philwo @dslomov
philwo authored and dslomov committed May 17, 2017
1 parent 734d9e5 commit ef32c6a
Show file tree
Hide file tree
Showing 10 changed files with 192 additions and 158 deletions.
20 changes: 14 additions & 6 deletions src/main/tools/BUILD
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,28 @@
package(default_visibility = ["//src:__subpackages__"])

cc_library(
name = "process-tools",
srcs = [
"process-tools.cc",
"process-tools.h",
],
)

cc_binary(
name = "process-wrapper",
srcs = select({
"//src:windows_msvc": ["process-wrapper-windows.cc"],
"//conditions:default": [
"process-tools.c",
"process-tools.h",
"process-wrapper.c",
"process-wrapper.cc",
],
}),
copts = select({
linkopts = ["-lm"],
deps = select({
"//src:windows_msvc": [],
"//conditions:default": ["-std=c99"],
"//conditions:default": [
":process-tools",
],
}),
linkopts = ["-lm"],
)

cc_binary(
Expand Down
6 changes: 3 additions & 3 deletions src/main/tools/build-runfiles.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,7 +241,7 @@ class RunfilesCreator {

errno = 0;
const std::string prefix = (path == "." ? "" : path + "/");
while ((entry = readdir(dh)) != NULL) {
while ((entry = readdir(dh)) != nullptr) {
if (!strcmp(entry->d_name, ".") || !strcmp(entry->d_name, "..")) continue;

std::string entry_path = prefix + entry->d_name;
Expand Down Expand Up @@ -383,7 +383,7 @@ class RunfilesCreator {
PDIE("opendir '%s'", path.c_str());
}
errno = 0;
while ((entry = readdir(dh)) != NULL) {
while ((entry = readdir(dh)) != nullptr) {
if (!strcmp(entry->d_name, ".") || !strcmp(entry->d_name, "..")) continue;
const std::string entry_path = path + '/' + entry->d_name;
FileType entry_file_type = DentryToFileType(entry_path, entry->d_type);
Expand Down Expand Up @@ -441,7 +441,7 @@ int main(int argc, char **argv) {
std::string manifest_file = input_filename;
if (input_filename[0] != '/') {
char cwd_buf[PATH_MAX];
if (getcwd(cwd_buf, sizeof(cwd_buf)) == NULL) {
if (getcwd(cwd_buf, sizeof(cwd_buf)) == nullptr) {
PDIE("getcwd failed");
}
manifest_file = std::string(cwd_buf) + '/' + manifest_file;
Expand Down
12 changes: 6 additions & 6 deletions src/main/tools/linux-sandbox-options.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,16 @@
// See the License for the specific language governing permissions and
// limitations under the License.

#include "linux-sandbox-options.h"
#include "linux-sandbox-utils.h"

#define DIE(args...) \
{ \
fprintf(stderr, __FILE__ ":" S__LINE__ ": \"" args); \
fprintf(stderr, "\": "); \
perror(NULL); \
perror(nullptr); \
exit(EXIT_FAILURE); \
}

#include "src/main/tools/linux-sandbox-options.h"

#include <errno.h>
#include <sched.h>
#include <stdarg.h>
Expand All @@ -32,13 +31,14 @@
#include <string.h>
#include <sys/wait.h>
#include <unistd.h>

#include <fstream>
#include <iostream>
#include <memory>
#include <string>
#include <vector>

#include "src/main/tools/linux-sandbox-utils.h"

using std::ifstream;
using std::unique_ptr;
using std::vector;
Expand Down Expand Up @@ -260,6 +260,6 @@ void ParseOptions(int argc, char *argv[]) {
}

if (opt.working_dir.empty()) {
opt.working_dir = getcwd(NULL, 0);
opt.working_dir = getcwd(nullptr, 0);
}
}
1 change: 0 additions & 1 deletion src/main/tools/linux-sandbox-options.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@

#include <stdbool.h>
#include <stddef.h>

#include <string>
#include <vector>

Expand Down
64 changes: 33 additions & 31 deletions src/main/tools/linux-sandbox-pid1.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,9 @@
* mount, UTS, IPC and PID namespace.
*/

#include "linux-sandbox-options.h"
#include "linux-sandbox-utils.h"
#include "linux-sandbox.h"
#include "src/main/tools/linux-sandbox-options.h"
#include "src/main/tools/linux-sandbox-utils.h"
#include "src/main/tools/linux-sandbox.h"

// Note that we define DIE() here and not in a shared header, because we want to
// use _exit() in the
Expand All @@ -28,7 +28,7 @@
{ \
fprintf(stderr, __FILE__ ":" S__LINE__ ": \"" args); \
fprintf(stderr, "\": "); \
perror(NULL); \
perror(nullptr); \
_exit(EXIT_FAILURE); \
}

Expand Down Expand Up @@ -84,14 +84,14 @@ static void SetupSelfDestruction(int *sync_pipe) {
static void SetupMountNamespace() {
// Fully isolate our mount namespace private from outside events, so that
// mounts in the outside environment do not affect our sandbox.
if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL) < 0) {
if (mount(nullptr, "/", nullptr, MS_REC | MS_PRIVATE, nullptr) < 0) {
DIE("mount");
}
}

static void WriteFile(const std::string &filename, const char *fmt, ...) {
FILE *stream = fopen(filename.c_str(), "w");
if (stream == NULL) {
if (stream == nullptr) {
DIE("fopen(%s)", filename.c_str());
}

Expand Down Expand Up @@ -130,7 +130,7 @@ static void SetupUserNamespace() {
} else if (opt.fake_username) {
// Change our username to 'nobody'.
struct passwd *pwd = getpwnam("nobody");
if (pwd == NULL) {
if (pwd == nullptr) {
DIE("unable to find passwd entry for user nobody")
}

Expand Down Expand Up @@ -160,8 +160,8 @@ static void MountFilesystems() {
for (const std::string &tmpfs_dir : opt.tmpfs_dirs) {
PRINT_DEBUG("tmpfs: %s", tmpfs_dir.c_str());
if (mount("tmpfs", tmpfs_dir.c_str(), "tmpfs",
MS_NOSUID | MS_NODEV | MS_NOATIME, NULL) < 0) {
DIE("mount(tmpfs, %s, tmpfs, MS_NOSUID | MS_NODEV | MS_NOATIME, NULL)",
MS_NOSUID | MS_NODEV | MS_NOATIME, nullptr) < 0) {
DIE("mount(tmpfs, %s, tmpfs, MS_NOSUID | MS_NODEV | MS_NOATIME, nullptr)",
tmpfs_dir.c_str());
}
}
Expand All @@ -170,26 +170,27 @@ static void MountFilesystems() {
// do this is by bind-mounting it upon itself.
PRINT_DEBUG("working dir: %s", opt.working_dir.c_str());

if (mount(opt.working_dir.c_str(), opt.working_dir.c_str(), NULL, MS_BIND,
NULL) < 0) {
DIE("mount(%s, %s, NULL, MS_BIND, NULL)", opt.working_dir.c_str(),
if (mount(opt.working_dir.c_str(), opt.working_dir.c_str(), nullptr, MS_BIND,
nullptr) < 0) {
DIE("mount(%s, %s, nullptr, MS_BIND, nullptr)", opt.working_dir.c_str(),
opt.working_dir.c_str());
}

for (size_t i = 0; i < opt.bind_mount_sources.size(); i++) {
std::string source = opt.bind_mount_sources.at(i);
std::string target = opt.bind_mount_targets.at(i);
PRINT_DEBUG("bind mount: %s -> %s", source.c_str(), target.c_str());
if (mount(source.c_str(), target.c_str(), NULL, MS_BIND, NULL) < 0) {
DIE("mount(%s, %s, NULL, MS_BIND, NULL)", source.c_str(), target.c_str());
if (mount(source.c_str(), target.c_str(), nullptr, MS_BIND, nullptr) < 0) {
DIE("mount(%s, %s, nullptr, MS_BIND, nullptr)", source.c_str(),
target.c_str());
}
}

for (const std::string &writable_file : opt.writable_files) {
PRINT_DEBUG("writable: %s", writable_file.c_str());
if (mount(writable_file.c_str(), writable_file.c_str(), NULL, MS_BIND,
NULL) < 0) {
DIE("mount(%s, %s, NULL, MS_BIND, NULL)", writable_file.c_str(),
if (mount(writable_file.c_str(), writable_file.c_str(), nullptr, MS_BIND,
nullptr) < 0) {
DIE("mount(%s, %s, nullptr, MS_BIND, nullptr)", writable_file.c_str(),
writable_file.c_str());
}
}
Expand Down Expand Up @@ -221,34 +222,34 @@ static bool ShouldBeWritable(const std::string &mnt_dir) {
// ShouldBeWritable returns true.
static void MakeFilesystemMostlyReadOnly() {
FILE *mounts = setmntent("/proc/self/mounts", "r");
if (mounts == NULL) {
if (mounts == nullptr) {
DIE("setmntent");
}

struct mntent *ent;
while ((ent = getmntent(mounts)) != NULL) {
while ((ent = getmntent(mounts)) != nullptr) {
int mountFlags = MS_BIND | MS_REMOUNT;

// MS_REMOUNT does not allow us to change certain flags. This means, we have
// to first read them out and then pass them in back again. There seems to
// be no better way than this (an API for just getting the mount flags of a
// mount entry as a bitmask would be great).
if (hasmntopt(ent, "nodev") != NULL) {
if (hasmntopt(ent, "nodev") != nullptr) {
mountFlags |= MS_NODEV;
}
if (hasmntopt(ent, "noexec") != NULL) {
if (hasmntopt(ent, "noexec") != nullptr) {
mountFlags |= MS_NOEXEC;
}
if (hasmntopt(ent, "nosuid") != NULL) {
if (hasmntopt(ent, "nosuid") != nullptr) {
mountFlags |= MS_NOSUID;
}
if (hasmntopt(ent, "noatime") != NULL) {
if (hasmntopt(ent, "noatime") != nullptr) {
mountFlags |= MS_NOATIME;
}
if (hasmntopt(ent, "nodiratime") != NULL) {
if (hasmntopt(ent, "nodiratime") != nullptr) {
mountFlags |= MS_NODIRATIME;
}
if (hasmntopt(ent, "relatime") != NULL) {
if (hasmntopt(ent, "relatime") != nullptr) {
mountFlags |= MS_RELATIME;
}

Expand All @@ -258,7 +259,7 @@ static void MakeFilesystemMostlyReadOnly() {

PRINT_DEBUG("remount %s: %s", (mountFlags & MS_RDONLY) ? "ro" : "rw",
ent->mnt_dir);
if (mount(NULL, ent->mnt_dir, NULL, mountFlags, NULL) < 0) {
if (mount(nullptr, ent->mnt_dir, nullptr, mountFlags, nullptr) < 0) {
// If we get EACCES or EPERM, this might be a mount-point for which we
// don't have read access. Not much we can do about this, but it also
// won't do any harm, so let's go on. The same goes for EINVAL or ENOENT,
Expand All @@ -272,7 +273,8 @@ static void MakeFilesystemMostlyReadOnly() {
// should just ignore it.
if (errno != EACCES && errno != EPERM && errno != EINVAL &&
errno != ENOENT && errno != ESTALE) {
DIE("remount(NULL, %s, NULL, %d, NULL)", ent->mnt_dir, mountFlags);
DIE("remount(nullptr, %s, nullptr, %d, nullptr)", ent->mnt_dir,
mountFlags);
}
}
}
Expand All @@ -283,8 +285,8 @@ static void MakeFilesystemMostlyReadOnly() {
static void MountProc() {
// Mount a new proc on top of the old one, because the old one still refers to
// our parent PID namespace.
if (mount("/proc", "/proc", "proc", MS_NODEV | MS_NOEXEC | MS_NOSUID, NULL) <
0) {
if (mount("/proc", "/proc", "proc", MS_NODEV | MS_NOEXEC | MS_NOSUID,
nullptr) < 0) {
DIE("mount");
}
}
Expand Down Expand Up @@ -345,8 +347,8 @@ static void InstallSignalHandler(int signum, void (*handler)(int)) {
}
// sigaction may fail for certain reserved signals. Ignore failure in this
// case, but report it in debug mode, just in case.
if (sigaction(signum, &sa, NULL) < 0) {
PRINT_DEBUG("sigaction(%d, &sa, NULL) failed", signum);
if (sigaction(signum, &sa, nullptr) < 0) {
PRINT_DEBUG("sigaction(%d, &sa, nullptr) failed", signum);
}
}

Expand Down
17 changes: 8 additions & 9 deletions src/main/tools/linux-sandbox.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,15 +37,11 @@
* system are invisible.
*/

#include "linux-sandbox-options.h"
#include "linux-sandbox-pid1.h"
#include "linux-sandbox-utils.h"

#define DIE(args...) \
{ \
fprintf(stderr, __FILE__ ":" S__LINE__ ": \"" args); \
fprintf(stderr, "\": "); \
perror(NULL); \
perror(nullptr); \
exit(EXIT_FAILURE); \
}

Expand All @@ -66,10 +62,13 @@
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>

#include <string>
#include <vector>

#include "src/main/tools/linux-sandbox-options.h"
#include "src/main/tools/linux-sandbox-pid1.h"
#include "src/main/tools/linux-sandbox-utils.h"

int global_outer_uid;
int global_outer_gid;

Expand All @@ -83,15 +82,15 @@ static volatile sig_atomic_t global_signal;

static void CloseFds() {
DIR *fds = opendir("/proc/self/fd");
if (fds == NULL) {
if (fds == nullptr) {
DIE("opendir");
}

while (1) {
errno = 0;
struct dirent *dent = readdir(fds);

if (dent == NULL) {
if (dent == nullptr) {
if (errno != 0) {
DIE("readdir");
}
Expand Down Expand Up @@ -125,7 +124,7 @@ static void HandleSignal(int signum, void (*handler)(int)) {
if (sigemptyset(&sa.sa_mask) < 0) {
DIE("sigemptyset");
}
if (sigaction(signum, &sa, NULL) < 0) {
if (sigaction(signum, &sa, nullptr) < 0) {
DIE("sigaction");
}
}
Expand Down
Loading

0 comments on commit ef32c6a

Please sign in to comment.