diff --git a/.clang-format b/.clang-format new file mode 100644 index 0000000000..e4efa6e632 --- /dev/null +++ b/.clang-format @@ -0,0 +1,117 @@ +--- +BasedOnStyle: GNU +AccessModifierOffset: -2 +AlignAfterOpenBracket: Align +AlignConsecutiveMacros: false +AlignConsecutiveAssignments: false +AlignConsecutiveDeclarations: false +AlignEscapedNewlines: Left +AlignOperands: true +AlignTrailingComments: true +AllowAllArgumentsOnNextLine: true +AllowAllConstructorInitializersOnNextLine: true +AllowAllParametersOfDeclarationOnNextLine: true +AllowShortBlocksOnASingleLine: Never +AllowShortCaseLabelsOnASingleLine: false +AllowShortFunctionsOnASingleLine: All +AllowShortLambdasOnASingleLine: All +AllowShortIfStatementsOnASingleLine: Never +AllowShortLoopsOnASingleLine: false +AlwaysBreakAfterDefinitionReturnType: All +AlwaysBreakAfterReturnType: AllDefinitions +AlwaysBreakBeforeMultilineStrings: false +AlwaysBreakTemplateDeclarations: MultiLine +BinPackArguments: true +BinPackParameters: true +AllowShortIfStatementsOnASingleLine: false +AllowShortLoopsOnASingleLine: false +AllowShortCaseLabelsOnASingleLine: false +AllowShortFunctionsOnASingleLine: false +AllowShortBlocksOnASingleLine: false +BreakBeforeBraces: Allman +BraceWrapping: + AfterCaseLabel: true + AfterClass: true + AfterControlStatement: true + AfterEnum: true + AfterFunction: true + AfterNamespace: true + AfterObjCDeclaration: true + AfterStruct: true + AfterUnion: true + BeforeCatch: true + BeforeElse: true + IndentBraces: true + SplitEmptyFunction: true + SplitEmptyRecord: true + SplitEmptyNamespace: true +BreakBeforeBinaryOperators: All +BreakBeforeBraces: Custom +BreakBeforeInheritanceComma: false +BreakInheritanceList: BeforeColon +BreakBeforeTernaryOperators: true +BreakConstructorInitializersBeforeComma: false +BreakConstructorInitializers: BeforeColon +BreakAfterJavaFieldAnnotations: false +BreakStringLiterals: true +ColumnLimit: 120 +ContinuationIndentWidth: 4 +DeriveLineEnding: true +DerivePointerAlignment: false +DisableFormat: false +ExperimentalAutoDetectBinPacking: false +FixNamespaceComments: false +ForEachMacros: + - foreach + - Q_FOREACH + - BOOST_FOREACH +IncludeBlocks: Preserve +IncludeIsMainRegex: '(Test)?$' +IncludeIsMainSourceRegex: '' +IndentCaseLabels: false +IndentGotoLabels: true +IndentPPDirectives: AfterHash +IndentWidth: 2 +IndentWrappedFunctionNames: false +JavaScriptQuotes: Leave +JavaScriptWrapImports: true +KeepEmptyLinesAtTheStartOfBlocks: true +MacroBlockBegin: '' +MacroBlockEnd: '' +MaxEmptyLinesToKeep: 1 +NamespaceIndentation: None +ObjCBinPackProtocolList: Auto +ObjCBlockIndentWidth: 2 +ObjCSpaceAfterProperty: false +ObjCSpaceBeforeProtocolList: true +PenaltyBreakAssignment: 2 +PenaltyBreakBeforeFirstCallParameter: 19 +PenaltyBreakComment: 300 +PenaltyBreakFirstLessLess: 120 +PenaltyBreakString: 1000 +PenaltyBreakTemplateDeclaration: 10 +PenaltyExcessCharacter: 1000000 +PenaltyReturnTypeOnItsOwnLine: 60 +PointerAlignment: Right +ReflowComments: true +SortIncludes: false +SortUsingDeclarations: true +SpaceAfterCStyleCast: true +SpaceAfterLogicalNot: true +SpaceAfterTemplateKeyword: true +SpaceBeforeAssignmentOperators: true +SpaceBeforeParens: Always +SpaceInEmptyBlock: false +SpaceInEmptyParentheses: false +SpacesBeforeTrailingComments: 1 +SpacesInAngles: false +SpacesInConditionalStatement: false +SpacesInContainerLiterals: true +SpacesInCStyleCastParentheses: true +SpacesInParentheses: false +SpacesInSquareBrackets: false +SpaceBeforeSquareBrackets: false +TabWidth: 8 +UseCRLF: false +UseTab: Never +... diff --git a/.travis.yml b/.travis.yml index e28c9a1b51..aa4e36d1d2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -28,6 +28,8 @@ matrix: env: TEST=coverity - arch: amd64 env: TEST=alpine-build + - arch: amd64 + env: TEST=clang-format matrix: - TEST=make-arm64 - TEST=make-amd64 @@ -35,6 +37,7 @@ matrix: - TEST=containerd - TEST=oci-validation - TEST=coverity + - TEST=clang-format - TEST=alpine-build global: - COVERITY_SCAN_PROJECT_NAME="giuseppe/crun" @@ -49,7 +52,7 @@ services: - docker language: c sudo: required -dist: bionic +dist: focal addons: apt: packages: @@ -67,12 +70,14 @@ addons: - go-md2man - libsystemd-dev - gperf + - clang-format before_install: - git submodule update --init --recursive - if test $TEST = podman; then sudo docker build -t crun-podman tests/podman; fi - if test $TEST = containerd; then sudo docker build -t crun-containerd tests/containerd; fi - if test $TEST = oci-validation; then sudo docker build -t crun-oci-validation tests/oci-validation; fi - if test $TEST = alpine-build; then sudo docker build -t crun-alpine-build tests/alpine-build; fi +- if test $TEST = clang-format; then sudo docker build -t crun-clang-format tests/clang-format; fi - git clone --depth=1 git://github.com/lloyd/yajl - "(cd yajl && ./configure -p /usr && make && sudo make install)" # CRIU supports armhfp, aarch64, ppc64le, s390x and x86_64. The PPA has only packages for x86_64 @@ -86,3 +91,4 @@ script: - if test $TEST = oci-validation; then sudo docker run --privileged --rm -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -v $(pwd):/crun crun-oci-validation; fi - if test $TEST = coverity; then ./autogen.sh && eval "${COVERITY_SCAN_BUILD}"; fi - if test $TEST = alpine-build; then sudo docker run --privileged --rm -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -v $(pwd):/crun crun-alpine-build; fi +- if test $TEST = clang-format; then ./autogen.sh && ./configure && sudo docker run --rm -w /crun -v $(pwd):/crun crun-clang-format make clang-format; fi diff --git a/Makefile.am b/Makefile.am index b49462215d..571be5c1fe 100644 --- a/Makefile.am +++ b/Makefile.am @@ -161,4 +161,8 @@ generate-rust-bindings: libcrun.rs generate-signals.c: src/libcrun/signals.perf ${GPERF} --lookup-function-name libcrun_signal_in_word_set -m 100 --null-strings --pic -tCEG -S1 $< > src/libcrun/signals.c -.PHONY: coverity sync generate-rust-bindings generate-signals.c +clang-format: +# do not format files that were copied into the source directory. + git ls-files src | egrep "\\.[hc]" | grep -v "chroot_realpath.c\|cloned_binary.c\|signals.c" | xargs clang-format -style=file -i + +.PHONY: coverity sync generate-rust-bindings generate-signals.c clang-format diff --git a/src/checkpoint.c b/src/checkpoint.c index 2082919096..6a2e51da7b 100644 --- a/src/checkpoint.c +++ b/src/checkpoint.c @@ -46,19 +46,16 @@ static char doc[] = "OCI runtime"; static libcrun_checkpoint_restore_t cr_options; -static struct argp_option options[] = { - {"image-path", OPTION_IMAGE_PATH, "DIR", 0, - "path for saving criu image files", 0}, - {"work-path", OPTION_WORK_PATH, "DIR", 0, - "path for saving work files and logs", 0}, - {"leave-running", OPTION_LEAVE_RUNNING, 0, 0, - "leave the process running after checkpointing", 0}, - {"tcp-established", OPTION_TCP_ESTABLISHED, 0, 0, - "allow open tcp connections", 0}, - {"ext-unix-sk", OPTION_EXT_UNIX_SK, 0, 0, "allow external unix sockets", 0}, - {"shell-job", OPTION_SHELL_JOB, 0, 0, "allow shell jobs", 0}, - {0,} -}; +static struct argp_option options[] + = { { "image-path", OPTION_IMAGE_PATH, "DIR", 0, "path for saving criu image files", 0 }, + { "work-path", OPTION_WORK_PATH, "DIR", 0, "path for saving work files and logs", 0 }, + { "leave-running", OPTION_LEAVE_RUNNING, 0, 0, "leave the process running after checkpointing", 0 }, + { "tcp-established", OPTION_TCP_ESTABLISHED, 0, 0, "allow open tcp connections", 0 }, + { "ext-unix-sk", OPTION_EXT_UNIX_SK, 0, 0, "allow external unix sockets", 0 }, + { "shell-job", OPTION_SHELL_JOB, 0, 0, "allow shell jobs", 0 }, + { + 0, + } }; static char args_doc[] = "checkpoint CONTAINER"; @@ -101,24 +98,23 @@ parse_opt (int key, char *arg arg_unused, struct argp_state *state arg_unused) return 0; } -static struct argp run_argp = - { options, parse_opt, args_doc, doc, NULL, NULL, NULL }; +static struct argp run_argp = { options, parse_opt, args_doc, doc, NULL, NULL, NULL }; int -crun_command_checkpoint (struct crun_global_arguments *global_args, int argc, - char **argv, libcrun_error_t *err) +crun_command_checkpoint (struct crun_global_arguments *global_args, int argc, char **argv, libcrun_error_t *err) { cleanup_free char *cr_path = NULL; int first_arg; int ret; - libcrun_context_t crun_context = { 0, }; + libcrun_context_t crun_context = { + 0, + }; argp_parse (&run_argp, argc, argv, ARGP_IN_ORDER, &first_arg, &cr_options); crun_assert_n_args (argc - first_arg, 1, 2); - ret = - init_libcrun_context (&crun_context, argv[first_arg], global_args, err); + ret = init_libcrun_context (&crun_context, argv[first_arg], global_args, err); if (UNLIKELY (ret < 0)) return ret; @@ -134,6 +130,5 @@ crun_command_checkpoint (struct crun_global_arguments *global_args, int argc, cr_options.image_path = cr_path; } - return libcrun_container_checkpoint (&crun_context, argv[first_arg], - &cr_options, err); + return libcrun_container_checkpoint (&crun_context, argv[first_arg], &cr_options, err); } diff --git a/src/checkpoint.h b/src/checkpoint.h index 29b72f4152..837f80ff0e 100644 --- a/src/checkpoint.h +++ b/src/checkpoint.h @@ -20,7 +20,6 @@ #include "crun.h" -int crun_command_checkpoint (struct crun_global_arguments *global_args, - int argc, char **argv, libcrun_error_t * error); +int crun_command_checkpoint (struct crun_global_arguments *global_args, int argc, char **argv, libcrun_error_t *error); #endif diff --git a/src/create.c b/src/create.c index 8b03e54946..33d14e06a7 100644 --- a/src/create.c +++ b/src/create.c @@ -29,31 +29,32 @@ #include "libcrun/utils.h" enum - { - OPTION_CONSOLE_SOCKET = 1000, - OPTION_PID_FILE, - OPTION_NO_SUBREAPER, - OPTION_NO_NEW_KEYRING, - OPTION_PRESERVE_FDS, - OPTION_NO_PIVOT - }; +{ + OPTION_CONSOLE_SOCKET = 1000, + OPTION_PID_FILE, + OPTION_NO_SUBREAPER, + OPTION_NO_NEW_KEYRING, + OPTION_PRESERVE_FDS, + OPTION_NO_PIVOT +}; static const char *bundle = NULL; static libcrun_context_t crun_context; -static struct argp_option options[] = - { - {"bundle", 'b', "DIR", 0, "container bundle (default \".\")", 0}, - {"config", 'f', "FILE", 0, "override the config file name", 0}, - {"console-socket", OPTION_CONSOLE_SOCKET, "SOCK", 0, "path to a socket that will receive the ptmx end of the tty", 0}, - {"preserve-fds", OPTION_PRESERVE_FDS, 0, 0, "pass additional FDs to the container", 0}, - {"no-pivot", OPTION_NO_PIVOT, 0, 0, "do not use pivot_root", 0}, - {"pid-file", OPTION_PID_FILE, "FILE", 0, "where to write the PID of the container", 0}, - {"no-subreaper", OPTION_NO_SUBREAPER, 0, 0, "do not create a subreaper process", 0}, - {"no-new-keyring", OPTION_NO_NEW_KEYRING, 0, 0, "keep the same session key", 0}, - { 0, } - }; +static struct argp_option options[] + = { { "bundle", 'b', "DIR", 0, "container bundle (default \".\")", 0 }, + { "config", 'f', "FILE", 0, "override the config file name", 0 }, + { "console-socket", OPTION_CONSOLE_SOCKET, "SOCK", 0, + "path to a socket that will receive the ptmx end of the tty", 0 }, + { "preserve-fds", OPTION_PRESERVE_FDS, 0, 0, "pass additional FDs to the container", 0 }, + { "no-pivot", OPTION_NO_PIVOT, 0, 0, "do not use pivot_root", 0 }, + { "pid-file", OPTION_PID_FILE, "FILE", 0, "where to write the PID of the container", 0 }, + { "no-subreaper", OPTION_NO_SUBREAPER, 0, 0, "do not create a subreaper process", 0 }, + { "no-new-keyring", OPTION_NO_NEW_KEYRING, 0, 0, "keep the same session key", 0 }, + { + 0, + } }; static char doc[] = "OCI runtime"; @@ -123,9 +124,8 @@ crun_command_create (struct crun_global_arguments *global_args, int argc, char * crun_assert_n_args (argc - first_arg, 1, 1); - /* Make sure the config is an absolute path before changing the directory. */ - if ((strcmp("config.json", config_file) != 0)) + if ((strcmp ("config.json", config_file) != 0)) { if (config_file[0] != '/') { diff --git a/src/create.h b/src/create.h index 3be88ea06b..98ebdf4b61 100644 --- a/src/create.h +++ b/src/create.h @@ -16,9 +16,9 @@ * along with crun. If not, see . */ #ifndef CREATE_H -# define CREATE_H +#define CREATE_H -# include "crun.h" +#include "crun.h" int crun_command_create (struct crun_global_arguments *global_args, int argc, char **argv, libcrun_error_t *error); diff --git a/src/crun.c b/src/crun.c index 767fecb2cc..05fbed3ecf 100644 --- a/src/crun.c +++ b/src/crun.c @@ -84,63 +84,60 @@ init_libcrun_context (libcrun_context_t *con, const char *id, struct crun_global } enum - { - COMMAND_CREATE = 1000, - COMMAND_DELETE, - COMMAND_EXEC, - COMMAND_LIST, - COMMAND_KILL, - COMMAND_RUN, - COMMAND_SPEC, - COMMAND_START, - COMMAND_STATE, - COMMAND_UPDATE, - COMMAND_PAUSE, - COMMAND_UNPAUSE, - COMMAND_PS, - COMMAND_CHECKPOINT, - COMMAND_RESTORE, - }; - -struct commands_s commands[] = - { - { COMMAND_CREATE, "create", crun_command_create}, - { COMMAND_DELETE, "delete", crun_command_delete}, - { COMMAND_EXEC, "exec", crun_command_exec}, - { COMMAND_LIST, "list", crun_command_list}, - { COMMAND_KILL, "kill", crun_command_kill}, - { COMMAND_PS, "ps", crun_command_ps}, - { COMMAND_RUN, "run", crun_command_run}, - { COMMAND_SPEC, "spec", crun_command_spec}, - { COMMAND_START, "start", crun_command_start}, - { COMMAND_STATE, "state", crun_command_state}, - { COMMAND_UPDATE, "update", crun_command_update}, - { COMMAND_PAUSE, "pause", crun_command_pause}, - { COMMAND_UNPAUSE, "resume", crun_command_unpause}, - /* Not calling it yet 'checkpoint' as this might confuse tools - * testing for checkpoint support like Podman does. - * Once it is ready for Podman, this can be renamed to 'checkpoint' */ - { COMMAND_CHECKPOINT, "_checkpoint", crun_command_checkpoint}, - { COMMAND_RESTORE, "_restore", crun_command_restore}, - { 0, } - }; - -static char doc[] = \ - "\nCOMMANDS:\n" \ - "\tcreate - create a container\n" \ - "\tdelete - remove definition for a container\n" \ - "\texec - exec a command in a running container\n" \ - "\tlist - list known containers\n" \ - "\tkill - send a signal to the container init process\n" \ - "\tps - show the processes in the container\n" \ - "\trun - run a container\n" \ - "\tspec - generate a configuration file\n" \ - "\tstart - start a container\n" \ - "\tstate - output the state of a container\n" \ - "\tpause - pause all the processes in the container\n" \ - "\tresume - unpause the processes in the container\n" \ - "\tupdate - update container resource constraints\n" \ - ; +{ + COMMAND_CREATE = 1000, + COMMAND_DELETE, + COMMAND_EXEC, + COMMAND_LIST, + COMMAND_KILL, + COMMAND_RUN, + COMMAND_SPEC, + COMMAND_START, + COMMAND_STATE, + COMMAND_UPDATE, + COMMAND_PAUSE, + COMMAND_UNPAUSE, + COMMAND_PS, + COMMAND_CHECKPOINT, + COMMAND_RESTORE, +}; + +struct commands_s commands[] = { { COMMAND_CREATE, "create", crun_command_create }, + { COMMAND_DELETE, "delete", crun_command_delete }, + { COMMAND_EXEC, "exec", crun_command_exec }, + { COMMAND_LIST, "list", crun_command_list }, + { COMMAND_KILL, "kill", crun_command_kill }, + { COMMAND_PS, "ps", crun_command_ps }, + { COMMAND_RUN, "run", crun_command_run }, + { COMMAND_SPEC, "spec", crun_command_spec }, + { COMMAND_START, "start", crun_command_start }, + { COMMAND_STATE, "state", crun_command_state }, + { COMMAND_UPDATE, "update", crun_command_update }, + { COMMAND_PAUSE, "pause", crun_command_pause }, + { COMMAND_UNPAUSE, "resume", crun_command_unpause }, + /* Not calling it yet 'checkpoint' as this might confuse tools + * testing for checkpoint support like Podman does. + * Once it is ready for Podman, this can be renamed to 'checkpoint' */ + { COMMAND_CHECKPOINT, "_checkpoint", crun_command_checkpoint }, + { COMMAND_RESTORE, "_restore", crun_command_restore }, + { + 0, + } }; + +static char doc[] = "\nCOMMANDS:\n" + "\tcreate - create a container\n" + "\tdelete - remove definition for a container\n" + "\texec - exec a command in a running container\n" + "\tlist - list known containers\n" + "\tkill - send a signal to the container init process\n" + "\tps - show the processes in the container\n" + "\trun - run a container\n" + "\tspec - generate a configuration file\n" + "\tstart - start a container\n" + "\tstate - output the state of a container\n" + "\tpause - pause all the processes in the container\n" + "\tresume - unpause the processes in the container\n" + "\tupdate - update container resource constraints\n"; static char args_doc[] = "COMMAND [OPTION...]"; static struct commands_s * @@ -154,31 +151,29 @@ get_command (const char *arg) } enum - { - OPTION_DEBUG = 1000, - OPTION_SYSTEMD_CGROUP, - OPTION_CGROUP_MANAGER, - OPTION_LOG, - OPTION_LOG_FORMAT, - OPTION_ROOT, - OPTION_ROOTLESS - }; - +{ + OPTION_DEBUG = 1000, + OPTION_SYSTEMD_CGROUP, + OPTION_CGROUP_MANAGER, + OPTION_LOG, + OPTION_LOG_FORMAT, + OPTION_ROOT, + OPTION_ROOTLESS +}; const char *argp_program_version = PACKAGE_STRING; const char *argp_program_bug_address = "https://github.com/containers/crun/issues"; -static struct argp_option options[] = - { - {"debug", OPTION_DEBUG, 0, 0, "produce verbose output", 0}, - {"cgroup-manager", OPTION_CGROUP_MANAGER, "MANAGER", 0, "cgroup manager", 0}, - {"systemd-cgroup", OPTION_SYSTEMD_CGROUP, 0, 0, "use systemd cgroups", 0}, - {"log", OPTION_LOG, "FILE", 0, NULL, 0}, - {"log-format", OPTION_LOG_FORMAT, "FORMAT", 0, NULL, 0}, - {"root", OPTION_ROOT, "DIR", 0, NULL, 0}, - {"rootless", OPTION_ROOT, "VALUE", 0, NULL, 0}, - { 0, } - }; +static struct argp_option options[] = { { "debug", OPTION_DEBUG, 0, 0, "produce verbose output", 0 }, + { "cgroup-manager", OPTION_CGROUP_MANAGER, "MANAGER", 0, "cgroup manager", 0 }, + { "systemd-cgroup", OPTION_SYSTEMD_CGROUP, 0, 0, "use systemd cgroups", 0 }, + { "log", OPTION_LOG, "FILE", 0, NULL, 0 }, + { "log-format", OPTION_LOG_FORMAT, "FORMAT", 0, NULL, 0 }, + { "root", OPTION_ROOT, "DIR", 0, NULL, 0 }, + { "rootless", OPTION_ROOT, "VALUE", 0, NULL, 0 }, + { + 0, + } }; static void print_version (FILE *stream, struct argp_state *state arg_unused) diff --git a/src/crun.h b/src/crun.h index baebcb5868..7479ff1e77 100644 --- a/src/crun.h +++ b/src/crun.h @@ -16,9 +16,9 @@ * along with crun. If not, see . */ #ifndef CRUN_H -# define CRUN_H +#define CRUN_H -# include "libcrun/container.h" +#include "libcrun/container.h" struct crun_global_arguments { @@ -33,6 +33,7 @@ struct crun_global_arguments }; char *argp_mandatory_argument (char *arg, struct argp_state *state); -int init_libcrun_context (libcrun_context_t *con, const char *id, struct crun_global_arguments *glob, libcrun_error_t *err); +int init_libcrun_context (libcrun_context_t *con, const char *id, struct crun_global_arguments *glob, + libcrun_error_t *err); void crun_assert_n_args (int n, int min, int max); #endif diff --git a/src/delete.c b/src/delete.c index e6adcb55c2..b830c1232a 100644 --- a/src/delete.c +++ b/src/delete.c @@ -33,13 +33,13 @@ static char doc[] = "OCI runtime"; enum - { - OPTION_CONSOLE_SOCKET = 1000, - OPTION_PID_FILE, - OPTION_NO_SUBREAPER, - OPTION_NO_NEW_KEYRING, - OPTION_PRESERVE_FDS - }; +{ + OPTION_CONSOLE_SOCKET = 1000, + OPTION_PID_FILE, + OPTION_NO_SUBREAPER, + OPTION_NO_NEW_KEYRING, + OPTION_PRESERVE_FDS +}; struct delete_options_s { @@ -49,12 +49,12 @@ struct delete_options_s static struct delete_options_s delete_options; -static struct argp_option options[] = - { - {"force", 'f', 0, 0, "delete the container even if it is still running", 0}, - {"regex", 'r', 0, 0, "the specified CONTAINER is a regular expression (delete multiple containers)", 0}, - { 0, } - }; +static struct argp_option options[] + = { { "force", 'f', 0, 0, "delete the container even if it is still running", 0 }, + { "regex", 'r', 0, 0, "the specified CONTAINER is a regular expression (delete multiple containers)", 0 }, + { + 0, + } }; static char args_doc[] = "delete CONTAINER"; @@ -88,7 +88,9 @@ crun_command_delete (struct crun_global_arguments *global_args, int argc, char * { int first_arg, ret; - libcrun_context_t crun_context = {0, }; + libcrun_context_t crun_context = { + 0, + }; argp_parse (&run_argp, argc, argv, ARGP_IN_ORDER, &first_arg, &delete_options); crun_assert_n_args (argc - first_arg, 1, 1); diff --git a/src/delete.h b/src/delete.h index d6afbe567f..689a035caf 100644 --- a/src/delete.h +++ b/src/delete.h @@ -16,9 +16,9 @@ * along with crun. If not, see . */ #ifndef DELETE_H -# define DELETE_H +#define DELETE_H -# include "crun.h" +#include "crun.h" int crun_command_delete (struct crun_global_arguments *global_args, int argc, char **argv, libcrun_error_t *error); diff --git a/src/exec.c b/src/exec.c index 37e58773b9..f4ef658d5b 100644 --- a/src/exec.c +++ b/src/exec.c @@ -48,29 +48,30 @@ struct exec_options_s }; enum - { - OPTION_CONSOLE_SOCKET = 1000, - OPTION_PID_FILE, - OPTION_CWD, - OPTION_PRESERVE_FDS - }; +{ + OPTION_CONSOLE_SOCKET = 1000, + OPTION_PID_FILE, + OPTION_CWD, + OPTION_PRESERVE_FDS +}; static struct exec_options_s exec_options; -static struct argp_option options[] = - { - {"console-socket", OPTION_CONSOLE_SOCKET, "SOCKET", 0, "path to a socket that will receive the ptmx end of the tty", 0}, - {"tty", 't', "TTY", OPTION_ARG_OPTIONAL, "allocate a pseudo-TTY", 0}, - {"process", 'p', "FILE", 0, "path to the process.json", 0}, - {"cwd", OPTION_CWD, "CWD", 0, "current working directory", 0}, - {"detach", 'd', 0, 0, "detach the command in the background", 0}, - {"user", 'u', "USERSPEC", 0, "specify the user in the form UID[:GID]", 0}, - {"env", 'e', "ENV", 0, "add an environment variable", 0}, - {"cap", 'c', "CAP", 0, "add a capability", 0}, - {"pid-file", OPTION_PID_FILE, "FILE", 0, "where to write the PID of the container", 0}, - {"preserve-fds", OPTION_PRESERVE_FDS, 0, 0, "pass additional FDs to the container", 0}, - {0,} - }; +static struct argp_option options[] + = { { "console-socket", OPTION_CONSOLE_SOCKET, "SOCKET", 0, + "path to a socket that will receive the ptmx end of the tty", 0 }, + { "tty", 't', "TTY", OPTION_ARG_OPTIONAL, "allocate a pseudo-TTY", 0 }, + { "process", 'p', "FILE", 0, "path to the process.json", 0 }, + { "cwd", OPTION_CWD, "CWD", 0, "current working directory", 0 }, + { "detach", 'd', 0, 0, "detach the command in the background", 0 }, + { "user", 'u', "USERSPEC", 0, "specify the user in the form UID[:GID]", 0 }, + { "env", 'e', "ENV", 0, "add an environment variable", 0 }, + { "cap", 'c', "CAP", 0, "add a capability", 0 }, + { "pid-file", OPTION_PID_FILE, "FILE", 0, "where to write the PID of the container", 0 }, + { "preserve-fds", OPTION_PRESERVE_FDS, 0, 0, "pass additional FDs to the container", 0 }, + { + 0, + } }; static char args_doc[] = "exec CONTAINER cmd"; @@ -96,7 +97,8 @@ append_cap (const char *arg) exec_options.cap_size++; } -static char **dup_array (char **arr, size_t len) +static char ** +dup_array (char **arr, size_t len) { size_t i; char **ret; @@ -133,7 +135,7 @@ parse_opt (int key, char *arg, struct argp_state *state) break; case 'p': - exec_options.process = arg; + exec_options.process = arg; break; case 't': @@ -201,7 +203,9 @@ int crun_command_exec (struct crun_global_arguments *global_args, int argc, char **argv, libcrun_error_t *err) { int first_arg, ret = 0; - libcrun_context_t crun_context = {0, }; + libcrun_context_t crun_context = { + 0, + }; crun_context.preserve_fds = 0; @@ -240,7 +244,8 @@ crun_command_exec (struct crun_global_arguments *global_args, int argc, char **a process->user = make_oci_process_user (exec_options.user); if (exec_options.cap_size > 0) { - runtime_spec_schema_config_schema_process_capabilities *capabilities = xmalloc (sizeof (runtime_spec_schema_config_schema_process_capabilities)); + runtime_spec_schema_config_schema_process_capabilities *capabilities + = xmalloc (sizeof (runtime_spec_schema_config_schema_process_capabilities)); capabilities->effective = exec_options.cap; capabilities->effective_len = exec_options.cap_size; diff --git a/src/exec.h b/src/exec.h index d09dc62993..2b66fcba3b 100644 --- a/src/exec.h +++ b/src/exec.h @@ -16,9 +16,9 @@ * along with crun. If not, see . */ #ifndef EXEC_H -# define EXEC_H +#define EXEC_H -# include "crun.h" +#include "crun.h" int crun_command_exec (struct crun_global_arguments *global_args, int argc, char **argv, libcrun_error_t *error); diff --git a/src/kill.c b/src/kill.c index b1e256a53a..9525c41aa7 100644 --- a/src/kill.c +++ b/src/kill.c @@ -34,13 +34,13 @@ static char doc[] = "OCI runtime"; enum - { - OPTION_CONSOLE_SOCKET = 1000, - OPTION_PID_FILE, - OPTION_NO_SUBREAPER, - OPTION_NO_NEW_KEYRING, - OPTION_PRESERVE_FDS - }; +{ + OPTION_CONSOLE_SOCKET = 1000, + OPTION_PID_FILE, + OPTION_NO_SUBREAPER, + OPTION_NO_NEW_KEYRING, + OPTION_PRESERVE_FDS +}; struct kill_options_s { @@ -50,12 +50,12 @@ struct kill_options_s static struct kill_options_s kill_options; -static struct argp_option options[] = - { - {"all", 'a', 0, 0, "kill all the processes", 0 }, - {"regex", 'r', 0, 0, "the specified CONTAINER is a regular expression (kill multiple containers)", 0 }, - { 0, } - }; +static struct argp_option options[] + = { { "all", 'a', 0, 0, "kill all the processes", 0 }, + { "regex", 'r', 0, 0, "the specified CONTAINER is a regular expression (kill multiple containers)", 0 }, + { + 0, + } }; static char args_doc[] = "kill CONTAINER [SIGNAL]"; @@ -89,7 +89,9 @@ crun_command_kill (struct crun_global_arguments *global_args, int argc, char **a { int first_arg, signal, ret; - libcrun_context_t crun_context = {0, }; + libcrun_context_t crun_context = { + 0, + }; argp_parse (&run_argp, argc, argv, ARGP_IN_ORDER, &first_arg, &kill_options); crun_assert_n_args (argc - first_arg, 1, 2); @@ -127,7 +129,6 @@ crun_command_kill (struct crun_global_arguments *global_args, int argc, char **a libcrun_error_write_warning_and_release (stderr, &err); } - libcrun_free_containers_list (list); regfree (&re); return 0; diff --git a/src/kill.h b/src/kill.h index bab4c72c7f..6a6cb1f10f 100644 --- a/src/kill.h +++ b/src/kill.h @@ -16,9 +16,9 @@ * along with crun. If not, see . */ #ifndef KILL_H -# define KILL_H +#define KILL_H -# include "crun.h" +#include "crun.h" int crun_command_kill (struct crun_global_arguments *global_args, int argc, char **argv, libcrun_error_t *error); diff --git a/src/libcrun/cgroup.c b/src/libcrun/cgroup.c index 032d5213e3..f4aaeb5c97 100644 --- a/src/libcrun/cgroup.c +++ b/src/libcrun/cgroup.c @@ -30,7 +30,7 @@ #include #ifdef HAVE_SYSTEMD -# include +# include #endif #include @@ -38,10 +38,9 @@ #include #include -static const cgroups_subsystem_t cgroups_subsystems[] = {"cpuset", "cpu", "devices", "pids", "memory", - "net_cls,net_prio", "freezer", "blkio", - "hugetlb", "cpu,cpuacct", "perf_event", - "unified", NULL}; +static const cgroups_subsystem_t cgroups_subsystems[] + = { "cpuset", "cpu", "devices", "pids", "memory", "net_cls,net_prio", "freezer", "blkio", + "hugetlb", "cpu,cpuacct", "perf_event", "unified", NULL }; const cgroups_subsystem_t * libcrun_get_cgroups_subsystems (libcrun_error_t *err arg_unused) @@ -55,22 +54,20 @@ struct symlink_s const char *target; }; -static struct symlink_s cgroup_symlinks[] = { - { "cpu", "cpu,cpuacct" }, - { "cpuacct", "cpu,cpuacct" }, - { "net_cls", "net_cls,net_prio" }, - { "net_prio", "net_cls,net_prio" }, - { NULL, NULL } -}; +static struct symlink_s cgroup_symlinks[] = { { "cpu", "cpu,cpuacct" }, + { "cpuacct", "cpu,cpuacct" }, + { "net_cls", "net_cls,net_prio" }, + { "net_prio", "net_cls,net_prio" }, + { NULL, NULL } }; #define SYSTEMD_PROPERTY_PREFIX "org.systemd.property." #ifndef CGROUP2_SUPER_MAGIC -# define CGROUP2_SUPER_MAGIC 0x63677270 +# define CGROUP2_SUPER_MAGIC 0x63677270 #endif #ifndef TMPFS_MAGIC -# define TMPFS_MAGIC 0x01021994 +# define TMPFS_MAGIC 0x01021994 #endif static int @@ -143,14 +140,14 @@ is_rwm (const char *str, libcrun_error_t *err) } enum - { - CGROUP_MEMORY = 1 << 0, - CGROUP_CPU = 1 << 1, - CGROUP_HUGETLB = 1 << 2, - CGROUP_CPUSET = 1 << 3, - CGROUP_PIDS = 1 << 4, - CGROUP_IO = 1 << 5, - }; +{ + CGROUP_MEMORY = 1 << 0, + CGROUP_CPU = 1 << 1, + CGROUP_HUGETLB = 1 << 2, + CGROUP_CPUSET = 1 << 3, + CGROUP_PIDS = 1 << 4, + CGROUP_IO = 1 << 5, +}; static int read_available_controllers (const char *path, libcrun_error_t *err) @@ -200,13 +197,11 @@ write_controller_file (const char *path, int controllers_to_enable, libcrun_erro size_t controllers_len = 0; int ret; - controllers_len = xasprintf (&controllers, "%s %s %s %s %s %s", - (controllers_to_enable & CGROUP_CPU) ? "+cpu" : "", - (controllers_to_enable & CGROUP_IO) ? "+io" : "", - (controllers_to_enable & CGROUP_MEMORY) ? "+memory" : "", - (controllers_to_enable & CGROUP_PIDS) ? "+pids" : "", - (controllers_to_enable & CGROUP_CPUSET) ? "+cpuset" : "", - (controllers_to_enable & CGROUP_HUGETLB) ? "+hugetlb" : ""); + controllers_len = xasprintf ( + &controllers, "%s %s %s %s %s %s", (controllers_to_enable & CGROUP_CPU) ? "+cpu" : "", + (controllers_to_enable & CGROUP_IO) ? "+io" : "", (controllers_to_enable & CGROUP_MEMORY) ? "+memory" : "", + (controllers_to_enable & CGROUP_PIDS) ? "+pids" : "", (controllers_to_enable & CGROUP_CPUSET) ? "+cpuset" : "", + (controllers_to_enable & CGROUP_HUGETLB) ? "+hugetlb" : ""); xasprintf (&subtree_control, "%s/cgroup.subtree_control", path); ret = write_file (subtree_control, controllers, controllers_len, err); @@ -266,7 +261,7 @@ enable_controllers (const char *path, libcrun_error_t *err) ret = read_available_controllers ("/sys/fs/cgroup", err); if (UNLIKELY (ret < 0)) - return ret; + return ret; controllers_to_enable = ret; @@ -341,7 +336,8 @@ initialize_cpuset_subsystem_rec (char *path, size_t path_len, char *cpus, char * size_t parent_path_len; int ret; - for (parent_path_len = path_len -1; parent_path_len > 1 && path[parent_path_len] != '/'; parent_path_len--); + for (parent_path_len = path_len - 1; parent_path_len > 1 && path[parent_path_len] != '/'; parent_path_len--) + ; if (parent_path_len == 1) return 0; @@ -386,7 +382,8 @@ initialize_cpuset_subsystem (const char *path, libcrun_error_t *err) static int initialize_memory_subsystem (const char *path, libcrun_error_t *err) { - const char *const files[] = {"memory.limit_in_bytes", "memory.kmem.limit_in_bytes", "memory.memsw.limit_in_bytes", NULL}; + const char *const files[] + = { "memory.limit_in_bytes", "memory.kmem.limit_in_bytes", "memory.memsw.limit_in_bytes", NULL }; cleanup_close int dirfd = -1; int i; @@ -423,7 +420,8 @@ move_process_to_cgroup (pid_t pid, const char *subsystem, const char *path, libc } static int -enter_cgroup_subsystem (pid_t pid, const char *subsystem, const char *path, bool create_if_missing, libcrun_error_t *err) +enter_cgroup_subsystem (pid_t pid, const char *subsystem, const char *path, bool create_if_missing, + libcrun_error_t *err) { cleanup_free char *cgroup_path = NULL; int ret; @@ -437,9 +435,9 @@ enter_cgroup_subsystem (pid_t pid, const char *subsystem, const char *path, bool if (errno != EROFS) return crun_make_error (err, errno, "creating cgroup directory `%s`", cgroup_path); - crun_error_release (err); - return 0; - } + crun_error_release (err); + return 0; + } if (strcmp (subsystem, "cpuset") == 0) { @@ -484,7 +482,7 @@ get_file_owner (const char *path, uid_t *uid, gid_t *gid) #ifdef HAVE_STATX struct statx stx; - ret = statx (AT_FDCWD, path, AT_STATX_DONT_SYNC, STATX_UID|STATX_GID, &stx); + ret = statx (AT_FDCWD, path, AT_STATX_DONT_SYNC, STATX_UID | STATX_GID, &stx); if (UNLIKELY (ret < 0)) { if (errno == ENOSYS || errno == EINVAL) @@ -496,7 +494,7 @@ get_file_owner (const char *path, uid_t *uid, gid_t *gid) *gid = stx.stx_gid; return ret; - fallback: +fallback: #endif ret = stat (path, &st); if (UNLIKELY (ret < 0)) @@ -713,7 +711,8 @@ enter_cgroup_v2 (pid_t pid, pid_t init_pid, const char *path, bool create_if_mis } static int -enter_cgroup (int cgroup_mode, pid_t pid, pid_t init_pid, const char *path, bool create_if_missing, libcrun_error_t *err) +enter_cgroup (int cgroup_mode, pid_t pid, pid_t init_pid, const char *path, bool create_if_missing, + libcrun_error_t *err) { if (cgroup_mode == CGROUP_MODE_UNIFIED) return enter_cgroup_v2 (pid, init_pid, path, create_if_missing, err); @@ -756,8 +755,8 @@ libcrun_move_process_to_cgroup (pid_t pid, pid_t init_pid, char *path, libcrun_e #ifdef HAVE_SYSTEMD -static -void get_systemd_scope_and_slice (const char *id, const char *cgroup_path, char **scope, char **slice) +static void +get_systemd_scope_and_slice (const char *id, const char *cgroup_path, char **scope, char **slice) { char *n; @@ -786,8 +785,8 @@ void get_systemd_scope_and_slice (const char *id, const char *cgroup_path, char } } -static -int systemd_finalize (struct libcrun_cgroup_args *args, const char *suffix, libcrun_error_t *err) +static int +systemd_finalize (struct libcrun_cgroup_args *args, const char *suffix, libcrun_error_t *err) { cleanup_free char *content = NULL; int cgroup_mode = args->cgroup_mode; @@ -933,21 +932,12 @@ systemd_job_removed (sd_bus_message *m, void *userdata, sd_bus_error *error arg_ } static int -systemd_check_job_status_setup (sd_bus *bus, - struct systemd_job_removed_s *data, - libcrun_error_t *err) +systemd_check_job_status_setup (sd_bus *bus, struct systemd_job_removed_s *data, libcrun_error_t *err) { int ret; - ret = sd_bus_match_signal_async (bus, - NULL, - "org.freedesktop.systemd1", - "/org/freedesktop/systemd1", - "org.freedesktop.systemd1.Manager", - "JobRemoved", - systemd_job_removed, - NULL, - data); + ret = sd_bus_match_signal_async (bus, NULL, "org.freedesktop.systemd1", "/org/freedesktop/systemd1", + "org.freedesktop.systemd1.Manager", "JobRemoved", systemd_job_removed, NULL, data); if (UNLIKELY (ret < 0)) return crun_make_error (err, -ret, "sd-bus match signal"); @@ -955,17 +945,14 @@ systemd_check_job_status_setup (sd_bus *bus, } static int -systemd_check_job_status (sd_bus *bus, - struct systemd_job_removed_s *data, - const char *path, - const char *op, +systemd_check_job_status (sd_bus *bus, struct systemd_job_removed_s *data, const char *path, const char *op, libcrun_error_t *err) { int sd_err; data->path = path; data->op = op; - while (!data->terminated) + while (! data->terminated) { sd_err = sd_bus_process (bus, NULL); if (UNLIKELY (sd_err < 0)) @@ -974,7 +961,7 @@ systemd_check_job_status (sd_bus *bus, if (sd_err != 0) continue; - sd_err = sd_bus_wait (bus, (uint64_t) -1); + sd_err = sd_bus_wait (bus, ( uint64_t ) -1); if (UNLIKELY (sd_err < 0)) return crun_make_error (err, -sd_err, "sd-bus wait"); } @@ -990,10 +977,7 @@ systemd_check_job_status (sd_bus *bus, /* Parse a gvariant string. Support only a subset of types, just enough for systemd . */ static int -append_systemd_annotation (sd_bus_message *m, - const char *name, - size_t name_len, - const char *value, +append_systemd_annotation (sd_bus_message *m, const char *name, size_t name_len, const char *value, libcrun_error_t *err) { cleanup_free char *tmp_name = NULL; @@ -1007,10 +991,7 @@ append_systemd_annotation (sd_bus_message *m, it = value; /* If the name has the form NameSec, convert it to NameUSec. */ - if (name_len > 4 - && name[name_len - 4] != 'U' - && name[name_len - 3] == 'S' - && name[name_len - 2] == 'e' + if (name_len > 4 && name[name_len - 4] != 'U' && name[name_len - 3] == 'S' && name[name_len - 2] == 'e' && name[name_len - 1] == 'c') { factor = 1000000; @@ -1022,7 +1003,6 @@ append_systemd_annotation (sd_bus_message *m, name = tmp_name; } - if ((strcmp (it, "true") == 0) || (strcmp (it, "false") == 0)) { bool b = *it == 't'; @@ -1061,7 +1041,7 @@ append_systemd_annotation (sd_bus_message *m, if (UNLIKELY (errno != 0 || *endptr)) return crun_make_error (err, errno, "invalid value for `%s`", name); - sd_err = sd_bus_message_append (m, "(sv)", name, "t", (uint64_t)(v * factor)); + sd_err = sd_bus_message_append (m, "(sv)", name, "t", (uint64_t) (v * factor)); if (UNLIKELY (sd_err < 0)) return crun_make_error (err, -sd_err, "sd-bus message append `%s`", name); @@ -1077,7 +1057,7 @@ append_systemd_annotation (sd_bus_message *m, if (UNLIKELY (errno != 0 || *endptr)) return crun_make_error (err, errno, "invalid value for `%s`", name); - sd_err = sd_bus_message_append (m, "(sv)", name, "x", (int64_t)(v * factor)); + sd_err = sd_bus_message_append (m, "(sv)", name, "x", (int64_t) (v * factor)); if (UNLIKELY (sd_err < 0)) return crun_make_error (err, -sd_err, "sd-bus message append `%s`", name); @@ -1093,7 +1073,7 @@ append_systemd_annotation (sd_bus_message *m, if (UNLIKELY (errno != 0 || *endptr)) return crun_make_error (err, errno, "invalid value for `%s`", name); - sd_err = sd_bus_message_append (m, "(sv)", name, "u", (uint32_t)(v * factor)); + sd_err = sd_bus_message_append (m, "(sv)", name, "u", (uint32_t) (v * factor)); if (UNLIKELY (sd_err < 0)) return crun_make_error (err, -sd_err, "sd-bus message append `%s`", name); @@ -1114,7 +1094,7 @@ append_systemd_annotation (sd_bus_message *m, if (UNLIKELY (errno != 0 || *endptr)) return crun_make_error (err, errno, "invalid value for `%s`", name); - sd_err = sd_bus_message_append (m, "(sv)", name, "i", (int32_t)(v * factor)); + sd_err = sd_bus_message_append (m, "(sv)", name, "i", (int32_t) (v * factor)); if (UNLIKELY (sd_err < 0)) return crun_make_error (err, -sd_err, "sd-bus message append `%s`", name); @@ -1140,12 +1120,8 @@ open_sd_bus_connection (sd_bus **bus, libcrun_error_t *err) } static int -enter_systemd_cgroup_scope (runtime_spec_schema_config_linux_resources *resources, - json_map_string_string *annotations, - const char *scope, - const char *slice, - pid_t pid, - libcrun_error_t *err) +enter_systemd_cgroup_scope (runtime_spec_schema_config_linux_resources *resources, json_map_string_string *annotations, + const char *scope, const char *slice, pid_t pid, libcrun_error_t *err) { sd_bus *bus = NULL; sd_bus_message *m = NULL; @@ -1160,7 +1136,7 @@ enter_systemd_cgroup_scope (runtime_spec_schema_config_linux_resources *resource i = 0; boolean_opts[i++] = "Delegate"; if (resources) - { + { if (resources->cpu) boolean_opts[i++] = "CPUAccounting"; if (resources->memory) @@ -1178,12 +1154,10 @@ enter_systemd_cgroup_scope (runtime_spec_schema_config_linux_resources *resource ret = systemd_check_job_status_setup (bus, &job_data, err); if (UNLIKELY (ret < 0)) - goto exit; + goto exit; - sd_err = sd_bus_message_new_method_call (bus, &m, "org.freedesktop.systemd1", - "/org/freedesktop/systemd1", - "org.freedesktop.systemd1.Manager", - "StartTransientUnit"); + sd_err = sd_bus_message_new_method_call (bus, &m, "org.freedesktop.systemd1", "/org/freedesktop/systemd1", + "org.freedesktop.systemd1.Manager", "StartTransientUnit"); if (UNLIKELY (sd_err < 0)) { ret = crun_make_error (err, -sd_err, "set up dbus message"); @@ -1229,13 +1203,11 @@ enter_systemd_cgroup_scope (runtime_spec_schema_config_linux_resources *resource len = strlen (annotations->keys[i]); if (len < prefix_len + 3) { - ret = crun_make_error (err, EINVAL, "invalid systemd property name `%s`", - annotations->keys[i]); + ret = crun_make_error (err, EINVAL, "invalid systemd property name `%s`", annotations->keys[i]); goto exit; } - ret = append_systemd_annotation (m, annotations->keys[i] + prefix_len, - len - prefix_len, + ret = append_systemd_annotation (m, annotations->keys[i] + prefix_len, len - prefix_len, annotations->values[i], err); if (UNLIKELY (ret < 0)) goto exit; @@ -1307,8 +1279,8 @@ enter_systemd_cgroup_scope (runtime_spec_schema_config_linux_resources *resource return ret; } -static -int destroy_systemd_cgroup_scope (const char *scope, libcrun_error_t *err) +static int +destroy_systemd_cgroup_scope (const char *scope, libcrun_error_t *err) { sd_bus *bus = NULL; sd_bus_message *m = NULL; @@ -1326,12 +1298,9 @@ int destroy_systemd_cgroup_scope (const char *scope, libcrun_error_t *err) if (UNLIKELY (ret < 0)) goto exit; - ret = sd_bus_message_new_method_call (bus, &m, - "org.freedesktop.systemd1", - "/org/freedesktop/systemd1", - "org.freedesktop.systemd1.Manager", - "StopUnit"); - if (UNLIKELY (ret < 0)) + ret = sd_bus_message_new_method_call (bus, &m, "org.freedesktop.systemd1", "/org/freedesktop/systemd1", + "org.freedesktop.systemd1.Manager", "StopUnit"); + if (UNLIKELY (ret < 0)) { ret = crun_make_error (err, -ret, "set up dbus message"); goto exit; @@ -1390,7 +1359,7 @@ libcrun_cgroup_enter_cgroupfs (struct libcrun_cgroup_args *args, libcrun_error_t const char *id = args->id; if (cgroup_path == NULL) - xasprintf (path, "/%s", id); + xasprintf (path, "/%s", id); else { if (cgroup_path[0] == '/') @@ -1482,7 +1451,7 @@ libcrun_cgroup_enter (struct libcrun_cgroup_args *args, libcrun_error_t *err) } if (LIKELY (ret >= 0)) { - if (cgroup_mode == CGROUP_MODE_UNIFIED && (root_uid != (uid_t) -1 || root_gid != (gid_t) -1)) + if (cgroup_mode == CGROUP_MODE_UNIFIED && (root_uid != ( uid_t ) -1 || root_gid != ( gid_t ) -1)) return chown_cgroups (*path, root_uid, root_gid, err); return ret; @@ -1539,7 +1508,8 @@ libcrun_cgroup_is_container_paused (const char *cgroup_path, int cgroup_mode, bo } static int -libcrun_cgroup_pause_unpause_with_mode (const char *cgroup_path, int cgroup_mode, const bool pause, libcrun_error_t *err) +libcrun_cgroup_pause_unpause_with_mode (const char *cgroup_path, int cgroup_mode, const bool pause, + libcrun_error_t *err) { cleanup_free char *path = NULL; const char *state = ""; @@ -1574,8 +1544,8 @@ libcrun_cgroup_pause_unpause (const char *cgroup_path, const bool pause, libcrun return libcrun_cgroup_pause_unpause_with_mode (cgroup_path, cgroup_mode, pause, err); } -static -int read_pids_cgroup (int dfd, bool recurse, pid_t **pids, size_t *n_pids, size_t *allocated, libcrun_error_t *err) +static int +read_pids_cgroup (int dfd, bool recurse, pid_t **pids, size_t *n_pids, size_t *allocated, libcrun_error_t *err) { cleanup_close int clean_dfd = dfd; cleanup_close int tasksfd = -1; @@ -1586,7 +1556,7 @@ int read_pids_cgroup (int dfd, bool recurse, pid_t **pids, size_t *n_pids, size_ char *it; int ret; - tasksfd = openat (dfd, "cgroup.procs", O_RDONLY|O_CLOEXEC); + tasksfd = openat (dfd, "cgroup.procs", O_RDONLY | O_CLOEXEC); if (tasksfd < 0) return crun_make_error (err, errno, "open cgroup.procs"); @@ -1619,7 +1589,7 @@ int read_pids_cgroup (int dfd, bool recurse, pid_t **pids, size_t *n_pids, size_ dir = fdopendir (dfd); if (UNLIKELY (dir == NULL)) - return crun_make_error (err, errno, "open cgroup sub-directory"); + return crun_make_error (err, errno, "open cgroup sub-directory"); /* Now dir owns the dfd descriptor. */ clean_dfd = -1; @@ -1627,14 +1597,13 @@ int read_pids_cgroup (int dfd, bool recurse, pid_t **pids, size_t *n_pids, size_ { int nfd; - if (strcmp (de->d_name, ".") == 0 || - strcmp (de->d_name, "..") == 0) + if (strcmp (de->d_name, ".") == 0 || strcmp (de->d_name, "..") == 0) continue; if (de->d_type != DT_DIR) continue; - nfd = openat (dirfd (dir), de->d_name, O_DIRECTORY|O_CLOEXEC); + nfd = openat (dirfd (dir), de->d_name, O_DIRECTORY | O_CLOEXEC); if (UNLIKELY (nfd < 0)) return crun_make_error (err, errno, "open cgroup directory %s", de->d_name); ret = read_pids_cgroup (nfd, recurse, pids, n_pids, allocated, err); @@ -1782,7 +1751,8 @@ libcrun_cgroup_killall (const char *path, libcrun_error_t *err) return libcrun_cgroup_killall_signal (path, SIGKILL, err); } -int libcrun_cgroup_destroy (const char *id, const char *path, const char *scope, int manager, libcrun_error_t *err) +int +libcrun_cgroup_destroy (const char *id, const char *path, const char *scope, int manager, libcrun_error_t *err) { int ret; size_t i; @@ -1790,9 +1760,9 @@ int libcrun_cgroup_destroy (const char *id, const char *path, const char *scope, const cgroups_subsystem_t *subsystems; bool repeat = true; - (void) id; - (void) manager; - (void) scope; + ( void ) id; + ( void ) manager; + ( void ) scope; if (path == NULL || *path == '\0') return 0; @@ -1858,11 +1828,10 @@ int libcrun_cgroup_destroy (const char *id, const char *path, const char *scope, if (repeat) { - struct timespec req = - { - .tv_sec = 0, - .tv_nsec = 100000, - }; + struct timespec req = { + .tv_sec = 0, + .tv_nsec = 100000, + }; nanosleep (&req, NULL); @@ -1880,7 +1849,8 @@ int libcrun_cgroup_destroy (const char *id, const char *path, const char *scope, typedef runtime_spec_schema_defs_linux_block_io_device_throttle throttling_s; static int -write_blkio_v1_resources_throttling (int dirfd, const char *name, throttling_s **throttling, size_t throttling_len, libcrun_error_t *err) +write_blkio_v1_resources_throttling (int dirfd, const char *name, throttling_s **throttling, size_t throttling_len, + libcrun_error_t *err) { char fmt_buf[128]; size_t i; @@ -1897,9 +1867,7 @@ write_blkio_v1_resources_throttling (int dirfd, const char *name, throttling_s * { int ret; size_t len; - len = sprintf (fmt_buf, "%" PRIu64 ":%" PRIu64 " %" PRIu64 "\n", - throttling[i]->major, - throttling[i]->minor, + len = sprintf (fmt_buf, "%" PRIu64 ":%" PRIu64 " %" PRIu64 "\n", throttling[i]->major, throttling[i]->minor, throttling[i]->rate); ret = TEMP_FAILURE_RETRY (write (fd, fmt_buf, len)); @@ -1910,7 +1878,8 @@ write_blkio_v1_resources_throttling (int dirfd, const char *name, throttling_s * } static int -write_blkio_v2_resources_throttling (int fd, const char *name, throttling_s **throttling, size_t throttling_len, libcrun_error_t *err) +write_blkio_v2_resources_throttling (int fd, const char *name, throttling_s **throttling, size_t throttling_len, + libcrun_error_t *err) { char fmt_buf[128]; size_t i; @@ -1922,10 +1891,7 @@ write_blkio_v2_resources_throttling (int fd, const char *name, throttling_s **th { int ret; size_t len; - len = sprintf (fmt_buf, "%" PRIu64 ":%" PRIu64 " %s=%lu\n", - throttling[i]->major, - throttling[i]->minor, - name, + len = sprintf (fmt_buf, "%" PRIu64 ":%" PRIu64 " %s=%lu\n", throttling[i]->major, throttling[i]->minor, name, throttling[i]->rate); ret = TEMP_FAILURE_RETRY (write (fd, fmt_buf, len)); @@ -1936,13 +1902,14 @@ write_blkio_v2_resources_throttling (int fd, const char *name, throttling_s **th } static int -write_blkio_resources (int dirfd, bool cgroup2, runtime_spec_schema_config_linux_resources_block_io *blkio, libcrun_error_t *err) +write_blkio_resources (int dirfd, bool cgroup2, runtime_spec_schema_config_linux_resources_block_io *blkio, + libcrun_error_t *err) { char fmt_buf[128]; size_t len; int ret; - /* convert linearly from 10-1000 to 1-10000. */ -#define CONVERT_WEIGHT_TO_CGROUPS_V2(x) (1 + ((x) - 10) * 9999 / 990) + /* convert linearly from 10-1000 to 1-10000. */ +#define CONVERT_WEIGHT_TO_CGROUPS_V2(x) (1 + (( x ) -10) * 9999 / 990) if (blkio->weight) { @@ -1979,10 +1946,8 @@ write_blkio_resources (int dirfd, bool cgroup2, runtime_spec_schema_config_linux { uint32_t w = CONVERT_WEIGHT_TO_CGROUPS_V2 (blkio->weight_device[i]->weight); - len = sprintf (fmt_buf, "%" PRIu64 ":%" PRIu64 " %i\n", - blkio->weight_device[i]->major, - blkio->weight_device[i]->minor, - w); + len = sprintf (fmt_buf, "%" PRIu64 ":%" PRIu64 " %i\n", blkio->weight_device[i]->major, + blkio->weight_device[i]->minor, w); ret = TEMP_FAILURE_RETRY (write (wfd, fmt_buf, len)); if (UNLIKELY (ret < 0)) return crun_make_error (err, errno, "write io.weight"); @@ -2006,17 +1971,13 @@ write_blkio_resources (int dirfd, bool cgroup2, runtime_spec_schema_config_linux for (i = 0; i < blkio->weight_device_len; i++) { - len = sprintf (fmt_buf, "%lu:%lu %i\n", - blkio->weight_device[i]->major, - blkio->weight_device[i]->minor, + len = sprintf (fmt_buf, "%lu:%lu %i\n", blkio->weight_device[i]->major, blkio->weight_device[i]->minor, blkio->weight_device[i]->weight); ret = TEMP_FAILURE_RETRY (write (w_device_fd, fmt_buf, len)); if (UNLIKELY (ret < 0)) return crun_make_error (err, errno, "write blkio.weight_device"); - len = sprintf (fmt_buf, "%lu:%lu %i\n", - blkio->weight_device[i]->major, - blkio->weight_device[i]->minor, + len = sprintf (fmt_buf, "%lu:%lu %i\n", blkio->weight_device[i]->major, blkio->weight_device[i]->minor, blkio->weight_device[i]->leaf_weight); ret = TEMP_FAILURE_RETRY (write (w_leafdevice_fd, fmt_buf, len)); if (UNLIKELY (ret < 0)) @@ -2032,61 +1993,49 @@ write_blkio_resources (int dirfd, bool cgroup2, runtime_spec_schema_config_linux if (UNLIKELY (wfd < 0)) return crun_make_error (err, errno, "open io.max"); - ret = write_blkio_v2_resources_throttling (wfd, "rbps", - (throttling_s **) blkio->throttle_read_bps_device, - blkio->throttle_read_bps_device_len, - err); + ret = write_blkio_v2_resources_throttling (wfd, "rbps", ( throttling_s ** ) blkio->throttle_read_bps_device, + blkio->throttle_read_bps_device_len, err); if (UNLIKELY (ret < 0)) return ret; - ret = write_blkio_v2_resources_throttling (wfd, "wbps", - (throttling_s **) blkio->throttle_write_bps_device, - blkio->throttle_write_bps_device_len, - err); + ret = write_blkio_v2_resources_throttling (wfd, "wbps", ( throttling_s ** ) blkio->throttle_write_bps_device, + blkio->throttle_write_bps_device_len, err); if (UNLIKELY (ret < 0)) return ret; - ret = write_blkio_v2_resources_throttling (wfd, "riops", - (throttling_s **) blkio->throttle_read_iops_device, - blkio->throttle_read_iops_device_len, - err); + ret = write_blkio_v2_resources_throttling (wfd, "riops", ( throttling_s ** ) blkio->throttle_read_iops_device, + blkio->throttle_read_iops_device_len, err); if (UNLIKELY (ret < 0)) return ret; - ret = write_blkio_v2_resources_throttling (wfd, "wiops", - (throttling_s **) blkio->throttle_write_iops_device, - blkio->throttle_write_iops_device_len, - err); + ret = write_blkio_v2_resources_throttling (wfd, "wiops", ( throttling_s ** ) blkio->throttle_write_iops_device, + blkio->throttle_write_iops_device_len, err); if (UNLIKELY (ret < 0)) return ret; } else { ret = write_blkio_v1_resources_throttling (dirfd, "blkio.throttle.read_bps_device", - (throttling_s **) blkio->throttle_read_bps_device, - blkio->throttle_read_bps_device_len, - err); + ( throttling_s ** ) blkio->throttle_read_bps_device, + blkio->throttle_read_bps_device_len, err); if (UNLIKELY (ret < 0)) return ret; ret = write_blkio_v1_resources_throttling (dirfd, "blkio.throttle.write_bps_device", - (throttling_s **) blkio->throttle_write_bps_device, - blkio->throttle_write_bps_device_len, - err); + ( throttling_s ** ) blkio->throttle_write_bps_device, + blkio->throttle_write_bps_device_len, err); if (UNLIKELY (ret < 0)) return ret; ret = write_blkio_v1_resources_throttling (dirfd, "blkio.throttle.read_iops_device", - (throttling_s **) blkio->throttle_read_iops_device, - blkio->throttle_read_iops_device_len, - err); + ( throttling_s ** ) blkio->throttle_read_iops_device, + blkio->throttle_read_iops_device_len, err); if (UNLIKELY (ret < 0)) return ret; ret = write_blkio_v1_resources_throttling (dirfd, "blkio.throttle.write_iops_device", - (throttling_s **) blkio->throttle_write_iops_device, - blkio->throttle_write_iops_device_len, - err); + ( throttling_s ** ) blkio->throttle_write_iops_device, + blkio->throttle_write_iops_device_len, err); if (UNLIKELY (ret < 0)) return ret; } @@ -2094,7 +2043,8 @@ write_blkio_resources (int dirfd, bool cgroup2, runtime_spec_schema_config_linux } static int -write_network_resources (int dirfd_netclass, int dirfd_netprio, runtime_spec_schema_config_linux_resources_network *net, libcrun_error_t *err) +write_network_resources (int dirfd_netclass, int dirfd_netprio, runtime_spec_schema_config_linux_resources_network *net, + libcrun_error_t *err) { char fmt_buf[128]; size_t len; @@ -2121,14 +2071,15 @@ write_network_resources (int dirfd_netclass, int dirfd_netprio, runtime_spec_sch if (UNLIKELY (ret < 0)) return crun_make_error (err, errno, "write net_prio.ifpriomap"); } - } return 0; } static int -write_hugetlb_resources (int dirfd, bool cgroup2, runtime_spec_schema_config_linux_resources_hugepage_limits_element **htlb, size_t htlb_len, libcrun_error_t *err) +write_hugetlb_resources (int dirfd, bool cgroup2, + runtime_spec_schema_config_linux_resources_hugepage_limits_element **htlb, size_t htlb_len, + libcrun_error_t *err) { char fmt_buf[128]; size_t i; @@ -2151,28 +2102,15 @@ write_hugetlb_resources (int dirfd, bool cgroup2, runtime_spec_schema_config_lin return 0; } - static int -write_devices_resources_v1 (int dirfd, runtime_spec_schema_defs_linux_device_cgroup **devs, size_t devs_len, libcrun_error_t *err) +write_devices_resources_v1 (int dirfd, runtime_spec_schema_defs_linux_device_cgroup **devs, size_t devs_len, + libcrun_error_t *err) { size_t i, len; int ret; - char *default_devices[] = - { - "c *:* m", - "b *:* m", - "c 1:3 rwm", - "c 1:8 rwm", - "c 1:7 rwm", - "c 5:0 rwm", - "c 1:5 rwm", - "c 1:9 rwm", - "c 5:1 rwm", - "c 136:* rwm", - "c 5:2 rwm", - "c 10:200 rwm", - NULL - }; + char *default_devices[] + = { "c *:* m", "b *:* m", "c 1:3 rwm", "c 1:8 rwm", "c 1:7 rwm", "c 5:0 rwm", "c 1:5 rwm", + "c 1:9 rwm", "c 5:1 rwm", "c 136:* rwm", "c 5:2 rwm", "c 10:200 rwm", NULL }; for (i = 0; i < devs_len; i++) { @@ -2191,17 +2129,21 @@ write_devices_resources_v1 (int dirfd, runtime_spec_schema_defs_linux_device_cgr char fmt_buf_major[16]; char fmt_buf_minor[16]; -#define FMT_DEV(x, b) do { \ - if (x ## _present) \ - sprintf (b, "%lu", x); \ - else \ - strcpy (b, "*"); \ - } while(0) \ +#define FMT_DEV(x, b) \ + do \ + { \ + if (x##_present) \ + sprintf (b, "%lu", x); \ + else \ + strcpy (b, "*"); \ + } \ + while (0) FMT_DEV (devs[i]->major, fmt_buf_major); FMT_DEV (devs[i]->minor, fmt_buf_minor); - len = snprintf (fmt_buf, FMT_BUF_LEN - 1, "%s %s:%s %s", devs[i]->type, fmt_buf_major, fmt_buf_minor, devs[i]->access); + len = snprintf (fmt_buf, FMT_BUF_LEN - 1, "%s %s:%s %s", devs[i]->type, fmt_buf_major, fmt_buf_minor, + devs[i]->access); /* Make sure it is still a NUL terminated string. */ fmt_buf[len] = '\0'; } @@ -2221,30 +2163,22 @@ write_devices_resources_v1 (int dirfd, runtime_spec_schema_defs_linux_device_cgr } static int -write_devices_resources_v2_internal (int dirfd, runtime_spec_schema_defs_linux_device_cgroup **devs, size_t devs_len, libcrun_error_t *err) +write_devices_resources_v2_internal (int dirfd, runtime_spec_schema_defs_linux_device_cgroup **devs, size_t devs_len, + libcrun_error_t *err) { int i, ret; cleanup_free struct bpf_program *program = NULL; - struct default_dev_s { + struct default_dev_s + { char type; int major; int minor; const char *access; }; - struct default_dev_s default_devices[] = - { - {'c', -1, -1, "m"}, - {'b', -1, -1, "m"}, - {'c', 1, 3, "rwm"}, - {'c', 1, 8, "rwm"}, - {'c', 1, 7, "rwm"}, - {'c', 5, 0, "rwm"}, - {'c', 1, 5, "rwm"}, - {'c', 1, 9, "rwm"}, - {'c', 5, 1, "rwm"}, - {'c', 136, -1, "rwm"}, - {'c', 5, 2, "rwm"}, - {'c', 10, 200, "rwm"}, + struct default_dev_s default_devices[] = { + { 'c', -1, -1, "m" }, { 'b', -1, -1, "m" }, { 'c', 1, 3, "rwm" }, { 'c', 1, 8, "rwm" }, + { 'c', 1, 7, "rwm" }, { 'c', 5, 0, "rwm" }, { 'c', 1, 5, "rwm" }, { 'c', 1, 9, "rwm" }, + { 'c', 5, 1, "rwm" }, { 'c', 136, -1, "rwm" }, { 'c', 5, 2, "rwm" }, { 'c', 10, 200, "rwm" }, }; program = bpf_program_new (2048); @@ -2253,7 +2187,7 @@ write_devices_resources_v2_internal (int dirfd, runtime_spec_schema_defs_linux_d if (UNLIKELY (program == NULL)) return -1; - for (i = (sizeof (default_devices) / sizeof (default_devices[0])) - 1; i >= 0 ; i--) + for (i = (sizeof (default_devices) / sizeof (default_devices[0])) - 1; i >= 0; i--) { program = bpf_program_append_dev (program, default_devices[i].access, default_devices[i].type, default_devices[i].major, default_devices[i].minor, true, err); @@ -2289,7 +2223,8 @@ write_devices_resources_v2_internal (int dirfd, runtime_spec_schema_defs_linux_d } static int -write_devices_resources_v2 (int dirfd, runtime_spec_schema_defs_linux_device_cgroup **devs, size_t devs_len, libcrun_error_t *err) +write_devices_resources_v2 (int dirfd, runtime_spec_schema_defs_linux_device_cgroup **devs, size_t devs_len, + libcrun_error_t *err) { int ret; size_t i; @@ -2302,7 +2237,7 @@ write_devices_resources_v2 (int dirfd, runtime_spec_schema_defs_linux_device_cgr /* If writing the resources ebpf failed, check if it is fine to ignore the error. */ for (i = 0; i < devs_len; i++) { - if (devs[i]->allow_present && !devs[i]->allow) + if (devs[i]->allow_present && ! devs[i]->allow) { can_skip = false; break; @@ -2334,9 +2269,9 @@ write_devices_resources_v2 (int dirfd, runtime_spec_schema_defs_linux_device_cgr return ret; } - static int -write_devices_resources (int dirfd, bool cgroup2, runtime_spec_schema_defs_linux_device_cgroup **devs, size_t devs_len, libcrun_error_t *err) +write_devices_resources (int dirfd, bool cgroup2, runtime_spec_schema_defs_linux_device_cgroup **devs, size_t devs_len, + libcrun_error_t *err) { if (cgroup2) return write_devices_resources_v2 (dirfd, devs, devs_len, err); @@ -2348,10 +2283,10 @@ write_devices_resources (int dirfd, bool cgroup2, runtime_spec_schema_defs_linux static int cg_itoa (char *buf, int64_t value, bool cgroup2) { - if (!(cgroup2 && value == -1)) + if (! (cgroup2 && value == -1)) return sprintf (buf, "%lu", value); - memcpy(buf, "max", 4); + memcpy (buf, "max", 4); return 3; } @@ -2370,7 +2305,8 @@ write_memory (int dirfd, bool cgroup2, runtime_spec_schema_config_linux_resource } static int -write_memory_swap (int dirfd, bool cgroup2, runtime_spec_schema_config_linux_resources_memory *memory, libcrun_error_t *err) +write_memory_swap (int dirfd, bool cgroup2, runtime_spec_schema_config_linux_resources_memory *memory, + libcrun_error_t *err) { int64_t swap; char swap_buf[32]; @@ -2382,7 +2318,7 @@ write_memory_swap (int dirfd, bool cgroup2, runtime_spec_schema_config_linux_res swap = memory->swap; if (cgroup2 && memory->swap != -1) { - if (!memory->limit_present) + if (! memory->limit_present) return crun_make_error (err, 0, "cannot set swap limit without the memory limit"); if (memory->swap < memory->limit) return crun_make_error (err, 0, "cannot set memory+swap limit less than the memory limit"); @@ -2392,11 +2328,13 @@ write_memory_swap (int dirfd, bool cgroup2, runtime_spec_schema_config_linux_res swap_buf_len = cg_itoa (swap_buf, swap, cgroup2); - return write_file_at (dirfd, cgroup2 ? "memory.swap.max" : "memory.memsw.limit_in_bytes", swap_buf, swap_buf_len, err); + return write_file_at (dirfd, cgroup2 ? "memory.swap.max" : "memory.memsw.limit_in_bytes", swap_buf, swap_buf_len, + err); } static int -write_memory_resources (int dirfd, bool cgroup2, runtime_spec_schema_config_linux_resources_memory *memory, libcrun_error_t *err) +write_memory_resources (int dirfd, bool cgroup2, runtime_spec_schema_config_linux_resources_memory *memory, + libcrun_error_t *err) { size_t len; int ret; @@ -2427,7 +2365,7 @@ write_memory_resources (int dirfd, bool cgroup2, runtime_spec_schema_config_linu if (UNLIKELY (ret < 0)) return ret; - if (memory->limit_present && !memory_limits_written) + if (memory->limit_present && ! memory_limits_written) { ret = write_memory (dirfd, cgroup2, memory, err); if (UNLIKELY (ret < 0)) @@ -2486,7 +2424,8 @@ write_memory_resources (int dirfd, bool cgroup2, runtime_spec_schema_config_linu } static int -write_pids_resources (int dirfd, bool cgroup2, runtime_spec_schema_config_linux_resources_pids *pids, libcrun_error_t *err) +write_pids_resources (int dirfd, bool cgroup2, runtime_spec_schema_config_linux_resources_pids *pids, + libcrun_error_t *err) { if (pids->limit) { @@ -2504,7 +2443,8 @@ write_pids_resources (int dirfd, bool cgroup2, runtime_spec_schema_config_linux_ } static int -write_cpu_resources (int dirfd_cpu, bool cgroup2, runtime_spec_schema_config_linux_resources_cpu *cpu, libcrun_error_t *err) +write_cpu_resources (int dirfd_cpu, bool cgroup2, runtime_spec_schema_config_linux_resources_cpu *cpu, + libcrun_error_t *err) { size_t len; int ret; @@ -2512,8 +2452,8 @@ write_cpu_resources (int dirfd_cpu, bool cgroup2, runtime_spec_schema_config_lin int64_t period = -1; int64_t quota = -1; - /* convert linearly from 2-262144 to 1-10000. */ -#define CONVERT_SHARES_TO_CGROUPS_V2(x) (1 + (((x) - 2) * 9999) / 262142) + /* convert linearly from 2-262144 to 1-10000. */ +#define CONVERT_SHARES_TO_CGROUPS_V2(x) (1 + ((( x ) -2) * 9999) / 262142) if (cpu->shares) { @@ -2587,7 +2527,8 @@ write_cpu_resources (int dirfd_cpu, bool cgroup2, runtime_spec_schema_config_lin } static int -write_cpuset_resources (int dirfd_cpuset, int cgroup2 arg_unused, runtime_spec_schema_config_linux_resources_cpu *cpu, libcrun_error_t *err) +write_cpuset_resources (int dirfd_cpuset, int cgroup2 arg_unused, runtime_spec_schema_config_linux_resources_cpu *cpu, + libcrun_error_t *err) { int ret; @@ -2661,9 +2602,7 @@ update_cgroup_v1_resources (runtime_spec_schema_config_linux_resources *resource if (UNLIKELY (dirfd_htlb < 0)) return crun_make_error (err, errno, "open %s", path_to_htlb); - ret = write_hugetlb_resources (dirfd_htlb, false, - resources->hugepage_limits, - resources->hugepage_limits_len, + ret = write_hugetlb_resources (dirfd_htlb, false, resources->hugepage_limits, resources->hugepage_limits_len, err); if (UNLIKELY (ret < 0)) return ret; @@ -2679,10 +2618,7 @@ update_cgroup_v1_resources (runtime_spec_schema_config_linux_resources *resource if (UNLIKELY (dirfd_devs < 0)) return crun_make_error (err, errno, "open %s", path_to_devs); - ret = write_devices_resources (dirfd_devs, false, - resources->devices, - resources->devices_len, - err); + ret = write_devices_resources (dirfd_devs, false, resources->devices, resources->devices_len, err); if (UNLIKELY (ret < 0)) return ret; } @@ -2697,9 +2633,7 @@ update_cgroup_v1_resources (runtime_spec_schema_config_linux_resources *resource if (UNLIKELY (dirfd_mem < 0)) return crun_make_error (err, errno, "open %s", path_to_mem); - ret = write_memory_resources (dirfd_mem, false, - resources->memory, - err); + ret = write_memory_resources (dirfd_mem, false, resources->memory, err); if (UNLIKELY (ret < 0)) return ret; } @@ -2714,9 +2648,7 @@ update_cgroup_v1_resources (runtime_spec_schema_config_linux_resources *resource if (UNLIKELY (dirfd_pid < 0)) return crun_make_error (err, errno, "open %s", path_to_pid); - ret = write_pids_resources (dirfd_pid, false, - resources->pids, - err); + ret = write_pids_resources (dirfd_pid, false, resources->pids, err); if (UNLIKELY (ret < 0)) return ret; } @@ -2732,9 +2664,7 @@ update_cgroup_v1_resources (runtime_spec_schema_config_linux_resources *resource dirfd_cpu = open (path_to_cpu, O_DIRECTORY | O_RDONLY); if (UNLIKELY (dirfd_cpu < 0)) return crun_make_error (err, errno, "open %s", path_to_cpu); - ret = write_cpu_resources (dirfd_cpu, false, - resources->cpu, - err); + ret = write_cpu_resources (dirfd_cpu, false, resources->cpu, err); if (UNLIKELY (ret < 0)) return ret; @@ -2745,15 +2675,13 @@ update_cgroup_v1_resources (runtime_spec_schema_config_linux_resources *resource dirfd_cpuset = open (path_to_cpuset, O_DIRECTORY | O_RDONLY); if (UNLIKELY (dirfd_cpuset < 0)) return crun_make_error (err, errno, "open %s", path_to_cpuset); - ret = write_cpuset_resources (dirfd_cpuset, false, - resources->cpu, - err); + ret = write_cpuset_resources (dirfd_cpuset, false, resources->cpu, err); if (UNLIKELY (ret < 0)) return ret; } if (resources->unified && resources->unified->len > 0) - return crun_make_error (err, 0, "invalid configuration: cannot use unified on cgroup v1"); + return crun_make_error (err, 0, "invalid configuration: cannot use unified on cgroup v1"); return 0; } @@ -2795,7 +2723,8 @@ write_unified_resources (int cgroup_dirfd, runtime_spec_schema_config_linux_reso if (it == NULL) { crun_error_release (err); - return crun_make_error (err, 0, "the specified key has not the form CONTROLLER.VALUE `%s`", resources->unified->keys[i]); + return crun_make_error (err, 0, "the specified key has not the form CONTROLLER.VALUE `%s`", + resources->unified->keys[i]); } *it = '\0'; @@ -2830,7 +2759,6 @@ write_unified_resources (int cgroup_dirfd, runtime_spec_schema_config_linux_reso return 0; } - static int update_cgroup_v2_resources (runtime_spec_schema_config_linux_resources *resources, char *path, libcrun_error_t *err) { @@ -2849,41 +2777,30 @@ update_cgroup_v2_resources (runtime_spec_schema_config_linux_resources *resource if (resources->devices_len) { - ret = write_devices_resources (cgroup_dirfd, true, - resources->devices, - resources->devices_len, - err); + ret = write_devices_resources (cgroup_dirfd, true, resources->devices, resources->devices_len, err); if (UNLIKELY (ret < 0)) return ret; } if (resources->memory) { - ret = write_memory_resources (cgroup_dirfd, true, - resources->memory, - err); + ret = write_memory_resources (cgroup_dirfd, true, resources->memory, err); if (UNLIKELY (ret < 0)) return ret; } if (resources->pids) { - ret = write_pids_resources (cgroup_dirfd, true, - resources->pids, - err); + ret = write_pids_resources (cgroup_dirfd, true, resources->pids, err); if (UNLIKELY (ret < 0)) return ret; } if (resources->cpu) { - ret = write_cpu_resources (cgroup_dirfd, true, - resources->cpu, - err); + ret = write_cpu_resources (cgroup_dirfd, true, resources->cpu, err); if (UNLIKELY (ret < 0)) return ret; - ret = write_cpuset_resources (cgroup_dirfd, true, - resources->cpu, - err); + ret = write_cpuset_resources (cgroup_dirfd, true, resources->cpu, err); if (UNLIKELY (ret < 0)) return ret; } @@ -2896,9 +2813,7 @@ update_cgroup_v2_resources (runtime_spec_schema_config_linux_resources *resource if (resources->hugepage_limits_len) { - ret = write_hugetlb_resources (cgroup_dirfd, true, - resources->hugepage_limits, - resources->hugepage_limits_len, + ret = write_hugetlb_resources (cgroup_dirfd, true, resources->hugepage_limits, resources->hugepage_limits_len, err); if (UNLIKELY (ret < 0)) return ret; @@ -2916,18 +2831,15 @@ update_cgroup_v2_resources (runtime_spec_schema_config_linux_resources *resource } int -libcrun_update_cgroup_resources (int cgroup_mode, runtime_spec_schema_config_linux_resources *resources, char *path, libcrun_error_t *err) +libcrun_update_cgroup_resources (int cgroup_mode, runtime_spec_schema_config_linux_resources *resources, char *path, + libcrun_error_t *err) { if (path == NULL) { size_t i; - if (resources->block_io - || resources->network - || resources->hugepage_limits_len - || resources->memory - || resources->pids - || resources->cpu) + if (resources->block_io || resources->network || resources->hugepage_limits_len || resources->memory + || resources->pids || resources->cpu) return crun_make_error (err, 0, "cannot set limits without cgroups"); for (i = 0; i < resources->devices_len; i++) diff --git a/src/libcrun/cgroup.h b/src/libcrun/cgroup.h index 1f3e856147..9694c702a2 100644 --- a/src/libcrun/cgroup.h +++ b/src/libcrun/cgroup.h @@ -16,24 +16,24 @@ * along with crun. If not, see . */ #ifndef CGROUP_H -# define CGROUP_H +#define CGROUP_H -# include "container.h" -# include +#include "container.h" +#include enum - { - CGROUP_MODE_UNIFIED = 1, - CGROUP_MODE_LEGACY, - CGROUP_MODE_HYBRID - }; +{ + CGROUP_MODE_UNIFIED = 1, + CGROUP_MODE_LEGACY, + CGROUP_MODE_HYBRID +}; enum - { - CGROUP_MANAGER_CGROUPFS = 1, - CGROUP_MANAGER_SYSTEMD, - CGROUP_MANAGER_DISABLED - }; +{ + CGROUP_MANAGER_CGROUPFS = 1, + CGROUP_MANAGER_SYSTEMD, + CGROUP_MANAGER_DISABLED +}; struct libcrun_cgroup_args { @@ -54,18 +54,21 @@ struct libcrun_cgroup_args LIBCRUN_PUBLIC int libcrun_get_cgroup_mode (libcrun_error_t *err); LIBCRUN_PUBLIC int libcrun_cgroup_killall_signal (const char *path, int signal, libcrun_error_t *err); LIBCRUN_PUBLIC int libcrun_cgroup_killall (const char *path, libcrun_error_t *err); -LIBCRUN_PUBLIC int libcrun_cgroup_destroy (const char *id, const char *path, const char *scope, int manager, libcrun_error_t *err); +LIBCRUN_PUBLIC int libcrun_cgroup_destroy (const char *id, const char *path, const char *scope, int manager, + libcrun_error_t *err); LIBCRUN_PUBLIC int libcrun_move_process_to_cgroup (pid_t pid, pid_t init_pid, char *path, libcrun_error_t *err); -LIBCRUN_PUBLIC int libcrun_update_cgroup_resources (int cgroup_mode, runtime_spec_schema_config_linux_resources *resources, - char *path, libcrun_error_t *err); -LIBCRUN_PUBLIC int libcrun_cgroup_is_container_paused (const char *cgroup_path, int cgroup_mode, bool *paused, libcrun_error_t *err); +LIBCRUN_PUBLIC int libcrun_update_cgroup_resources (int cgroup_mode, + runtime_spec_schema_config_linux_resources *resources, char *path, + libcrun_error_t *err); +LIBCRUN_PUBLIC int libcrun_cgroup_is_container_paused (const char *cgroup_path, int cgroup_mode, bool *paused, + libcrun_error_t *err); LIBCRUN_PUBLIC int libcrun_cgroup_pause_unpause (const char *path, const bool pause, libcrun_error_t *err); LIBCRUN_PUBLIC int libcrun_cgroup_read_pids (const char *path, bool recurse, pid_t **pids, libcrun_error_t *err); int libcrun_cgroup_enter (struct libcrun_cgroup_args *args, libcrun_error_t *err); int libcrun_cgroups_create_symlinks (int dirfd, libcrun_error_t *err); -typedef const char * cgroups_subsystem_t; +typedef const char *cgroups_subsystem_t; const cgroups_subsystem_t *libcrun_get_cgroups_subsystems (); diff --git a/src/libcrun/container.c b/src/libcrun/container.c index 88ba100249..9c3f279adc 100644 --- a/src/libcrun/container.c +++ b/src/libcrun/container.c @@ -44,24 +44,24 @@ #include #ifdef HAVE_DLOPEN -# include +# include #endif #ifdef HAVE_SYSTEMD -# include +# include #endif #include #include -#define YAJL_STR(x) ((const unsigned char *) (x)) +#define YAJL_STR(x) (( const unsigned char * ) (x)) enum - { - SYNC_SOCKET_SYNC_MESSAGE, - SYNC_SOCKET_ERROR_MESSAGE, - SYNC_SOCKET_WARNING_MESSAGE, - }; +{ + SYNC_SOCKET_SYNC_MESSAGE, + SYNC_SOCKET_ERROR_MESSAGE, + SYNC_SOCKET_WARNING_MESSAGE, +}; struct container_entrypoint_s { @@ -348,7 +348,7 @@ sync_socket_wait_sync (libcrun_context_t *context, int fd, bool flush, libcrun_e return crun_make_error (err, 0, "sync socket closed"); } - if (!flush && msg.type == SYNC_SOCKET_SYNC_MESSAGE) + if (! flush && msg.type == SYNC_SOCKET_SYNC_MESSAGE) return 0; if (msg.type == SYNC_SOCKET_WARNING_MESSAGE) @@ -366,7 +366,9 @@ static int sync_socket_send_sync (int fd, bool flush_errors, libcrun_error_t *err) { int ret; - struct sync_socket_message_s msg = {0, }; + struct sync_socket_message_s msg = { + 0, + }; msg.type = SYNC_SOCKET_SYNC_MESSAGE; if (fd < 0) @@ -429,8 +431,8 @@ libcrun_container_load_from_file (const char *path, libcrun_error_t *err) return make_container (container_def); } -static -int block_signals (libcrun_error_t *err) +static int +block_signals (libcrun_error_t *err) { int ret; sigset_t mask; @@ -441,8 +443,8 @@ int block_signals (libcrun_error_t *err) return 0; } -static -int unblock_signals (libcrun_error_t *err) +static int +unblock_signals (libcrun_error_t *err) { int i; int ret; @@ -489,22 +491,13 @@ initialize_security (runtime_spec_schema_config_schema_process *proc, libcrun_er } static int -do_hooks (runtime_spec_schema_config_schema *def, - pid_t pid, - const char *id, - bool keep_going, - const char *cwd, - const char *status, - hook **hooks, - size_t hooks_len, - int out_fd, - int err_fd, - libcrun_error_t *err) +do_hooks (runtime_spec_schema_config_schema *def, pid_t pid, const char *id, bool keep_going, const char *cwd, + const char *status, hook **hooks, size_t hooks_len, int out_fd, int err_fd, libcrun_error_t *err) { size_t i, stdin_len; int ret; cleanup_free char *stdin = NULL; - const unsigned char *annotations = (const unsigned char *) "{}"; + const unsigned char *annotations = ( const unsigned char * ) "{}"; cleanup_free char *cwd_allocated = NULL; const char *rootfs = def->root ? def->root->path : ""; yajl_gen gen = NULL; @@ -538,13 +531,17 @@ do_hooks (runtime_spec_schema_config_schema *def, yajl_gen_get_buf (gen, &annotations, &len); } - stdin_len = xasprintf (&stdin, "{\"ociVersion\":\"1.0\", \"id\":\"%s\", \"pid\":%i, \"root\":\"%s\", \"bundle\":\"%s\", \"status\":\"%s\", \"annotations\":%s}", id, pid, rootfs, cwd, status, annotations); + stdin_len = xasprintf (&stdin, + "{\"ociVersion\":\"1.0\", \"id\":\"%s\", \"pid\":%i, \"root\":\"%s\", \"bundle\":\"%s\", " + "\"status\":\"%s\", \"annotations\":%s}", + id, pid, rootfs, cwd, status, annotations); ret = 0; for (i = 0; i < hooks_len; i++) { - ret = run_process_with_stdin_timeout_envp (hooks[i]->path, hooks[i]->args, cwd, hooks[i]->timeout, hooks[i]->env, stdin, stdin_len, out_fd, err_fd, err); + ret = run_process_with_stdin_timeout_envp (hooks[i]->path, hooks[i]->args, cwd, hooks[i]->timeout, hooks[i]->env, + stdin, stdin_len, out_fd, err_fd, err); if (UNLIKELY (ret != 0)) { if (keep_going) @@ -566,9 +563,7 @@ do_hooks (runtime_spec_schema_config_schema *def, /* Initialize the environment where the container process runs. It is used by the container init process. */ static int -container_init_setup (void *args, char *notify_socket, - int sync_socket, const char **exec_path, - libcrun_error_t *err) +container_init_setup (void *args, char *notify_socket, int sync_socket, const char **exec_path, libcrun_error_t *err) { struct container_entrypoint_s *entrypoint_args = args; libcrun_container_t *container = entrypoint_args->container; @@ -631,11 +626,8 @@ container_init_setup (void *args, char *notify_socket, if (def->hooks && def->hooks->create_container_len) { - ret = do_hooks (def, 0, container->context->id, false, NULL, "created", - (hook **) def->hooks->create_container, - def->hooks->create_container_len, - entrypoint_args->hooks_out_fd, - entrypoint_args->hooks_err_fd, + ret = do_hooks (def, 0, container->context->id, false, NULL, "created", ( hook ** ) def->hooks->create_container, + def->hooks->create_container_len, entrypoint_args->hooks_out_fd, entrypoint_args->hooks_err_fd, err); if (UNLIKELY (ret != 0)) return ret; @@ -681,7 +673,7 @@ container_init_setup (void *args, char *notify_socket, ret = set_home_env (container->container_uid); if (UNLIKELY (ret < 0 && errno != ENOTSUP)) { - setenv("HOME", "/", 1); + setenv ("HOME", "/", 1); libcrun_warning ("cannot detect HOME environment variable, setting default"); } } @@ -747,7 +739,7 @@ container_init_setup (void *args, char *notify_socket, if (def->process->user) umask (def->process->user->umask_present ? def->process->user->umask : 0022); - if (def->process && !def->process->no_new_privileges) + if (def->process && ! def->process->no_new_privileges) { char **seccomp_flags = NULL; size_t seccomp_flags_len = 0; @@ -758,7 +750,8 @@ container_init_setup (void *args, char *notify_socket, seccomp_flags_len = def->linux->seccomp->flags_len; } - ret = libcrun_apply_seccomp (entrypoint_args->seccomp_fd, entrypoint_args->seccomp_receiver_fd, seccomp_flags, seccomp_flags_len, err); + ret = libcrun_apply_seccomp (entrypoint_args->seccomp_fd, entrypoint_args->seccomp_receiver_fd, seccomp_flags, + seccomp_flags_len, err); if (UNLIKELY (ret < 0)) return ret; @@ -781,8 +774,8 @@ container_init_setup (void *args, char *notify_socket, return 0; } -static -int open_hooks_output (libcrun_container_t *container, int *out_fd, int *err_fd, libcrun_error_t *err) +static int +open_hooks_output (libcrun_container_t *container, int *out_fd, int *err_fd, libcrun_error_t *err) { const char *annotation; @@ -809,8 +802,7 @@ int open_hooks_output (libcrun_container_t *container, int *out_fd, int *err_fd, /* Entrypoint to the container. */ static int -container_init (void *args, char *notify_socket, int sync_socket, - libcrun_error_t *err) +container_init (void *args, char *notify_socket, int sync_socket, libcrun_error_t *err) { struct container_entrypoint_s *entrypoint_args = args; int ret; @@ -884,7 +876,8 @@ container_init (void *args, char *notify_socket, int sync_socket, seccomp_flags_len = def->linux->seccomp->flags_len; } - ret = libcrun_apply_seccomp (entrypoint_args->seccomp_fd, entrypoint_args->seccomp_receiver_fd, seccomp_flags, seccomp_flags_len, err); + ret = libcrun_apply_seccomp (entrypoint_args->seccomp_fd, entrypoint_args->seccomp_receiver_fd, seccomp_flags, + seccomp_flags_len, err); if (UNLIKELY (ret < 0)) return ret; close_and_reset (&entrypoint_args->seccomp_fd); @@ -901,19 +894,16 @@ container_init (void *args, char *notify_socket, int sync_socket, { libcrun_container_t *container = entrypoint_args->container; - ret = do_hooks (def, 0, container->context->id, false, NULL, "starting", - (hook **) def->hooks->start_container, - def->hooks->start_container_len, - entrypoint_args->hooks_out_fd, - entrypoint_args->hooks_err_fd, + ret = do_hooks (def, 0, container->context->id, false, NULL, "starting", ( hook ** ) def->hooks->start_container, + def->hooks->start_container_len, entrypoint_args->hooks_out_fd, entrypoint_args->hooks_err_fd, err); if (UNLIKELY (ret != 0)) return ret; /* Seek stdout/stderr to the end. If the hooks were using the same files, the container process overwrites what was previously written. */ - (void) lseek (1, 0, SEEK_END); - (void) lseek (2, 0, SEEK_END); + ( void ) lseek (1, 0, SEEK_END); + ( void ) lseek (2, 0, SEEK_END); } execv (exec_path, def->process->args); @@ -925,7 +915,8 @@ container_init (void *args, char *notify_socket, int sync_socket, } static int -read_container_config_from_state (libcrun_container_t **container, const char *state_root, const char *id, libcrun_error_t *err) +read_container_config_from_state (libcrun_container_t **container, const char *state_root, const char *id, + libcrun_error_t *err) { cleanup_free char *dir = NULL; cleanup_free char *config_file = NULL; @@ -945,11 +936,8 @@ read_container_config_from_state (libcrun_container_t **container, const char *s } static int -run_poststop_hooks (libcrun_context_t *context, - libcrun_container_t *container, - runtime_spec_schema_config_schema *def, - libcrun_container_status_t *status, - const char *state_root, const char *id, libcrun_error_t *err) +run_poststop_hooks (libcrun_context_t *context, libcrun_container_t *container, runtime_spec_schema_config_schema *def, + libcrun_container_status_t *status, const char *state_root, const char *id, libcrun_error_t *err) { cleanup_free libcrun_container_t *container_cleanup = NULL; int ret; @@ -984,8 +972,7 @@ run_poststop_hooks (libcrun_context_t *context, if (UNLIKELY (ret < 0)) return ret; - ret = do_hooks (def, 0, id, true, status->bundle, - "stopped", (hook **) def->hooks->poststop, + ret = do_hooks (def, 0, id, true, status->bundle, "stopped", ( hook ** ) def->hooks->poststop, def->hooks->poststop_len, hooks_out_fd, hooks_err_fd, err); if (UNLIKELY (ret < 0)) crun_error_write_warning_and_release (context->output_handler_arg, &err); @@ -1005,15 +992,15 @@ has_new_pid_namespace (runtime_spec_schema_config_schema *def) for (i = 0; i < def->linux->namespaces_len; i++) { - if (strcmp (def->linux->namespaces[i]->type, "pid") == 0 - && def->linux->namespaces[i]->path == NULL) + if (strcmp (def->linux->namespaces[i]->type, "pid") == 0 && def->linux->namespaces[i]->path == NULL) return true; } return false; } static int -container_delete_internal (libcrun_context_t *context, runtime_spec_schema_config_schema *def, const char *id, bool force, bool only_cleanup, libcrun_error_t *err) +container_delete_internal (libcrun_context_t *context, runtime_spec_schema_config_schema *def, const char *id, + bool force, bool only_cleanup, libcrun_error_t *err) { int ret; cleanup_container_status libcrun_container_status_t status = {}; @@ -1044,7 +1031,7 @@ container_delete_internal (libcrun_context_t *context, runtime_spec_schema_confi return crun_make_error (err, 0, "the container `%s` is not in 'stopped' state", id); } - if (!only_cleanup && !status.detached) + if (! only_cleanup && ! status.detached) { if (force) { @@ -1098,7 +1085,8 @@ container_delete_internal (libcrun_context_t *context, runtime_spec_schema_confi } int -libcrun_container_delete (libcrun_context_t *context, runtime_spec_schema_config_schema *def, const char *id, bool force, libcrun_error_t *err) +libcrun_container_delete (libcrun_context_t *context, runtime_spec_schema_config_schema *def, const char *id, + bool force, libcrun_error_t *err) { return container_delete_internal (context, def, id, force, false, err); } @@ -1135,20 +1123,20 @@ libcrun_container_kill_all (libcrun_context_t *context, const char *id, int sign } static int -write_container_status (libcrun_container_t *container, libcrun_context_t *context, pid_t pid, - char *cgroup_path, char *scope, char *created, libcrun_error_t *err) +write_container_status (libcrun_container_t *container, libcrun_context_t *context, pid_t pid, char *cgroup_path, + char *scope, char *created, libcrun_error_t *err) { cleanup_free char *cwd = get_current_dir_name (); char *external_descriptors = libcrun_get_external_descriptors (container); - libcrun_container_status_t status = {.pid = pid, - .cgroup_path = cgroup_path, - .scope = scope, - .rootfs = container->container_def->root->path, - .bundle = cwd, - .created = created, - .systemd_cgroup = context->systemd_cgroup, - .detached = context->detach, - .external_descriptors = external_descriptors}; + libcrun_container_status_t status = { .pid = pid, + .cgroup_path = cgroup_path, + .scope = scope, + .rootfs = container->container_def->root->path, + .bundle = cwd, + .created = created, + .systemd_cgroup = context->systemd_cgroup, + .detached = context->detach, + .external_descriptors = external_descriptors }; if (cwd == NULL) OOM (); return libcrun_write_container_status (context->state_root, context->id, &status, err); @@ -1209,17 +1197,15 @@ handle_notify_socket (int notify_socketfd, libcrun_error_t *err) } return 0; #else - (void) notify_socketfd; - (void) err; + ( void ) notify_socketfd; + ( void ) err; return 1; #endif } static int -wait_for_process (pid_t pid, libcrun_context_t *context, int terminal_fd, - int notify_socket, int container_ready_fd, - int seccomp_notify_fd, const char *seccomp_notify_plugins, - libcrun_error_t *err) +wait_for_process (pid_t pid, libcrun_context_t *context, int terminal_fd, int notify_socket, int container_ready_fd, + int seccomp_notify_fd, const char *seccomp_notify_plugins, libcrun_error_t *err) { cleanup_close int epollfd = -1; cleanup_close int signalfd = -1; @@ -1408,7 +1394,7 @@ flush_fd_to_err (libcrun_context_t *context, int terminal_fd) if (context->output_handler) context->output_handler (0, buf, false, context->output_handler_arg); } - (void) fcntl (terminal_fd, F_SETFL, flags); + ( void ) fcntl (terminal_fd, F_SETFL, flags); fflush (stderr); fsync (1); fsync (2); @@ -1444,7 +1430,7 @@ open_seccomp_output (const char *id, int *fd, bool readonly, const char *state_r dir = libcrun_get_state_directory (state_root, id); if (UNLIKELY (dir == NULL)) - return crun_make_error (err, 0, "cannot get state directory"); + return crun_make_error (err, 0, "cannot get state directory"); xasprintf (&dest_path, "%s/seccomp.bpf", dir); @@ -1473,7 +1459,8 @@ open_seccomp_output (const char *id, int *fd, bool readonly, const char *state_r /* Find the uid:gid that is mapped to root inside the container user namespace. */ static void -get_root_in_the_userns_for_cgroups (runtime_spec_schema_config_schema *def, uid_t host_uid, gid_t host_gid, uid_t *uid, gid_t *gid) +get_root_in_the_userns_for_cgroups (runtime_spec_schema_config_schema *def, uid_t host_uid, gid_t host_gid, uid_t *uid, + gid_t *gid) { *uid = -1; *gid = -1; @@ -1530,7 +1517,8 @@ find_systemd_subgroup (libcrun_container_t *container, int cgroup_mode) } static int -get_seccomp_receiver_fd (libcrun_container_t *container, int *fd, int *self_receiver_fd, const char **plugins, libcrun_error_t *err) +get_seccomp_receiver_fd (libcrun_container_t *container, int *fd, int *self_receiver_fd, const char **plugins, + libcrun_error_t *err) { const char *tmp; @@ -1569,7 +1557,8 @@ get_seccomp_receiver_fd (libcrun_container_t *container, int *fd, int *self_rece } static int -libcrun_container_run_internal (libcrun_container_t *container, libcrun_context_t *context, int container_ready_fd, libcrun_error_t *err) +libcrun_container_run_internal (libcrun_container_t *container, libcrun_context_t *context, int container_ready_fd, + libcrun_error_t *err) { runtime_spec_schema_config_schema *def = container->container_def; int ret; @@ -1595,22 +1584,19 @@ libcrun_container_run_internal (libcrun_container_t *container, libcrun_context_ char created[35]; uid_t root_uid = -1; gid_t root_gid = -1; - struct container_entrypoint_s container_args = - { - .container = container, - .context = context, - .terminal_socketpair = {-1, -1}, - .console_socket_fd = -1, - .hooks_out_fd = -1, - .hooks_err_fd = -1, - .seccomp_receiver_fd = -1, - }; + struct container_entrypoint_s container_args = { + .container = container, + .context = context, + .terminal_socketpair = { -1, -1 }, + .console_socket_fd = -1, + .hooks_out_fd = -1, + .hooks_err_fd = -1, + .seccomp_receiver_fd = -1, + }; - if (def->hooks && (def->hooks->prestart_len - || def->hooks->poststart_len - || def->hooks->create_runtime_len - || def->hooks->create_container_len - || def->hooks->start_container_len)) + if (def->hooks + && (def->hooks->prestart_len || def->hooks->poststart_len || def->hooks->create_runtime_len + || def->hooks->create_container_len || def->hooks->start_container_len)) { ret = open_hooks_output (container, &hooks_out_fd, &hooks_err_fd, err); if (UNLIKELY (ret < 0)) @@ -1621,21 +1607,21 @@ libcrun_container_run_internal (libcrun_container_t *container, libcrun_context_ container->context = context; - if (!detach || context->notify_socket) + if (! detach || context->notify_socket) { ret = prctl (PR_SET_CHILD_SUBREAPER, 1, 0, 0, 0); if (UNLIKELY (ret < 0)) return crun_make_error (err, errno, "set child subreaper"); } - if (!context->no_new_keyring) + if (! context->no_new_keyring) { ret = libcrun_create_keyring (container->context->id, err); if (UNLIKELY (ret < 0)) return ret; } - if (def->process && def->process->terminal && !detach && context->console_socket == NULL) + if (def->process && def->process->terminal && ! detach && context->console_socket == NULL) { container_args.has_terminal_socket_pair = 1; ret = create_socket_pair (container_args.terminal_socketpair, err); @@ -1660,8 +1646,8 @@ libcrun_container_run_internal (libcrun_container_t *container, libcrun_context_ if (seccomp_fd >= 0) { - ret = get_seccomp_receiver_fd (container, &container_args.seccomp_receiver_fd, - &own_seccomp_receiver_fd, &seccomp_notify_plugins, err); + ret = get_seccomp_receiver_fd (container, &container_args.seccomp_receiver_fd, &own_seccomp_receiver_fd, + &seccomp_notify_plugins, err); if (UNLIKELY (ret < 0)) return ret; } @@ -1678,8 +1664,7 @@ libcrun_container_run_internal (libcrun_container_t *container, libcrun_context_ if (cgroup_mode < 0) return cgroup_mode; - pid = libcrun_run_linux_container (container, container_init, &container_args, - &sync_socket, err); + pid = libcrun_run_linux_container (container, container_init, &container_args, &sync_socket, err); if (UNLIKELY (pid < 0)) return pid; @@ -1700,25 +1685,25 @@ libcrun_container_run_internal (libcrun_container_t *container, libcrun_context_ else if (context->force_no_cgroup) cgroup_manager = CGROUP_MANAGER_DISABLED; - /* If we are root (either on the host or in a namespace), then chown the cgroup to root in the container user namespace. */ + /* If we are root (either on the host or in a namespace), then chown the cgroup to root in the container user + * namespace. */ get_root_in_the_userns_for_cgroups (def, container->host_uid, container->host_gid, &root_uid, &root_gid); { - struct libcrun_cgroup_args cg = - { - .resources = def->linux ? def->linux->resources : NULL, - .annotations = def->annotations, - .cgroup_mode = cgroup_mode, - .path = &cgroup_path, - .scope = &scope, - .cgroup_path = def->linux ? def->linux->cgroups_path : "", - .manager = cgroup_manager, - .pid = pid, - .root_uid = root_uid, - .root_gid = root_gid, - .id = context->id, - .systemd_subgroup = find_systemd_subgroup (container, cgroup_mode), - }; + struct libcrun_cgroup_args cg = { + .resources = def->linux ? def->linux->resources : NULL, + .annotations = def->annotations, + .cgroup_mode = cgroup_mode, + .path = &cgroup_path, + .scope = &scope, + .cgroup_path = def->linux ? def->linux->cgroups_path : "", + .manager = cgroup_manager, + .pid = pid, + .root_uid = root_uid, + .root_gid = root_gid, + .id = context->id, + .systemd_subgroup = find_systemd_subgroup (container, cgroup_mode), + }; ret = libcrun_cgroup_enter (&cg, err); if (UNLIKELY (ret < 0)) @@ -1726,9 +1711,7 @@ libcrun_container_run_internal (libcrun_container_t *container, libcrun_context_ if (def->linux && def->linux->resources) { - ret = libcrun_update_cgroup_resources (cgroup_mode, - def->linux->resources, - cgroup_path, err); + ret = libcrun_update_cgroup_resources (cgroup_mode, def->linux->resources, cgroup_path, err); if (UNLIKELY (ret < 0)) return cleanup_watch (context, pid, sync_socket, terminal_fd, err); } @@ -1748,16 +1731,14 @@ libcrun_container_run_internal (libcrun_container_t *container, libcrun_context_ prestart hooks. */ if (def->hooks && def->hooks->prestart_len) { - ret = do_hooks (def, pid, context->id, false, NULL, "created", - (hook **) def->hooks->prestart, + ret = do_hooks (def, pid, context->id, false, NULL, "created", ( hook ** ) def->hooks->prestart, def->hooks->prestart_len, hooks_out_fd, hooks_err_fd, err); if (UNLIKELY (ret != 0)) return cleanup_watch (context, pid, sync_socket, terminal_fd, err); } if (def->hooks && def->hooks->create_runtime_len) { - ret = do_hooks (def, pid, context->id, false, NULL, "created", - (hook **) def->hooks->create_runtime, + ret = do_hooks (def, pid, context->id, false, NULL, "created", ( hook ** ) def->hooks->create_runtime, def->hooks->create_runtime_len, hooks_out_fd, hooks_err_fd, err); if (UNLIKELY (ret != 0)) return cleanup_watch (context, pid, sync_socket, terminal_fd, err); @@ -1783,7 +1764,7 @@ libcrun_container_run_internal (libcrun_container_t *container, libcrun_context_ if (UNLIKELY (ret < 0)) return cleanup_watch (context, pid, sync_socket, terminal_fd, err); - if (def->process && def->process->terminal && !detach && context->console_socket == NULL) + if (def->process && def->process->terminal && ! detach && context->console_socket == NULL) { terminal_fd = receive_fd_from_socket (socket_pair_0, err); if (UNLIKELY (terminal_fd < 0)) @@ -1814,8 +1795,7 @@ libcrun_container_run_internal (libcrun_container_t *container, libcrun_context_ hooks will be executed as part of the start command. */ if (context->fifo_exec_wait_fd < 0 && def->hooks && def->hooks->poststart_len) { - ret = do_hooks (def, pid, context->id, true, NULL, "running", - (hook **) def->hooks->poststart, + ret = do_hooks (def, pid, context->id, true, NULL, "running", ( hook ** ) def->hooks->poststart, def->hooks->poststart_len, hooks_out_fd, hooks_err_fd, err); if (UNLIKELY (ret < 0)) return cleanup_watch (context, pid, sync_socket, terminal_fd, err); @@ -1833,8 +1813,9 @@ libcrun_container_run_internal (libcrun_container_t *container, libcrun_context_ return cleanup_watch (context, pid, sync_socket, terminal_fd, err); } - ret = wait_for_process (pid, context, terminal_fd, notify_socket, container_ready_fd, seccomp_notify_fd, seccomp_notify_plugins, err); - if (!context->detach) + ret = wait_for_process (pid, context, terminal_fd, notify_socket, container_ready_fd, seccomp_notify_fd, + seccomp_notify_plugins, err); + if (! context->detach) { libcrun_error_t tmp_err = NULL; cleanup_watch (context, 0, sync_socket, terminal_fd, &tmp_err); @@ -1844,8 +1825,8 @@ libcrun_container_run_internal (libcrun_container_t *container, libcrun_context_ return ret; } -static -int check_config_file (runtime_spec_schema_config_schema *def, libcrun_error_t *err) +static int +check_config_file (runtime_spec_schema_config_schema *def, libcrun_error_t *err) { if (UNLIKELY (def->root == NULL)) return crun_make_error (err, 0, "invalid config file, no 'root' block specified"); @@ -1856,8 +1837,8 @@ int check_config_file (runtime_spec_schema_config_schema *def, libcrun_error_t * return 0; } -static -int libcrun_copy_config_file (const char *id, const char *state_root, const char *config_file, libcrun_error_t *err) +static int +libcrun_copy_config_file (const char *id, const char *state_root, const char *config_file, libcrun_error_t *err) { int ret; cleanup_free char *dest_path = NULL; @@ -1867,7 +1848,7 @@ int libcrun_copy_config_file (const char *id, const char *state_root, const char dir = libcrun_get_state_directory (state_root, id); if (UNLIKELY (dir == NULL)) - return crun_make_error (err, 0, "cannot get state directory"); + return crun_make_error (err, 0, "cannot get state directory"); xasprintf (&dest_path, "%s/config.json", dir); @@ -1891,7 +1872,8 @@ force_delete_container_status (libcrun_context_t *context, runtime_spec_schema_c } int -libcrun_container_run (libcrun_context_t *context, libcrun_container_t *container, unsigned int options, libcrun_error_t *err) +libcrun_container_run (libcrun_context_t *context, libcrun_container_t *container, unsigned int options, + libcrun_error_t *err) { runtime_spec_schema_config_schema *def = container->container_def; int ret; @@ -1916,7 +1898,7 @@ libcrun_container_run (libcrun_context_t *context, libcrun_container_t *containe if (UNLIKELY (ret < 0)) return ret; - if (!detach && (options & LIBCRUN_RUN_OPTIONS_PREFORK) == 0) + if (! detach && (options & LIBCRUN_RUN_OPTIONS_PREFORK) == 0) { ret = libcrun_copy_config_file (context->id, context->state_root, context->config_file, err); if (UNLIKELY (ret < 0)) @@ -1988,7 +1970,8 @@ libcrun_container_run (libcrun_context_t *context, libcrun_container_t *containe } int -libcrun_container_create (libcrun_context_t *context, libcrun_container_t *container, unsigned int options, libcrun_error_t *err) +libcrun_container_create (libcrun_context_t *context, libcrun_container_t *container, unsigned int options, + libcrun_error_t *err) { runtime_spec_schema_config_schema *def = container->container_def; int ret; @@ -2103,7 +2086,7 @@ libcrun_container_start (libcrun_context_t *context, const char *id, libcrun_err if (UNLIKELY (ret < 0)) return ret; - if (!ret) + if (! ret) return crun_make_error (err, 0, "container `%s` is not running", id); ret = read_container_config_from_state (&container, state_root, id, err); @@ -2132,8 +2115,8 @@ libcrun_container_start (libcrun_context_t *context, const char *id, libcrun_err while (1) { struct timeval timeout = { - .tv_sec = 0, - .tv_usec = 10000, + .tv_sec = 0, + .tv_usec = 10000, }; FD_ZERO (&read_set); FD_SET (fd, &read_set); @@ -2154,7 +2137,7 @@ libcrun_container_start (libcrun_context_t *context, const char *id, libcrun_err ret = libcrun_is_container_running (&status, err); if (UNLIKELY (ret < 0)) return ret; - if (!ret) + if (! ret) return 0; } } @@ -2172,19 +2155,18 @@ libcrun_container_start (libcrun_context_t *context, const char *id, libcrun_err if (UNLIKELY (ret < 0)) return ret; - ret = do_hooks (def, status.pid, context->id, true, status.bundle, "running", - (hook **) def->hooks->poststart, + ret = do_hooks (def, status.pid, context->id, true, status.bundle, "running", ( hook ** ) def->hooks->poststart, def->hooks->poststart_len, hooks_out_fd, hooks_err_fd, err); if (UNLIKELY (ret < 0)) crun_error_release (err); } - return 0; } int -libcrun_get_container_state_string (const char *id, libcrun_container_status_t *status, const char *state_root, const char **container_status, int *running, libcrun_error_t *err) +libcrun_get_container_state_string (const char *id, libcrun_container_status_t *status, const char *state_root, + const char **container_status, int *running, libcrun_error_t *err) { int ret, has_fifo = 0; bool paused = false; @@ -2202,7 +2184,7 @@ libcrun_get_container_state_string (const char *id, libcrun_container_status_t * has_fifo = ret; } - if (*running && !has_fifo) + if (*running && ! has_fifo) { int cgroup_mode; @@ -2323,7 +2305,7 @@ libcrun_container_state (libcrun_context_t *context, const char *id, FILE *out, fprintf (out, "%s\n", buf); - exit: +exit: if (gen) yajl_gen_free (gen); libcrun_free_container_status (&status); @@ -2331,7 +2313,8 @@ libcrun_container_state (libcrun_context_t *context, const char *id, FILE *out, } int -libcrun_container_exec (libcrun_context_t *context, const char *id, runtime_spec_schema_config_schema_process *process, libcrun_error_t *err) +libcrun_container_exec (libcrun_context_t *context, const char *id, runtime_spec_schema_config_schema_process *process, + libcrun_error_t *err) { int ret; pid_t pid; @@ -2383,8 +2366,8 @@ libcrun_container_exec (libcrun_context_t *context, const char *id, runtime_spec if (seccomp_fd >= 0) { - ret = get_seccomp_receiver_fd (container, &seccomp_receiver_fd, &own_seccomp_receiver_fd, - &seccomp_notify_plugins, err); + ret = get_seccomp_receiver_fd (container, &seccomp_receiver_fd, &own_seccomp_receiver_fd, &seccomp_notify_plugins, + err); if (UNLIKELY (ret < 0)) return ret; } @@ -2405,17 +2388,18 @@ libcrun_container_exec (libcrun_context_t *context, const char *id, runtime_spec if (container->container_def->process) { if (process->selinux_label == NULL && container->container_def->process->selinux_label) - process->selinux_label = xstrdup (container->container_def->process->selinux_label); + process->selinux_label = xstrdup (container->container_def->process->selinux_label); if (process->apparmor_profile == NULL && container->container_def->process->apparmor_profile) - process->apparmor_profile = xstrdup (container->container_def->process->apparmor_profile); + process->apparmor_profile = xstrdup (container->container_def->process->apparmor_profile); } ret = initialize_security (process, err); if (UNLIKELY (ret < 0)) return ret; - pid = libcrun_join_process (container, status.pid, &status, context->detach, process->terminal ? &terminal_fd : NULL, err); + pid = libcrun_join_process (container, status.pid, &status, context->detach, process->terminal ? &terminal_fd : NULL, + err); if (UNLIKELY (pid < 0)) return pid; @@ -2449,7 +2433,7 @@ libcrun_container_exec (libcrun_context_t *context, const char *id, runtime_spec { for (i = 0; i < process->env_len; i++) if (putenv (process->env[i]) < 0) - libcrun_fail_with_error ( errno, "putenv `%s`", process->env[i]); + libcrun_fail_with_error (errno, "putenv `%s`", process->env[i]); } else if (container->container_def->process->env_len) { @@ -2459,7 +2443,7 @@ libcrun_container_exec (libcrun_context_t *context, const char *id, runtime_spec { e = container->container_def->process->env[i]; if (putenv (e) < 0) - libcrun_fail_with_error ( errno, "putenv `%s`", e); + libcrun_fail_with_error (errno, "putenv `%s`", e); } } @@ -2468,7 +2452,7 @@ libcrun_container_exec (libcrun_context_t *context, const char *id, runtime_spec ret = set_home_env (container->container_uid); if (UNLIKELY (ret < 0 && errno != ENOTSUP)) { - setenv("HOME", "/", 1); + setenv ("HOME", "/", 1); libcrun_warning ("cannot detect HOME environment variable, setting default"); } } @@ -2503,7 +2487,7 @@ libcrun_container_exec (libcrun_context_t *context, const char *id, runtime_spec return ret; } - if (!process->no_new_privileges) + if (! process->no_new_privileges) { ret = libcrun_apply_seccomp (seccomp_fd, seccomp_receiver_fd, seccomp_flags, seccomp_flags_len, err); if (UNLIKELY (ret < 0)) @@ -2626,7 +2610,7 @@ libcrun_container_exec_process_file (libcrun_context_t *context, const char *id, int ret; size_t len; cleanup_free char *content = NULL; - struct parser_context ctx = {0, stderr}; + struct parser_context ctx = { 0, stderr }; yajl_val tree = NULL; parser_error parser_err = NULL; runtime_spec_schema_config_schema_process *process = NULL; @@ -2657,7 +2641,8 @@ libcrun_container_exec_process_file (libcrun_context_t *context, const char *id, } int -libcrun_container_update (libcrun_context_t *context, const char *id, const char *content, size_t len, libcrun_error_t *err) +libcrun_container_update (libcrun_context_t *context, const char *id, const char *content, size_t len, + libcrun_error_t *err) { int ret; libcrun_container_status_t status = {}; @@ -2670,7 +2655,6 @@ libcrun_container_update (libcrun_context_t *context, const char *id, const char return libcrun_linux_container_update (&status, content, len, err); } - int libcrun_container_update_from_file (libcrun_context_t *context, const char *id, const char *file, libcrun_error_t *err) { @@ -2732,8 +2716,7 @@ libcrun_container_unpause (libcrun_context_t *context, const char *id, libcrun_e } int -libcrun_container_checkpoint (libcrun_context_t *context, const char *id, - libcrun_checkpoint_restore_t *cr_options, +libcrun_container_checkpoint (libcrun_context_t *context, const char *id, libcrun_checkpoint_restore_t *cr_options, libcrun_error_t *err) { int ret; @@ -2749,26 +2732,23 @@ libcrun_container_checkpoint (libcrun_context_t *context, const char *id, if (UNLIKELY (ret < 0)) return ret; if (ret == 0) - return crun_make_error (err, errno, "the container `%s` is not running", - id); + return crun_make_error (err, errno, "the container `%s` is not running", id); ret = read_container_config_from_state (&container, state_root, id, err); if (UNLIKELY (ret < 0)) return ret; - ret = libcrun_container_checkpoint_linux (&status, container, cr_options, - err); + ret = libcrun_container_checkpoint_linux (&status, container, cr_options, err); if (UNLIKELY (ret < 0)) return ret; - if (!cr_options->leave_running) + if (! cr_options->leave_running) return container_delete_internal (context, NULL, id, true, true, err); return 0; } int -libcrun_container_restore (libcrun_context_t *context, const char *id, - libcrun_checkpoint_restore_t *cr_options, +libcrun_container_restore (libcrun_context_t *context, const char *id, libcrun_checkpoint_restore_t *cr_options, libcrun_error_t *err) { cleanup_free libcrun_container_t *container = NULL; @@ -2805,7 +2785,7 @@ libcrun_container_restore (libcrun_context_t *context, const char *id, return ret; /* The CRIU restore code uses bundle and rootfs of status. */ - status.bundle = (char *)context->bundle; + status.bundle = ( char * ) context->bundle; status.rootfs = def->root->path; ret = libcrun_container_restore_linux (&status, container, cr_options, err); @@ -2828,26 +2808,23 @@ libcrun_container_restore (libcrun_context_t *context, const char *id, /* If we are root (either on the host or in a namespace), * then chown the cgroup to root in the container user namespace. */ - get_root_in_the_userns_for_cgroups (def, container->host_uid, - container->host_gid, &root_uid, - &root_gid); + get_root_in_the_userns_for_cgroups (def, container->host_uid, container->host_gid, &root_uid, &root_gid); { - struct libcrun_cgroup_args cg = - { - .resources = def->linux ? def->linux->resources : NULL, - .annotations = def->annotations, - .cgroup_mode = cgroup_mode, - .scope = &scope, - .path = &cgroup_path, - .cgroup_path = def->linux ? def->linux->cgroups_path : "", - .manager = cgroup_manager, - .pid = status.pid, - .root_uid = root_uid, - .root_gid = root_gid, - .id = context->id, - .systemd_subgroup = find_systemd_subgroup (container, cgroup_mode), - }; + struct libcrun_cgroup_args cg = { + .resources = def->linux ? def->linux->resources : NULL, + .annotations = def->annotations, + .cgroup_mode = cgroup_mode, + .scope = &scope, + .path = &cgroup_path, + .cgroup_path = def->linux ? def->linux->cgroups_path : "", + .manager = cgroup_manager, + .pid = status.pid, + .root_uid = root_uid, + .root_gid = root_gid, + .id = context->id, + .systemd_subgroup = find_systemd_subgroup (container, cgroup_mode), + }; ret = libcrun_cgroup_enter (&cg, err); if (UNLIKELY (ret < 0)) @@ -2855,9 +2832,7 @@ libcrun_container_restore (libcrun_context_t *context, const char *id, if (def->linux && def->linux->resources) { - ret = libcrun_update_cgroup_resources (cgroup_mode, - def->linux->resources, - cgroup_path, err); + ret = libcrun_update_cgroup_resources (cgroup_mode, def->linux->resources, cgroup_path, err); if (UNLIKELY (ret < 0)) return ret; } @@ -2865,9 +2840,7 @@ libcrun_container_restore (libcrun_context_t *context, const char *id, get_current_timestamp (created); context->detach = cr_options->detach; - ret = write_container_status (container, context, status.pid, - cgroup_path, scope, - created, err); + ret = write_container_status (container, context, status.pid, cgroup_path, scope, created, err); if (UNLIKELY (ret < 0)) return ret; @@ -2880,14 +2853,12 @@ libcrun_container_restore (libcrun_context_t *context, const char *id, return ret; } - if (!cr_options->detach) + if (! cr_options->detach) { int wait_status; ret = waitpid (status.pid, &wait_status, 0); if (UNLIKELY (ret < 0)) - return crun_make_error (err, errno, - "waitpid failed for container '%s' with %d", - id, ret); + return crun_make_error (err, errno, "waitpid failed for container '%s' with %d", id, ret); if (WEXITSTATUS (wait_status)) return WEXITSTATUS (wait_status); diff --git a/src/libcrun/container.h b/src/libcrun/container.h index b4e695bc58..0a272391d4 100644 --- a/src/libcrun/container.h +++ b/src/libcrun/container.h @@ -17,11 +17,11 @@ */ #ifndef CONTAINER_H -# define CONTAINER_H +#define CONTAINER_H -# include -# include -# include "error.h" +#include +#include +#include "error.h" struct libcrun_context_s { @@ -48,9 +48,9 @@ struct libcrun_context_s }; enum - { - LIBCRUN_RUN_OPTIONS_PREFORK = 1 << 0, - }; +{ + LIBCRUN_RUN_OPTIONS_PREFORK = 1 << 0, +}; struct libcrun_container_s { @@ -89,29 +89,41 @@ LIBCRUN_PUBLIC libcrun_container_t *libcrun_container_load_from_file (const char LIBCRUN_PUBLIC libcrun_container_t *libcrun_container_load_from_memory (const char *json, libcrun_error_t *err); -LIBCRUN_PUBLIC int libcrun_container_run (libcrun_context_t *context, libcrun_container_t *container, unsigned int options, libcrun_error_t *error); +LIBCRUN_PUBLIC int libcrun_container_run (libcrun_context_t *context, libcrun_container_t *container, + unsigned int options, libcrun_error_t *error); -LIBCRUN_PUBLIC int libcrun_container_delete (libcrun_context_t *context, runtime_spec_schema_config_schema *def, const char *id, bool force, libcrun_error_t *err); +LIBCRUN_PUBLIC int libcrun_container_delete (libcrun_context_t *context, runtime_spec_schema_config_schema *def, + const char *id, bool force, libcrun_error_t *err); -LIBCRUN_PUBLIC int libcrun_container_kill (libcrun_context_t *context, const char *id, int signal, libcrun_error_t *err); +LIBCRUN_PUBLIC int libcrun_container_kill (libcrun_context_t *context, const char *id, int signal, + libcrun_error_t *err); -LIBCRUN_PUBLIC int libcrun_container_kill_all (libcrun_context_t *context, const char *id, int signal, libcrun_error_t *err); +LIBCRUN_PUBLIC int libcrun_container_kill_all (libcrun_context_t *context, const char *id, int signal, + libcrun_error_t *err); -LIBCRUN_PUBLIC int libcrun_container_create (libcrun_context_t *context, libcrun_container_t *container, unsigned int options, libcrun_error_t *err); +LIBCRUN_PUBLIC int libcrun_container_create (libcrun_context_t *context, libcrun_container_t *container, + unsigned int options, libcrun_error_t *err); LIBCRUN_PUBLIC int libcrun_container_start (libcrun_context_t *context, const char *id, libcrun_error_t *err); -LIBCRUN_PUBLIC int libcrun_container_state (libcrun_context_t *context, const char *id, FILE *out, libcrun_error_t *err); +LIBCRUN_PUBLIC int libcrun_container_state (libcrun_context_t *context, const char *id, FILE *out, + libcrun_error_t *err); -LIBCRUN_PUBLIC int libcrun_get_container_state_string (const char *id, libcrun_container_status_t *status, const char *state_root, const char **container_status, int *running, libcrun_error_t *err); +LIBCRUN_PUBLIC int libcrun_get_container_state_string (const char *id, libcrun_container_status_t *status, + const char *state_root, const char **container_status, + int *running, libcrun_error_t *err); -LIBCRUN_PUBLIC int libcrun_container_exec (libcrun_context_t *context, const char *id, runtime_spec_schema_config_schema_process *process, libcrun_error_t *err); +LIBCRUN_PUBLIC int libcrun_container_exec (libcrun_context_t *context, const char *id, + runtime_spec_schema_config_schema_process *process, libcrun_error_t *err); -LIBCRUN_PUBLIC int libcrun_container_exec_process_file (libcrun_context_t *context, const char *id, const char *path, libcrun_error_t *err); +LIBCRUN_PUBLIC int libcrun_container_exec_process_file (libcrun_context_t *context, const char *id, const char *path, + libcrun_error_t *err); -LIBCRUN_PUBLIC int libcrun_container_update (libcrun_context_t *context, const char *id, const char *content, size_t len, libcrun_error_t *err); +LIBCRUN_PUBLIC int libcrun_container_update (libcrun_context_t *context, const char *id, const char *content, + size_t len, libcrun_error_t *err); -LIBCRUN_PUBLIC int libcrun_container_update_from_file (libcrun_context_t *context, const char *id, const char *file, libcrun_error_t *err); +LIBCRUN_PUBLIC int libcrun_container_update_from_file (libcrun_context_t *context, const char *id, const char *file, + libcrun_error_t *err); LIBCRUN_PUBLIC int libcrun_container_spec (bool root, FILE *out, libcrun_error_t *err); @@ -119,8 +131,10 @@ LIBCRUN_PUBLIC int libcrun_container_pause (libcrun_context_t *context, const ch LIBCRUN_PUBLIC int libcrun_container_unpause (libcrun_context_t *context, const char *id, libcrun_error_t *err); -LIBCRUN_PUBLIC int libcrun_container_checkpoint (libcrun_context_t *context, const char *id, libcrun_checkpoint_restore_t * cr_options, libcrun_error_t *err); +LIBCRUN_PUBLIC int libcrun_container_checkpoint (libcrun_context_t *context, const char *id, + libcrun_checkpoint_restore_t *cr_options, libcrun_error_t *err); -LIBCRUN_PUBLIC int libcrun_container_restore (libcrun_context_t *context, const char *id, libcrun_checkpoint_restore_t * cr_options, libcrun_error_t *err); +LIBCRUN_PUBLIC int libcrun_container_restore (libcrun_context_t *context, const char *id, + libcrun_checkpoint_restore_t *cr_options, libcrun_error_t *err); #endif diff --git a/src/libcrun/criu.c b/src/libcrun/criu.c index 59be4db3f4..115ec14de7 100644 --- a/src/libcrun/criu.c +++ b/src/libcrun/criu.c @@ -21,28 +21,26 @@ #ifdef HAVE_CRIU -#include -#include -#include -#include -#include -#include -#include - -#include "container.h" -#include "linux.h" -#include "status.h" -#include "utils.h" - -#define CRIU_CHECKPOINT_LOG_FILE "dump.log" -#define CRIU_RESTORE_LOG_FILE "restore.log" -#define DESCRIPTORS_FILENAME "descriptors.json" +# include +# include +# include +# include +# include +# include +# include + +# include "container.h" +# include "linux.h" +# include "status.h" +# include "utils.h" + +# define CRIU_CHECKPOINT_LOG_FILE "dump.log" +# define CRIU_RESTORE_LOG_FILE "restore.log" +# define DESCRIPTORS_FILENAME "descriptors.json" int -libcrun_container_checkpoint_linux_criu (libcrun_container_status_t *status, - libcrun_container_t *container, - libcrun_checkpoint_restore_t * - cr_options, libcrun_error_t *err) +libcrun_container_checkpoint_linux_criu (libcrun_container_status_t *status, libcrun_container_t *container, + libcrun_checkpoint_restore_t *cr_options, libcrun_error_t *err) { runtime_spec_schema_config_schema *def = container->container_def; cleanup_free char *descriptors_path = NULL; @@ -83,29 +81,24 @@ libcrun_container_checkpoint_linux_criu (libcrun_container_status_t *status, ret = mkdir (cr_options->image_path, 0700); if (UNLIKELY ((ret == -1) && (errno != EEXIST))) - return crun_make_error (err, errno, - "error creating checkpoint directory %s\n", - cr_options->image_path); + return crun_make_error (err, errno, "error creating checkpoint directory %s\n", cr_options->image_path); image_fd = open (cr_options->image_path, O_DIRECTORY); if (UNLIKELY (image_fd == -1)) - return crun_make_error (err, errno, "error opening checkpoint directory %s\n", - cr_options->image_path); + return crun_make_error (err, errno, "error opening checkpoint directory %s\n", cr_options->image_path); criu_set_images_dir_fd (image_fd); /* descriptors.json is needed during restore to correctly * reconnect stdin, stdout, stderr. */ - xasprintf (&descriptors_path, "%s/%s", cr_options->image_path, - DESCRIPTORS_FILENAME); + xasprintf (&descriptors_path, "%s/%s", cr_options->image_path, DESCRIPTORS_FILENAME); descriptors_fd = open (descriptors_path, O_CREAT | O_WRONLY | O_CLOEXEC, S_IRUSR | S_IWUSR); if (UNLIKELY (descriptors_fd == -1)) - return crun_make_error (err, errno, "error opening descriptors file %s\n", - descriptors_path); + return crun_make_error (err, errno, "error opening descriptors file %s\n", descriptors_path); if (status->external_descriptors) { - ret = TEMP_FAILURE_RETRY (write (descriptors_fd, status->external_descriptors, - strlen (status->external_descriptors))); + ret = TEMP_FAILURE_RETRY ( + write (descriptors_fd, status->external_descriptors, strlen (status->external_descriptors))); if (UNLIKELY (ret < 0)) return crun_make_error (err, errno, "write '%s'", DESCRIPTORS_FILENAME); } @@ -117,9 +110,7 @@ libcrun_container_checkpoint_linux_criu (libcrun_container_status_t *status, { work_fd = open (cr_options->work_path, O_DIRECTORY); if (UNLIKELY (work_fd == -1)) - return crun_make_error (err, errno, - "error opening CRIU work directory %s\n", - cr_options->work_path); + return crun_make_error (err, errno, "error opening CRIU work directory %s\n", cr_options->work_path); criu_set_work_dir_fd (work_fd); } @@ -146,11 +137,9 @@ libcrun_container_checkpoint_linux_criu (libcrun_container_status_t *status, for (j = 0; j < def->mounts[i]->options_len; j++) { - if (strcmp (def->mounts[i]->options[j], "bind") == 0 - || strcmp (def->mounts[i]->options[j], "rbind") == 0) + if (strcmp (def->mounts[i]->options[j], "bind") == 0 || strcmp (def->mounts[i]->options[j], "rbind") == 0) { - criu_add_ext_mount (def->mounts[i]->destination, - def->mounts[i]->destination); + criu_add_ext_mount (def->mounts[i]->destination, def->mounts[i]->destination); break; } } @@ -182,16 +171,14 @@ libcrun_container_checkpoint_linux_criu (libcrun_container_status_t *status, { int value = libcrun_find_namespace (def->linux->namespaces[i]->type); if (UNLIKELY (value < 0)) - return crun_make_error (err, 0, "invalid namespace type: `%s`", - def->linux->namespaces[i]->type); + return crun_make_error (err, 0, "invalid namespace type: `%s`", def->linux->namespaces[i]->type); if (value == CLONE_NEWNET && def->linux->namespaces[i]->path != NULL) { struct stat statbuf; ret = stat (def->linux->namespaces[i]->path, &statbuf); if (UNLIKELY (ret < 0)) - return crun_make_error (err, errno, "unable to stat(): `%s`", - def->linux->namespaces[i]->path); + return crun_make_error (err, errno, "unable to stat(): `%s`", def->linux->namespaces[i]->path); xasprintf (&external, "net[%ld]:extRootNetNS", statbuf.st_ino); criu_add_external (external); @@ -212,16 +199,14 @@ libcrun_container_checkpoint_linux_criu (libcrun_container_status_t *status, if (UNLIKELY (ret != 0)) return crun_make_error (err, 0, "CRIU checkpointing failed %d\n" - "Please check CRIU logfile %s/%s\n", ret, - cr_options->work_path, CRIU_CHECKPOINT_LOG_FILE); + "Please check CRIU logfile %s/%s\n", + ret, cr_options->work_path, CRIU_CHECKPOINT_LOG_FILE); return 0; } static int -prepare_restore_mounts (runtime_spec_schema_config_schema *def, - char *root, - libcrun_error_t *err) +prepare_restore_mounts (runtime_spec_schema_config_schema *def, char *root, libcrun_error_t *err) { int i; @@ -236,8 +221,7 @@ prepare_restore_mounts (runtime_spec_schema_config_schema *def, size_t j; /* cgroup restore should be handled by CRIU itself */ - if (strcmp (type, "cgroup") == 0 - || strcmp (type, "cgroup2") == 0) + if (strcmp (type, "cgroup") == 0 || strcmp (type, "cgroup2") == 0) continue; /* Check if the mountpoint is on a tmpfs. CRIU restores @@ -247,8 +231,7 @@ prepare_restore_mounts (runtime_spec_schema_config_schema *def, cleanup_free char *dest_loop = NULL; xasprintf (&dest_loop, "%s/", def->mounts[j]->destination); - if (strncmp (dest, dest_loop, strlen (dest_loop)) == 0 && - strcmp (def->mounts[j]->type, "tmpfs") == 0) + if (strncmp (dest, dest_loop, strlen (dest_loop)) == 0 && strcmp (def->mounts[j]->type, "tmpfs") == 0) { /* This is a mountpoint which is on a tmpfs.*/ on_tmpfs = true; @@ -274,16 +257,13 @@ prepare_restore_mounts (runtime_spec_schema_config_schema *def, root_fd = open (root, O_RDONLY | O_CLOEXEC); if (UNLIKELY (root_fd == -1)) - return crun_make_error (err, errno, - "error opening container root directory %s", - root); + return crun_make_error (err, errno, "error opening container root directory %s", root); if (is_dir) { int ret; - ret = crun_safe_ensure_directory_at (root_fd, root, strlen (root), - dest, 0755, err); + ret = crun_safe_ensure_directory_at (root_fd, root, strlen (root), dest, 0755, err); if (UNLIKELY (ret < 0)) return ret; } @@ -291,8 +271,7 @@ prepare_restore_mounts (runtime_spec_schema_config_schema *def, { int ret; - ret = crun_safe_ensure_file_at (root_fd, root, strlen (root), dest, - 0755, err); + ret = crun_safe_ensure_file_at (root_fd, root, strlen (root), dest, 0755, err); if (UNLIKELY (ret < 0)) return ret; } @@ -302,10 +281,8 @@ prepare_restore_mounts (runtime_spec_schema_config_schema *def, } int -libcrun_container_restore_linux_criu (libcrun_container_status_t *status, - libcrun_container_t *container, - libcrun_checkpoint_restore_t * - cr_options, libcrun_error_t *err) +libcrun_container_restore_linux_criu (libcrun_container_status_t *status, libcrun_container_t *container, + libcrun_checkpoint_restore_t *cr_options, libcrun_error_t *err) { runtime_spec_schema_config_schema *def = container->container_def; cleanup_close int inherit_fd = -1; @@ -328,8 +305,7 @@ libcrun_container_restore_linux_criu (libcrun_container_status_t *status, image_fd = open (cr_options->image_path, O_DIRECTORY); if (UNLIKELY (image_fd == -1)) - return crun_make_error (err, errno, "error opening checkpoint directory %s\n", - cr_options->image_path); + return crun_make_error (err, errno, "error opening checkpoint directory %s\n", cr_options->image_path); criu_set_images_dir_fd (image_fd); @@ -340,8 +316,7 @@ libcrun_container_restore_linux_criu (libcrun_container_status_t *status, char err_buffer[256]; yajl_val tree; - xasprintf (&descriptors_path, "%s/%s", cr_options->image_path, - DESCRIPTORS_FILENAME); + xasprintf (&descriptors_path, "%s/%s", cr_options->image_path, DESCRIPTORS_FILENAME); ret = read_all_file (descriptors_path, &buffer, NULL, err); if (UNLIKELY (ret < 0)) return ret; @@ -354,11 +329,9 @@ libcrun_container_restore_linux_criu (libcrun_container_status_t *status, * a pipe 'pipe:' we tell CRIU to reconnect that pipe * to the corresponding FD to have (especially) stdout * and stderr being correctly redirected. */ - tree = yajl_tree_parse (buffer, err_buffer, sizeof(err_buffer)); + tree = yajl_tree_parse (buffer, err_buffer, sizeof (err_buffer)); if (UNLIKELY (tree == NULL)) - return crun_make_error (err, 0, - "cannot parse descriptors file %s", - DESCRIPTORS_FILENAME); + return crun_make_error (err, 0, "cannot parse descriptors file %s", DESCRIPTORS_FILENAME); if (tree && YAJL_IS_ARRAY (tree)) { @@ -380,7 +353,6 @@ libcrun_container_restore_linux_criu (libcrun_container_status_t *status, yajl_tree_free (tree); } - /* work_dir is the place CRIU will put its logfiles. If not explicitly set, * CRIU will put the logfiles into the images_dir from above. No need for * crun to set it if the user has not selected a specific directory. */ @@ -388,9 +360,7 @@ libcrun_container_restore_linux_criu (libcrun_container_status_t *status, { work_fd = open (cr_options->work_path, O_DIRECTORY); if (UNLIKELY (work_fd == -1)) - return crun_make_error (err, errno, - "error opening CRIU work directory %s\n", - cr_options->work_path); + return crun_make_error (err, errno, "error opening CRIU work directory %s\n", cr_options->work_path); criu_set_work_dir_fd (work_fd); } @@ -407,11 +377,9 @@ libcrun_container_restore_linux_criu (libcrun_container_status_t *status, for (j = 0; j < def->mounts[i]->options_len; j++) { - if (strcmp (def->mounts[i]->options[j], "bind") == 0 - || strcmp (def->mounts[i]->options[j], "rbind") == 0) + if (strcmp (def->mounts[i]->options[j], "bind") == 0 || strcmp (def->mounts[i]->options[j], "rbind") == 0) { - criu_add_ext_mount (def->mounts[i]->destination, - def->mounts[i]->source); + criu_add_ext_mount (def->mounts[i]->destination, def->mounts[i]->source); break; } } @@ -430,14 +398,12 @@ libcrun_container_restore_linux_criu (libcrun_container_status_t *status, ret = mkdir (root, 0755); if (UNLIKELY (ret == -1)) - return crun_make_error (err, errno, - "error creating restore directory %s\n", root); + return crun_make_error (err, errno, "error creating restore directory %s\n", root); /* do realpath on root */ ret = mount (status->rootfs, root, NULL, MS_BIND | MS_REC, NULL); if (UNLIKELY (ret == -1)) { - ret = crun_make_error (err, errno, - "error mounting restore directory %s\n", root); + ret = crun_make_error (err, errno, "error mounting restore directory %s\n", root); goto out; } @@ -468,15 +434,13 @@ libcrun_container_restore_linux_criu (libcrun_container_status_t *status, { int value = libcrun_find_namespace (def->linux->namespaces[i]->type); if (UNLIKELY (value < 0)) - return crun_make_error (err, 0, "invalid namespace type: `%s`", - def->linux->namespaces[i]->type); + return crun_make_error (err, 0, "invalid namespace type: `%s`", def->linux->namespaces[i]->type); if (value == CLONE_NEWNET && def->linux->namespaces[i]->path != NULL) { inherit_fd = open (def->linux->namespaces[i]->path, O_RDONLY); if (UNLIKELY (ret < 0)) - return crun_make_error (err, errno, "unable to open(): `%s`", - def->linux->namespaces[i]->path); + return crun_make_error (err, errno, "unable to open(): `%s`", def->linux->namespaces[i]->path); criu_add_inherit_fd (inherit_fd, "extRootNetNS"); break; @@ -500,8 +464,8 @@ libcrun_container_restore_linux_criu (libcrun_container_status_t *status, { ret = crun_make_error (err, 0, "CRIU restoring failed %d\n" - "Please check CRIU logfile %s/%s\n", ret, - cr_options->work_path, CRIU_RESTORE_LOG_FILE); + "Please check CRIU logfile %s/%s\n", + ret, cr_options->work_path, CRIU_RESTORE_LOG_FILE); goto out_umount; } @@ -512,15 +476,13 @@ libcrun_container_restore_linux_criu (libcrun_container_status_t *status, out_umount: ret_out = umount (root); if (UNLIKELY (ret_out == -1)) - return crun_make_error (err, errno, - "error unmounting restore directory %s\n", root); + return crun_make_error (err, errno, "error unmounting restore directory %s\n", root); out: ret_out = rmdir (root); if (UNLIKELY (ret == -1)) return ret; if (UNLIKELY (ret_out == -1)) - return crun_make_error (err, errno, - "error removing restore directory %s\n", root); + return crun_make_error (err, errno, "error removing restore directory %s\n", root); return ret; } #endif diff --git a/src/libcrun/criu.h b/src/libcrun/criu.h index 5d7ba953d7..5453dcecd1 100644 --- a/src/libcrun/criu.h +++ b/src/libcrun/criu.h @@ -26,36 +26,28 @@ #ifdef HAVE_CRIU -int libcrun_container_checkpoint_linux_criu (libcrun_container_status_t *status, - libcrun_container_t *container, - libcrun_checkpoint_restore_t *cr_options, - libcrun_error_t *err); +int libcrun_container_checkpoint_linux_criu (libcrun_container_status_t *status, libcrun_container_t *container, + libcrun_checkpoint_restore_t *cr_options, libcrun_error_t *err); -int libcrun_container_restore_linux_criu (libcrun_container_status_t *status, - libcrun_container_t *container, - libcrun_checkpoint_restore_t *cr_options, - libcrun_error_t *err); +int libcrun_container_restore_linux_criu (libcrun_container_status_t *status, libcrun_container_t *container, + libcrun_checkpoint_restore_t *cr_options, libcrun_error_t *err); #else static inline int libcrun_container_checkpoint_linux_criu (arg_unused libcrun_container_status_t *status, arg_unused libcrun_container_t *container, - arg_unused libcrun_checkpoint_restore_t *cr_options, - libcrun_error_t *err) + arg_unused libcrun_checkpoint_restore_t *cr_options, libcrun_error_t *err) { - return crun_make_error (err, 0, - "Compiled without CRIU support. Checkpointing not available."); + return crun_make_error (err, 0, "Compiled without CRIU support. Checkpointing not available."); } static inline int libcrun_container_restore_linux_criu (arg_unused libcrun_container_status_t *status, arg_unused libcrun_container_t *container, - arg_unused libcrun_checkpoint_restore_t *cr_options, - libcrun_error_t *err) + arg_unused libcrun_checkpoint_restore_t *cr_options, libcrun_error_t *err) { - return crun_make_error (err, 0, - "Compiled without CRIU support. Restore not available."); + return crun_make_error (err, 0, "Compiled without CRIU support. Restore not available."); } #endif diff --git a/src/libcrun/ebpf.c b/src/libcrun/ebpf.c index c5d6ef3cdc..99a0c7b010 100644 --- a/src/libcrun/ebpf.c +++ b/src/libcrun/ebpf.c @@ -26,21 +26,22 @@ #include #ifdef HAVE_EBPF -# include +# include -# ifndef HAVE_BPF +# ifndef HAVE_BPF static int syscall_bpf (int cmd, union bpf_attr *attr, unsigned int size) { - return (int) syscall (__NR_bpf, cmd, attr, size); + return ( int ) syscall (__NR_bpf, cmd, attr, size); } -# define bpf syscall_bpf -# endif +# define bpf syscall_bpf +# endif #endif -enum { - HAS_WILDCARD = 1 +enum +{ + HAS_WILDCARD = 1 }; struct bpf_program @@ -53,69 +54,30 @@ struct bpf_program #ifdef HAVE_EBPF -# define BPF_ALU32_IMM(OP, DST, IMM) \ - ((struct bpf_insn) { \ - .code = BPF_ALU | BPF_OP(OP) | BPF_K, \ - .dst_reg = DST, \ - .src_reg = 0, \ - .off = 0, \ - .imm = IMM }) - -# define BPF_LDX_MEM(SIZE, DST, SRC, OFF) \ - ((struct bpf_insn) { \ - .code = BPF_LDX | BPF_SIZE(SIZE) | BPF_MEM, \ - .dst_reg = DST, \ - .src_reg = SRC, \ - .off = OFF, \ - .imm = 0 }) - -# define BPF_MOV64_REG(DST, SRC) \ - ((struct bpf_insn) { \ - .code = BPF_ALU64 | BPF_MOV | BPF_X, \ - .dst_reg = DST, \ - .src_reg = SRC, \ - .off = 0, \ - .imm = 0 }) - -# define BPF_JMP_A(OFF) \ - ((struct bpf_insn) { \ - .code = BPF_JMP | BPF_JA, \ - .dst_reg = 0, \ - .src_reg = 0, \ - .off = OFF, \ - .imm = 0 }) - -# define BPF_JMP_IMM(OP, DST, IMM, OFF) \ - ((struct bpf_insn) { \ - .code = BPF_JMP | BPF_OP(OP) | BPF_K, \ - .dst_reg = DST, \ - .src_reg = 0, \ - .off = OFF, \ - .imm = IMM }) - -# define BPF_MOV64_IMM(DST, IMM) \ - ((struct bpf_insn) { \ - .code = BPF_ALU64 | BPF_MOV | BPF_K, \ - .dst_reg = DST, \ - .src_reg = 0, \ - .off = 0, \ - .imm = IMM }) - -# define BPF_MOV32_REG(DST, SRC) \ - ((struct bpf_insn) { \ - .code = BPF_ALU | BPF_MOV | BPF_X, \ - .dst_reg = DST, \ - .src_reg = SRC, \ - .off = 0, \ - .imm = 0 }) - -# define BPF_EXIT_INSN() \ - ((struct bpf_insn) { \ - .code = BPF_JMP | BPF_EXIT, \ - .dst_reg = 0, \ - .src_reg = 0, \ - .off = 0, \ - .imm = 0 }) +# define BPF_ALU32_IMM(OP, DST, IMM) \ + ((struct bpf_insn){ .code = BPF_ALU | BPF_OP (OP) | BPF_K, .dst_reg = DST, .src_reg = 0, .off = 0, .imm = IMM }) + +# define BPF_LDX_MEM(SIZE, DST, SRC, OFF) \ + ((struct bpf_insn){ \ + .code = BPF_LDX | BPF_SIZE (SIZE) | BPF_MEM, .dst_reg = DST, .src_reg = SRC, .off = OFF, .imm = 0 }) + +# define BPF_MOV64_REG(DST, SRC) \ + ((struct bpf_insn){ .code = BPF_ALU64 | BPF_MOV | BPF_X, .dst_reg = DST, .src_reg = SRC, .off = 0, .imm = 0 }) + +# define BPF_JMP_A(OFF) \ + ((struct bpf_insn){ .code = BPF_JMP | BPF_JA, .dst_reg = 0, .src_reg = 0, .off = OFF, .imm = 0 }) + +# define BPF_JMP_IMM(OP, DST, IMM, OFF) \ + ((struct bpf_insn){ .code = BPF_JMP | BPF_OP (OP) | BPF_K, .dst_reg = DST, .src_reg = 0, .off = OFF, .imm = IMM }) + +# define BPF_MOV64_IMM(DST, IMM) \ + ((struct bpf_insn){ .code = BPF_ALU64 | BPF_MOV | BPF_K, .dst_reg = DST, .src_reg = 0, .off = 0, .imm = IMM }) + +# define BPF_MOV32_REG(DST, SRC) \ + ((struct bpf_insn){ .code = BPF_ALU | BPF_MOV | BPF_X, .dst_reg = DST, .src_reg = SRC, .off = 0, .imm = 0 }) + +# define BPF_EXIT_INSN() \ + ((struct bpf_insn){ .code = BPF_JMP | BPF_EXIT, .dst_reg = 0, .src_reg = 0, .off = 0, .imm = 0 }) #endif #ifdef HAVE_EBPF @@ -157,19 +119,19 @@ bpf_program_init_dev (struct bpf_program *program, libcrun_error_t *err arg_unus #ifdef HAVE_EBPF /* taken from systemd. */ struct bpf_insn pre_insn[] = { - /* type -> R2. */ - BPF_LDX_MEM (BPF_W, BPF_REG_2, BPF_REG_1, 0), - BPF_ALU32_IMM(BPF_AND, BPF_REG_2, 0xFFFF), + /* type -> R2. */ + BPF_LDX_MEM (BPF_W, BPF_REG_2, BPF_REG_1, 0), + BPF_ALU32_IMM (BPF_AND, BPF_REG_2, 0xFFFF), - /* access -> R3. */ - BPF_LDX_MEM (BPF_W, BPF_REG_3, BPF_REG_1, 0), - BPF_ALU32_IMM (BPF_RSH, BPF_REG_3, 16), + /* access -> R3. */ + BPF_LDX_MEM (BPF_W, BPF_REG_3, BPF_REG_1, 0), + BPF_ALU32_IMM (BPF_RSH, BPF_REG_3, 16), - /* major -> R4. */ - BPF_LDX_MEM (BPF_W, BPF_REG_4, BPF_REG_1, 4), + /* major -> R4. */ + BPF_LDX_MEM (BPF_W, BPF_REG_4, BPF_REG_1, 4), - /* minor -> R5. */ - BPF_LDX_MEM (BPF_W, BPF_REG_5, BPF_REG_1, 8), + /* minor -> R5. */ + BPF_LDX_MEM (BPF_W, BPF_REG_5, BPF_REG_1, 8), }; program = bpf_program_append (program, pre_insn, sizeof (pre_insn)); #endif @@ -177,7 +139,8 @@ bpf_program_init_dev (struct bpf_program *program, libcrun_error_t *err arg_unus } struct bpf_program * -bpf_program_append_dev (struct bpf_program *program, const char *access, char type, int major, int minor, bool accept, libcrun_error_t *err arg_unused) +bpf_program_append_dev (struct bpf_program *program, const char *access, char type, int major, int minor, bool accept, + libcrun_error_t *err arg_unused) { #ifdef HAVE_EBPF int i; @@ -189,8 +152,8 @@ bpf_program_append_dev (struct bpf_program *program, const char *access, char ty bool has_access = false; int number_instructions = 0; struct bpf_insn accept_block[] = { - BPF_MOV64_IMM (BPF_REG_0, accept ? 1 : 0), - BPF_EXIT_INSN (), + BPF_MOV64_IMM (BPF_REG_0, accept ? 1 : 0), + BPF_EXIT_INSN (), }; if (program->private & HAS_WILDCARD) @@ -235,35 +198,29 @@ bpf_program_append_dev (struct bpf_program *program, const char *access, char ty if (has_type) { - struct bpf_insn i[] = { - BPF_JMP_IMM (BPF_JNE, BPF_REG_2, bpf_type, number_instructions) - }; + struct bpf_insn i[] = { BPF_JMP_IMM (BPF_JNE, BPF_REG_2, bpf_type, number_instructions) }; number_instructions--; program = bpf_program_append (program, i, sizeof (i)); } if (has_access) { struct bpf_insn i[] = { - BPF_MOV32_REG (BPF_REG_1, BPF_REG_3), - BPF_ALU32_IMM (BPF_AND, BPF_REG_1, bpf_access), - BPF_JMP_IMM (BPF_JEQ, BPF_REG_1, 0, number_instructions - 2), + BPF_MOV32_REG (BPF_REG_1, BPF_REG_3), + BPF_ALU32_IMM (BPF_AND, BPF_REG_1, bpf_access), + BPF_JMP_IMM (BPF_JEQ, BPF_REG_1, 0, number_instructions - 2), }; number_instructions -= 3; program = bpf_program_append (program, i, sizeof (i)); } if (has_major) { - struct bpf_insn i[] = { - BPF_JMP_IMM (BPF_JNE, BPF_REG_4, major, number_instructions) - }; + struct bpf_insn i[] = { BPF_JMP_IMM (BPF_JNE, BPF_REG_4, major, number_instructions) }; number_instructions--; program = bpf_program_append (program, i, sizeof (i)); } if (has_minor) { - struct bpf_insn i[] = { - BPF_JMP_IMM (BPF_JNE, BPF_REG_5, minor, number_instructions) - }; + struct bpf_insn i[] = { BPF_JMP_IMM (BPF_JNE, BPF_REG_5, minor, number_instructions) }; number_instructions--; program = bpf_program_append (program, i, sizeof (i)); } @@ -281,8 +238,8 @@ bpf_program_complete_dev (struct bpf_program *program, libcrun_error_t *err arg_ { #ifdef HAVE_EBPF struct bpf_insn i[] = { - BPF_MOV64_IMM (BPF_REG_0, 0), - BPF_EXIT_INSN (), + BPF_MOV64_IMM (BPF_REG_0, 0), + BPF_EXIT_INSN (), }; if (program->private & HAS_WILDCARD) @@ -312,11 +269,12 @@ read_all_progs (int dirfd, uint32_t **progs_out, size_t *n_progs_out, libcrun_er attr.query.target_fd = dirfd; attr.query.attach_type = BPF_CGROUP_DEVICE; attr.query.prog_cnt = cur_size; - attr.query.prog_ids = (uint64_t) progs; + attr.query.prog_ids = ( uint64_t ) progs; ret = bpf (BPF_PROG_QUERY, &attr, sizeof (attr)); } - while (ret < 0 && errno == ENOSPC); + while (ret < 0 && errno == ENOSPC) + ; if (UNLIKELY (ret < 0)) return crun_make_error (err, errno, "bpf query"); @@ -326,8 +284,8 @@ read_all_progs (int dirfd, uint32_t **progs_out, size_t *n_progs_out, libcrun_er *n_progs_out = attr.query.prog_cnt; return 0; #else - (void) dirfd; - (void) err; + ( void ) dirfd; + ( void ) err; *progs_out = NULL; *n_progs_out = 0; @@ -386,10 +344,10 @@ ebpf_attach_program (int fd, int dirfd, libcrun_error_t *err) { #ifndef HAVE_EBPF return crun_make_error (err, 0, "eBPF not supported"); -# else -# ifdef BPF_F_REPLACE +#else +# ifdef BPF_F_REPLACE bool skip_replace = false; -# endif +# endif const int MAX_ATTEMPTS = 20; int attempt; @@ -405,9 +363,9 @@ ebpf_attach_program (int fd, int dirfd, libcrun_error_t *err) if (UNLIKELY (ret < 0)) return ret; -# ifdef BPF_F_REPLACE +# ifdef BPF_F_REPLACE /* There is just one program installed, let's attempt an atomic replace if supported. */ - if (!skip_replace && n_progs == 1) + if (! skip_replace && n_progs == 1) { memset (&attr, 0, sizeof (attr)); attr.prog_id = progs[0]; @@ -422,20 +380,20 @@ ebpf_attach_program (int fd, int dirfd, libcrun_error_t *err) return crun_make_error (err, errno, "cannot open existing eBPF program"); } } -# endif +# endif memset (&attr, 0, sizeof (attr)); attr.attach_type = BPF_CGROUP_DEVICE; attr.target_fd = dirfd; attr.attach_bpf_fd = fd; attr.attach_flags = BPF_F_ALLOW_MULTI; -# ifdef BPF_F_REPLACE +# ifdef BPF_F_REPLACE if (replacefd >= 0) { attr.attach_flags = BPF_F_ALLOW_MULTI | BPF_F_REPLACE; attr.replace_bpf_fd = replacefd; } -# endif +# endif ret = bpf (BPF_PROG_ATTACH, &attr, sizeof (attr)); if (UNLIKELY (ret < 0)) @@ -445,13 +403,13 @@ ebpf_attach_program (int fd, int dirfd, libcrun_error_t *err) /* Another update might have already updated the cgroup, try again. */ continue; } -# ifdef BPF_F_REPLACE +# ifdef BPF_F_REPLACE if (errno == EINVAL && replacefd >= 0) { skip_replace = true; continue; } -# endif +# endif return crun_make_error (err, errno, "bpf attach"); } @@ -483,7 +441,7 @@ libcrun_ebpf_load (struct bpf_program *program, int dirfd, const char *pin, libc memset (&attr, 0, sizeof (attr)); attr.prog_type = BPF_PROG_TYPE_CGROUP_DEVICE; - attr.insns = (uint64_t) program->program; + attr.insns = ( uint64_t ) program->program; attr.insn_cnt = bpf_program_instructions (program); attr.license = (uint64_t) "GPL"; @@ -496,7 +454,7 @@ libcrun_ebpf_load (struct bpf_program *program, int dirfd, const char *pin, libc log[0] = '\0'; attr.log_level = 1; - attr.log_buf = (uint64_t) log; + attr.log_buf = ( uint64_t ) log; attr.log_size = log_size; fd = bpf (BPF_PROG_LOAD, &attr, sizeof (attr)); @@ -514,7 +472,7 @@ libcrun_ebpf_load (struct bpf_program *program, int dirfd, const char *pin, libc unlink (pin); memset (&attr, 0, sizeof (attr)); - attr.pathname = (uint64_t) pin; + attr.pathname = ( uint64_t ) pin; attr.bpf_fd = fd; ret = bpf (BPF_OBJ_PIN, &attr, sizeof (attr)); if (ret < 0) diff --git a/src/libcrun/ebpf.h b/src/libcrun/ebpf.h index d8240d3d85..3f8f0a0a7c 100644 --- a/src/libcrun/ebpf.h +++ b/src/libcrun/ebpf.h @@ -16,16 +16,16 @@ * along with crun. If not, see . */ #ifndef EBPF_H -# define EBPF_H +#define EBPF_H -# include -# include -# include -# include "error.h" -# include -# include -# include -# include "container.h" +#include +#include +#include +#include "error.h" +#include +#include +#include +#include "container.h" struct bpf_program; @@ -33,10 +33,10 @@ struct bpf_program *bpf_program_new (size_t size); struct bpf_program *bpf_program_append (struct bpf_program *p, void *data, size_t size); struct bpf_program *bpf_program_init_dev (struct bpf_program *program, libcrun_error_t *err); -struct bpf_program *bpf_program_append_dev (struct bpf_program *program, const char *access, char type, int major, int minor, bool accept, libcrun_error_t *err); +struct bpf_program *bpf_program_append_dev (struct bpf_program *program, const char *access, char type, int major, + int minor, bool accept, libcrun_error_t *err); struct bpf_program *bpf_program_complete_dev (struct bpf_program *program, libcrun_error_t *err); - int libcrun_ebpf_load (struct bpf_program *program, int dirfd, const char *pin, libcrun_error_t *err); #endif diff --git a/src/libcrun/error.c b/src/libcrun/error.c index 83ff0f7449..b64bc71cf3 100644 --- a/src/libcrun/error.c +++ b/src/libcrun/error.c @@ -30,39 +30,37 @@ #include #ifdef HAVE_SYSTEMD -# include +# include #endif - -#define YAJL_STR(x) ((const unsigned char *) (x)) +#define YAJL_STR(x) (( const unsigned char * ) (x)) enum - { - LOG_FORMAT_TEXT = 0, - LOG_FORMAT_JSON, - }; +{ + LOG_FORMAT_TEXT = 0, + LOG_FORMAT_JSON, +}; static int log_format; static bool log_also_to_stderr; -#define MAKE_ERROR(FUNC_NAME) \ - int \ - FUNC_NAME (libcrun_error_t *err, int status, const char *msg, ...) \ - { \ - va_list args_list; \ - libcrun_error_t ptr; \ - va_start (args_list, msg); \ - *err = xmalloc (sizeof (struct libcrun_error_s)); \ - ptr = *err; \ - ptr->status = status; \ - if (vasprintf (&(ptr->msg), msg, args_list) < 0) \ - OOM (); \ - va_end (args_list); \ - return -status - 1; \ -} - -MAKE_ERROR(crun_make_error); -MAKE_ERROR(libcrun_make_error); +#define MAKE_ERROR(FUNC_NAME) \ + int FUNC_NAME (libcrun_error_t *err, int status, const char *msg, ...) \ + { \ + va_list args_list; \ + libcrun_error_t ptr; \ + va_start (args_list, msg); \ + *err = xmalloc (sizeof (struct libcrun_error_s)); \ + ptr = *err; \ + ptr->status = status; \ + if (vasprintf (&(ptr->msg), msg, args_list) < 0) \ + OOM (); \ + va_end (args_list); \ + return -status - 1; \ + } + +MAKE_ERROR (crun_make_error); +MAKE_ERROR (libcrun_make_error); int crun_error_wrap (libcrun_error_t *err, const char *fmt, ...) @@ -76,7 +74,7 @@ crun_error_wrap (libcrun_error_t *err, const char *fmt, ...) if (err == NULL || *err == NULL) return 0; - ret = -(*err)->status -1; + ret = -(*err)->status - 1; va_start (args_list, fmt); @@ -163,8 +161,8 @@ get_timestamp (timestamp_t *timestamp, const char *suffix) gettimeofday (&tv, NULL); gmtime_r (&tv.tv_sec, &now); - strftime ((char *) timestamp, 64, "%Y-%m-%dT%H:%M:%S", &now); - sprintf (((char *) timestamp) + 19, ".%09ldZ%.8s", tv.tv_usec, suffix); + strftime (( char * ) timestamp, 64, "%Y-%m-%dT%H:%M:%S", &now); + sprintf ((( char * ) timestamp) + 19, ".%09ldZ%.8s", tv.tv_usec, suffix); } static void * @@ -175,11 +173,11 @@ init_syslog (const char *id) } enum - { - LOG_TYPE_FILE = 1, - LOG_TYPE_SYSLOG = 2, - LOG_TYPE_JOURNALD = 3 - }; +{ + LOG_TYPE_FILE = 1, + LOG_TYPE_SYSLOG = 2, + LOG_TYPE_JOURNALD = 3 +}; static int get_log_type (const char *log, const char **data) @@ -203,8 +201,8 @@ get_log_type (const char *log, const char **data) } int -libcrun_init_logging (crun_output_handler *new_output_handler, void **new_output_handler_arg, - const char *id, const char *log, libcrun_error_t *err) +libcrun_init_logging (crun_output_handler *new_output_handler, void **new_output_handler_arg, const char *id, + const char *log, libcrun_error_t *err) { if (log == NULL) { @@ -246,7 +244,9 @@ libcrun_init_logging (crun_output_handler *new_output_handler, void **new_output void log_write_to_stream (int errno_, const char *msg, bool warning, void *arg) { - timestamp_t timestamp = {0, }; + timestamp_t timestamp = { + 0, + }; FILE *stream = arg; int tty = isatty (fileno (stream)); const char *color_begin = ""; @@ -285,14 +285,15 @@ log_write_to_syslog (int errno_, const char *msg, bool warning, void *arg arg_un void log_write_to_journald (int errno_, const char *msg, bool warning, void *arg arg_unused) { - (void) errno_; - (void) msg; - (void) warning; + ( void ) errno_; + ( void ) msg; + ( void ) warning; #ifdef HAVE_SYSTEMD if (errno_ == 0) sd_journal_send ("PRIORITY=%d", warning ? LOG_WARNING : LOG_ERR, "MESSAGE=%s", msg, "ID=%s", arg, NULL); else - sd_journal_send ("PRIORITY=%d", warning ? LOG_WARNING : LOG_ERR, "MESSAGE=%s: %s", msg, strerror (errno_), "ID=%s", arg, NULL); + sd_journal_send ("PRIORITY=%d", warning ? LOG_WARNING : LOG_ERR, "MESSAGE=%s: %s", msg, strerror (errno_), "ID=%s", + arg, NULL); #endif } @@ -328,7 +329,9 @@ make_json_error (const char *msg, int errno_, bool warning) yajl_gen gen = NULL; char *ret = NULL; size_t buf_len; - timestamp_t timestamp = {0, }; + timestamp_t timestamp = { + 0, + }; gen = yajl_gen_alloc (NULL); if (gen == NULL) @@ -359,7 +362,7 @@ make_json_error (const char *msg, int errno_, bool warning) yajl_gen_get_buf (gen, &buf, &buf_len); if (buf) - ret = strdup ((const char *) buf); + ret = strdup (( const char * ) buf); yajl_gen_free (gen); @@ -418,8 +421,7 @@ libcrun_error (int errno_, const char *msg, ...) va_end (args_list); } -void __attribute__ ((noreturn)) -libcrun_fail_with_error (int errno_, const char *msg, ...) +void __attribute__ ((noreturn)) libcrun_fail_with_error (int errno_, const char *msg, ...) { va_list args_list; va_start (args_list, msg); diff --git a/src/libcrun/error.h b/src/libcrun/error.h index 7302acb149..aa3f3aa324 100644 --- a/src/libcrun/error.h +++ b/src/libcrun/error.h @@ -16,28 +16,31 @@ * along with crun. If not, see . */ #ifndef ERROR_H -# define ERROR_H -# include -# ifdef HAVE_ERROR_H +#define ERROR_H +#include +#ifdef HAVE_ERROR_H # include -# else -# define error(status, errno, fmt, ...) do { \ - if (errno == 0) \ - fprintf (stderr, "crun: " fmt "\n", ##__VA_ARGS__); \ - else \ - { \ - fprintf (stderr, "crun: " fmt, ##__VA_ARGS__); \ - fprintf (stderr, ": %s\n", strerror (errno)); \ - } \ - if (status) \ - exit (status); \ - } while(0) -# endif -# include -# include -# include -# include -# include +#else +# define error(status, errno, fmt, ...) \ + do \ + { \ + if (errno == 0) \ + fprintf (stderr, "crun: " fmt "\n", ##__VA_ARGS__); \ + else \ + { \ + fprintf (stderr, "crun: " fmt, ##__VA_ARGS__); \ + fprintf (stderr, ": %s\n", strerror (errno)); \ + } \ + if (status) \ + exit (status); \ + } \ + while (0) +#endif +#include +#include +#include +#include +#include struct libcrun_error_s { @@ -46,12 +49,12 @@ struct libcrun_error_s }; typedef struct libcrun_error_s *libcrun_error_t; -#define OOM() \ - do \ - { \ - fprintf (stderr, "out of memory"); \ - _exit (EXIT_FAILURE); \ - } \ +#define OOM() \ + do \ + { \ + fprintf (stderr, "out of memory"); \ + _exit (EXIT_FAILURE); \ + } \ while (0) typedef void (*crun_output_handler) (int errno_, const char *msg, bool warning, void *arg); @@ -88,16 +91,16 @@ LIBCRUN_PUBLIC void libcrun_fail_with_error (int errno_, const char *msg, ...) _ LIBCRUN_PUBLIC int libcrun_set_log_format (const char *format, libcrun_error_t *err); -LIBCRUN_PUBLIC int libcrun_init_logging (crun_output_handler *output_handler, void **output_handler_arg, - const char *id, const char *log, libcrun_error_t *err); +LIBCRUN_PUBLIC int libcrun_init_logging (crun_output_handler *output_handler, void **output_handler_arg, const char *id, + const char *log, libcrun_error_t *err); LIBCRUN_PUBLIC int libcrun_error_release (libcrun_error_t *err); enum - { - LIBCRUN_VERBOSITY_ERROR, - LIBCRUN_VERBOSITY_WARNING, - }; +{ + LIBCRUN_VERBOSITY_ERROR, + LIBCRUN_VERBOSITY_WARNING, +}; LIBCRUN_PUBLIC void libcrun_set_verbosity (int verbosity); LIBCRUN_PUBLIC int libcrun_get_verbosity (); diff --git a/src/libcrun/intprops.h b/src/libcrun/intprops.h index d89b91fce6..e4877d54a9 100644 --- a/src/libcrun/intprops.h +++ b/src/libcrun/intprops.h @@ -34,16 +34,15 @@ /* True if the arithmetic type T is an integer type. bool counts as an integer. */ -#define TYPE_IS_INTEGER(t) ((t) 1.5 == 1) +#define TYPE_IS_INTEGER(t) (( t ) 1.5 == 1) /* True if the real type T is signed. */ -#define TYPE_SIGNED(t) (! ((t) 0 < (t) -1)) +#define TYPE_SIGNED(t) (! (( t ) 0 < ( t ) -1)) /* Return 1 if the real expression E, after promotion, has a signed or floating type. */ #define EXPR_SIGNED(e) (_GL_INT_NEGATE_CONVERT (e, 1) < 0) - /* Minimum and maximum values for integer types and expressions. */ /* The width in bits of the integer type or expression T. @@ -51,29 +50,19 @@ #define TYPE_WIDTH(t) (sizeof (t) * CHAR_BIT) /* The maximum and minimum values for the integer type T. */ -#define TYPE_MINIMUM(t) ((t) ~ TYPE_MAXIMUM (t)) -#define TYPE_MAXIMUM(t) \ - ((t) (! TYPE_SIGNED (t) \ - ? (t) -1 \ - : ((((t) 1 << (TYPE_WIDTH (t) - 2)) - 1) * 2 + 1))) +#define TYPE_MINIMUM(t) (( t ) ~TYPE_MAXIMUM (t)) +#define TYPE_MAXIMUM(t) ((t) (! TYPE_SIGNED (t) ? ( t ) -1 : (((( t ) 1 << (TYPE_WIDTH (t) - 2)) - 1) * 2 + 1))) /* The maximum and minimum values for the type of the expression E, after integer promotion. E should not have side effects. */ -#define _GL_INT_MINIMUM(e) \ - (EXPR_SIGNED (e) \ - ? ~ _GL_SIGNED_INT_MAXIMUM (e) \ - : _GL_INT_CONVERT (e, 0)) -#define _GL_INT_MAXIMUM(e) \ - (EXPR_SIGNED (e) \ - ? _GL_SIGNED_INT_MAXIMUM (e) \ - : _GL_INT_NEGATE_CONVERT (e, 1)) -#define _GL_SIGNED_INT_MAXIMUM(e) \ - (((_GL_INT_CONVERT (e, 1) << (TYPE_WIDTH ((e) + 0) - 2)) - 1) * 2 + 1) +#define _GL_INT_MINIMUM(e) (EXPR_SIGNED (e) ? ~_GL_SIGNED_INT_MAXIMUM (e) : _GL_INT_CONVERT (e, 0)) +#define _GL_INT_MAXIMUM(e) (EXPR_SIGNED (e) ? _GL_SIGNED_INT_MAXIMUM (e) : _GL_INT_NEGATE_CONVERT (e, 1)) +#define _GL_SIGNED_INT_MAXIMUM(e) (((_GL_INT_CONVERT (e, 1) << (TYPE_WIDTH ((e) + 0) - 2)) - 1) * 2 + 1) /* Work around OpenVMS incompatibility with C99. */ -#if !defined LLONG_MAX && defined __INT64_MAX -# define LLONG_MAX __INT64_MAX -# define LLONG_MIN __INT64_MIN +#if ! defined LLONG_MAX && defined __INT64_MAX +# define LLONG_MAX __INT64_MAX +# define LLONG_MIN __INT64_MIN #endif /* This include file assumes that signed types are two's complement without @@ -83,27 +72,25 @@ /* Does the __typeof__ keyword work? This could be done by 'configure', but for now it's easier to do it by hand. */ -#if (2 <= __GNUC__ \ - || (1210 <= __IBMC__ && defined __IBM__TYPEOF__) \ - || (0x5110 <= __SUNPRO_C && !__STDC__)) -# define _GL_HAVE___TYPEOF__ 1 +#if (2 <= __GNUC__ || (1210 <= __IBMC__ && defined __IBM__TYPEOF__) || (0x5110 <= __SUNPRO_C && ! __STDC__)) +# define _GL_HAVE___TYPEOF__ 1 #else -# define _GL_HAVE___TYPEOF__ 0 +# define _GL_HAVE___TYPEOF__ 0 #endif /* Return 1 if the integer type or expression T might be signed. Return 0 if it is definitely unsigned. This macro does not evaluate its argument, and expands to an integer constant expression. */ #if _GL_HAVE___TYPEOF__ -# define _GL_SIGNED_TYPE_OR_EXPR(t) TYPE_SIGNED (__typeof__ (t)) +# define _GL_SIGNED_TYPE_OR_EXPR(t) TYPE_SIGNED (__typeof__ (t)) #else -# define _GL_SIGNED_TYPE_OR_EXPR(t) 1 +# define _GL_SIGNED_TYPE_OR_EXPR(t) 1 #endif /* Bound on length of the string representing an unsigned integer value representable in B bits. log10 (2.0) < 146/485. The smallest value of B where this bound is not tight is 2621. */ -#define INT_BITS_STRLEN_BOUND(b) (((b) * 146 + 484) / 485) +#define INT_BITS_STRLEN_BOUND(b) ((( b ) *146 + 484) / 485) /* Bound on length of the string representing an integer type or expression T. Subtract 1 for the sign bit if T is signed, and then add 1 more for @@ -112,15 +99,13 @@ Because _GL_SIGNED_TYPE_OR_EXPR sometimes returns 0 when its argument is signed, this macro may overestimate the true bound by one byte when applied to unsigned types of size 2, 4, 16, ... bytes. */ -#define INT_STRLEN_BOUND(t) \ - (INT_BITS_STRLEN_BOUND (TYPE_WIDTH (t) - _GL_SIGNED_TYPE_OR_EXPR (t)) \ - + _GL_SIGNED_TYPE_OR_EXPR (t)) +#define INT_STRLEN_BOUND(t) \ + (INT_BITS_STRLEN_BOUND (TYPE_WIDTH (t) - _GL_SIGNED_TYPE_OR_EXPR (t)) + _GL_SIGNED_TYPE_OR_EXPR (t)) /* Bound on buffer size needed to represent an integer type or expression T, including the terminating null. */ #define INT_BUFSIZE_BOUND(t) (INT_STRLEN_BOUND (t) + 1) - /* Range overflow checks. The INT__RANGE_OVERFLOW macros return 1 if the corresponding C @@ -157,54 +142,34 @@ /* Return 1 if A + B would overflow in [MIN,MAX] arithmetic. See above for restrictions. */ -#define INT_ADD_RANGE_OVERFLOW(a, b, min, max) \ - ((b) < 0 \ - ? (a) < (min) - (b) \ - : (max) - (b) < (a)) +#define INT_ADD_RANGE_OVERFLOW(a, b, min, max) ((b) < 0 ? (a) < (min) - (b) : (max) - (b) < (a)) /* Return 1 if A - B would overflow in [MIN,MAX] arithmetic. See above for restrictions. */ -#define INT_SUBTRACT_RANGE_OVERFLOW(a, b, min, max) \ - ((b) < 0 \ - ? (max) + (b) < (a) \ - : (a) < (min) + (b)) +#define INT_SUBTRACT_RANGE_OVERFLOW(a, b, min, max) ((b) < 0 ? (max) + (b) < (a) : (a) < (min) + (b)) /* Return 1 if - A would overflow in [MIN,MAX] arithmetic. See above for restrictions. */ -#define INT_NEGATE_RANGE_OVERFLOW(a, min, max) \ - ((min) < 0 \ - ? (a) < - (max) \ - : 0 < (a)) +#define INT_NEGATE_RANGE_OVERFLOW(a, min, max) ((min) < 0 ? (a) < -(max) : 0 < (a)) /* Return 1 if A * B would overflow in [MIN,MAX] arithmetic. See above for restrictions. Avoid && and || as they tickle bugs in Sun C 5.11 2010/08/13 and other compilers; see . */ -#define INT_MULTIPLY_RANGE_OVERFLOW(a, b, min, max) \ - ((b) < 0 \ - ? ((a) < 0 \ - ? (a) < (max) / (b) \ - : (b) == -1 \ - ? 0 \ - : (min) / (b) < (a)) \ - : (b) == 0 \ - ? 0 \ - : ((a) < 0 \ - ? (a) < (min) / (b) \ - : (max) / (b) < (a))) +#define INT_MULTIPLY_RANGE_OVERFLOW(a, b, min, max) \ + ((b) < 0 ? ((a) < 0 ? (a) < (max) / (b) : (b) == -1 ? 0 : (min) / (b) < (a)) \ + : (b) == 0 ? 0 : ((a) < 0 ? (a) < (min) / (b) : (max) / (b) < (a))) /* Return 1 if A / B would overflow in [MIN,MAX] arithmetic. See above for restrictions. Do not check for division by zero. */ -#define INT_DIVIDE_RANGE_OVERFLOW(a, b, min, max) \ - ((min) < 0 && (b) == -1 && (a) < - (max)) +#define INT_DIVIDE_RANGE_OVERFLOW(a, b, min, max) ((min) < 0 && (b) == -1 && (a) < -(max)) /* Return 1 if A % B would overflow in [MIN,MAX] arithmetic. See above for restrictions. Do not check for division by zero. Mathematically, % should never overflow, but on x86-like hosts INT_MIN % -1 traps, and the C standard permits this, so treat this as an overflow too. */ -#define INT_REMAINDER_RANGE_OVERFLOW(a, b, min, max) \ - INT_DIVIDE_RANGE_OVERFLOW (a, b, min, max) +#define INT_REMAINDER_RANGE_OVERFLOW(a, b, min, max) INT_DIVIDE_RANGE_OVERFLOW (a, b, min, max) /* Return 1 if A << B would overflow in [MIN,MAX] arithmetic. See above for restrictions. Here, MIN and MAX are for A only, and B need @@ -213,16 +178,13 @@ A is negative then A << B has undefined behavior and A >> B has implementation-defined behavior, but do not check these other restrictions. */ -#define INT_LEFT_SHIFT_RANGE_OVERFLOW(a, b, min, max) \ - ((a) < 0 \ - ? (a) < (min) >> (b) \ - : (max) >> (b) < (a)) +#define INT_LEFT_SHIFT_RANGE_OVERFLOW(a, b, min, max) ((a) < 0 ? (a) < (min) >> (b) : (max) >> (b) < (a)) /* True if __builtin_add_overflow (A, B, P) works when P is non-null. */ -#if 5 <= __GNUC__ && !defined __ICC -# define _GL_HAS_BUILTIN_OVERFLOW 1 +#if 5 <= __GNUC__ && ! defined __ICC +# define _GL_HAS_BUILTIN_OVERFLOW 1 #else -# define _GL_HAS_BUILTIN_OVERFLOW 0 +# define _GL_HAS_BUILTIN_OVERFLOW 0 #endif /* True if __builtin_add_overflow_p (A, B, C) works. */ @@ -233,46 +195,33 @@ (e.g., A and B) have the same type as MIN and MAX. Instead, they assume that the result (e.g., A + B) has that type. */ #if _GL_HAS_BUILTIN_OVERFLOW_P -# define _GL_ADD_OVERFLOW(a, b, min, max) \ - __builtin_add_overflow_p (a, b, (__typeof__ ((a) + (b))) 0) -# define _GL_SUBTRACT_OVERFLOW(a, b, min, max) \ - __builtin_sub_overflow_p (a, b, (__typeof__ ((a) - (b))) 0) -# define _GL_MULTIPLY_OVERFLOW(a, b, min, max) \ - __builtin_mul_overflow_p (a, b, (__typeof__ ((a) * (b))) 0) +# define _GL_ADD_OVERFLOW(a, b, min, max) __builtin_add_overflow_p (a, b, ( __typeof__ ((a) + (b)) ) 0) +# define _GL_SUBTRACT_OVERFLOW(a, b, min, max) __builtin_sub_overflow_p (a, b, ( __typeof__ ((a) - (b)) ) 0) +# define _GL_MULTIPLY_OVERFLOW(a, b, min, max) __builtin_mul_overflow_p (a, b, ( __typeof__ ((a) * (b)) ) 0) #else -# define _GL_ADD_OVERFLOW(a, b, min, max) \ - ((min) < 0 ? INT_ADD_RANGE_OVERFLOW (a, b, min, max) \ - : (a) < 0 ? (b) <= (a) + (b) \ - : (b) < 0 ? (a) <= (a) + (b) \ - : (a) + (b) < (b)) -# define _GL_SUBTRACT_OVERFLOW(a, b, min, max) \ - ((min) < 0 ? INT_SUBTRACT_RANGE_OVERFLOW (a, b, min, max) \ - : (a) < 0 ? 1 \ - : (b) < 0 ? (a) - (b) <= (a) \ - : (a) < (b)) -# define _GL_MULTIPLY_OVERFLOW(a, b, min, max) \ - (((min) == 0 && (((a) < 0 && 0 < (b)) || ((b) < 0 && 0 < (a)))) \ - || INT_MULTIPLY_RANGE_OVERFLOW (a, b, min, max)) +# define _GL_ADD_OVERFLOW(a, b, min, max) \ + ((min) < 0 ? INT_ADD_RANGE_OVERFLOW (a, b, min, max) \ + : (a) < 0 ? (b) <= (a) + (b) : (b) < 0 ? (a) <= (a) + (b) : (a) + (b) < (b)) +# define _GL_SUBTRACT_OVERFLOW(a, b, min, max) \ + ((min) < 0 ? INT_SUBTRACT_RANGE_OVERFLOW (a, b, min, max) : (a) < 0 ? 1 : (b) < 0 ? (a) - (b) <= (a) : (a) < (b)) +# define _GL_MULTIPLY_OVERFLOW(a, b, min, max) \ + (((min) == 0 && (((a) < 0 && 0 < (b)) || ((b) < 0 && 0 < (a)))) || INT_MULTIPLY_RANGE_OVERFLOW (a, b, min, max)) #endif -#define _GL_DIVIDE_OVERFLOW(a, b, min, max) \ - ((min) < 0 ? (b) == _GL_INT_NEGATE_CONVERT (min, 1) && (a) < - (max) \ - : (a) < 0 ? (b) <= (a) + (b) - 1 \ - : (b) < 0 && (a) + (b) <= (a)) -#define _GL_REMAINDER_OVERFLOW(a, b, min, max) \ - ((min) < 0 ? (b) == _GL_INT_NEGATE_CONVERT (min, 1) && (a) < - (max) \ - : (a) < 0 ? (a) % (b) != ((max) - (b) + 1) % (b) \ - : (b) < 0 && ! _GL_UNSIGNED_NEG_MULTIPLE (a, b, max)) +#define _GL_DIVIDE_OVERFLOW(a, b, min, max) \ + ((min) < 0 ? (b) == _GL_INT_NEGATE_CONVERT (min, 1) && (a) < -(max) \ + : (a) < 0 ? (b) <= (a) + ( b ) -1 : (b) < 0 && (a) + (b) <= (a)) +#define _GL_REMAINDER_OVERFLOW(a, b, min, max) \ + ((min) < 0 ? (b) == _GL_INT_NEGATE_CONVERT (min, 1) && (a) < -(max) \ + : (a) < 0 ? (a) % (b) != ((max) - (b) + 1) % (b) : (b) < 0 && ! _GL_UNSIGNED_NEG_MULTIPLE (a, b, max)) /* Return a nonzero value if A is a mathematical multiple of B, where A is unsigned, B is negative, and MAX is the maximum value of A's type. A's type must be the same as (A % B)'s type. Normally (A % -B == 0) suffices, but things get tricky if -B would overflow. */ -#define _GL_UNSIGNED_NEG_MULTIPLE(a, b, max) \ - (((b) < -_GL_SIGNED_INT_MAXIMUM (b) \ - ? (_GL_SIGNED_INT_MAXIMUM (b) == (max) \ - ? (a) \ - : (a) % (_GL_INT_CONVERT (a, _GL_SIGNED_INT_MAXIMUM (b)) + 1)) \ - : (a) % - (b)) \ +#define _GL_UNSIGNED_NEG_MULTIPLE(a, b, max) \ + (((b) < -_GL_SIGNED_INT_MAXIMUM (b) \ + ? (_GL_SIGNED_INT_MAXIMUM (b) == (max) ? (a) : (a) % (_GL_INT_CONVERT (a, _GL_SIGNED_INT_MAXIMUM (b)) + 1)) \ + : (a) % -(b)) \ == 0) /* Check for integer overflow, and report low order bits of answer. @@ -314,43 +263,30 @@ Return 1 if the integer expressions A * B, A - B, -A, A * B, A / B, A % B, and A << B would overflow, respectively. */ -#define INT_ADD_OVERFLOW(a, b) \ - _GL_BINARY_OP_OVERFLOW (a, b, _GL_ADD_OVERFLOW) -#define INT_SUBTRACT_OVERFLOW(a, b) \ - _GL_BINARY_OP_OVERFLOW (a, b, _GL_SUBTRACT_OVERFLOW) +#define INT_ADD_OVERFLOW(a, b) _GL_BINARY_OP_OVERFLOW (a, b, _GL_ADD_OVERFLOW) +#define INT_SUBTRACT_OVERFLOW(a, b) _GL_BINARY_OP_OVERFLOW (a, b, _GL_SUBTRACT_OVERFLOW) #if _GL_HAS_BUILTIN_OVERFLOW_P -# define INT_NEGATE_OVERFLOW(a) INT_SUBTRACT_OVERFLOW (0, a) +# define INT_NEGATE_OVERFLOW(a) INT_SUBTRACT_OVERFLOW (0, a) #else -# define INT_NEGATE_OVERFLOW(a) \ - INT_NEGATE_RANGE_OVERFLOW (a, _GL_INT_MINIMUM (a), _GL_INT_MAXIMUM (a)) +# define INT_NEGATE_OVERFLOW(a) INT_NEGATE_RANGE_OVERFLOW (a, _GL_INT_MINIMUM (a), _GL_INT_MAXIMUM (a)) #endif -#define INT_MULTIPLY_OVERFLOW(a, b) \ - _GL_BINARY_OP_OVERFLOW (a, b, _GL_MULTIPLY_OVERFLOW) -#define INT_DIVIDE_OVERFLOW(a, b) \ - _GL_BINARY_OP_OVERFLOW (a, b, _GL_DIVIDE_OVERFLOW) -#define INT_REMAINDER_OVERFLOW(a, b) \ - _GL_BINARY_OP_OVERFLOW (a, b, _GL_REMAINDER_OVERFLOW) -#define INT_LEFT_SHIFT_OVERFLOW(a, b) \ - INT_LEFT_SHIFT_RANGE_OVERFLOW (a, b, \ - _GL_INT_MINIMUM (a), _GL_INT_MAXIMUM (a)) +#define INT_MULTIPLY_OVERFLOW(a, b) _GL_BINARY_OP_OVERFLOW (a, b, _GL_MULTIPLY_OVERFLOW) +#define INT_DIVIDE_OVERFLOW(a, b) _GL_BINARY_OP_OVERFLOW (a, b, _GL_DIVIDE_OVERFLOW) +#define INT_REMAINDER_OVERFLOW(a, b) _GL_BINARY_OP_OVERFLOW (a, b, _GL_REMAINDER_OVERFLOW) +#define INT_LEFT_SHIFT_OVERFLOW(a, b) INT_LEFT_SHIFT_RANGE_OVERFLOW (a, b, _GL_INT_MINIMUM (a), _GL_INT_MAXIMUM (a)) /* Return 1 if the expression A B would overflow, where OP_RESULT_OVERFLOW (A, B, MIN, MAX) does the actual test, assuming MIN and MAX are the minimum and maximum for the result type. Arguments should be free of side effects. */ -#define _GL_BINARY_OP_OVERFLOW(a, b, op_result_overflow) \ - op_result_overflow (a, b, \ - _GL_INT_MINIMUM (0 * (b) + (a)), \ - _GL_INT_MAXIMUM (0 * (b) + (a))) +#define _GL_BINARY_OP_OVERFLOW(a, b, op_result_overflow) \ + op_result_overflow (a, b, _GL_INT_MINIMUM (0 * (b) + (a)), _GL_INT_MAXIMUM (0 * (b) + (a))) /* Store the low-order bits of A + B, A - B, A * B, respectively, into *R. Return 1 if the result overflows. See above for restrictions. */ -#define INT_ADD_WRAPV(a, b, r) \ - _GL_INT_OP_WRAPV (a, b, r, +, __builtin_add_overflow, INT_ADD_OVERFLOW) -#define INT_SUBTRACT_WRAPV(a, b, r) \ - _GL_INT_OP_WRAPV (a, b, r, -, __builtin_sub_overflow, INT_SUBTRACT_OVERFLOW) -#define INT_MULTIPLY_WRAPV(a, b, r) \ - _GL_INT_OP_WRAPV (a, b, r, *, __builtin_mul_overflow, INT_MULTIPLY_OVERFLOW) +#define INT_ADD_WRAPV(a, b, r) _GL_INT_OP_WRAPV (a, b, r, +, __builtin_add_overflow, INT_ADD_OVERFLOW) +#define INT_SUBTRACT_WRAPV(a, b, r) _GL_INT_OP_WRAPV (a, b, r, -, __builtin_sub_overflow, INT_SUBTRACT_OVERFLOW) +#define INT_MULTIPLY_WRAPV(a, b, r) _GL_INT_OP_WRAPV (a, b, r, *, __builtin_mul_overflow, INT_MULTIPLY_OVERFLOW) /* Nonzero if this compiler has GCC bug 68193 or Clang bug 25390. See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68193 @@ -359,9 +295,9 @@ warnings for _Generic. This matters only for older compilers that lack __builtin_add_overflow. */ #if __GNUC__ -# define _GL__GENERIC_BOGUS 1 +# define _GL__GENERIC_BOGUS 1 #else -# define _GL__GENERIC_BOGUS 0 +# define _GL__GENERIC_BOGUS 0 #endif /* Store the low-order bits of A B into *R, where OP specifies @@ -369,66 +305,47 @@ overflow predicate. Return 1 if the result overflows. See above for restrictions. */ #if _GL_HAS_BUILTIN_OVERFLOW -# define _GL_INT_OP_WRAPV(a, b, r, op, builtin, overflow) builtin (a, b, r) -#elif 201112 <= __STDC_VERSION__ && !_GL__GENERIC_BOGUS -# define _GL_INT_OP_WRAPV(a, b, r, op, builtin, overflow) \ - (_Generic \ - (*(r), \ - signed char: \ - _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned int, \ - signed char, SCHAR_MIN, SCHAR_MAX), \ - short int: \ - _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned int, \ - short int, SHRT_MIN, SHRT_MAX), \ - int: \ - _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned int, \ - int, INT_MIN, INT_MAX), \ - long int: \ - _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long int, \ - long int, LONG_MIN, LONG_MAX), \ - long long int: \ - _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long long int, \ - long long int, LLONG_MIN, LLONG_MAX))) +# define _GL_INT_OP_WRAPV(a, b, r, op, builtin, overflow) builtin (a, b, r) +#elif 201112 <= __STDC_VERSION__ && ! _GL__GENERIC_BOGUS +# define _GL_INT_OP_WRAPV(a, b, r, op, builtin, overflow) \ + (_Generic(*(r), signed char \ + : _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned int, signed char, SCHAR_MIN, SCHAR_MAX), short int \ + : _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned int, short int, SHRT_MIN, SHRT_MAX), int \ + : _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned int, int, INT_MIN, INT_MAX), long int \ + : _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long int, long int, LONG_MIN, LONG_MAX), \ + long long int \ + : _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long long int, long long int, LLONG_MIN, LLONG_MAX))) #else -# define _GL_INT_OP_WRAPV(a, b, r, op, builtin, overflow) \ - (sizeof *(r) == sizeof (signed char) \ - ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned int, \ - signed char, SCHAR_MIN, SCHAR_MAX) \ - : sizeof *(r) == sizeof (short int) \ - ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned int, \ - short int, SHRT_MIN, SHRT_MAX) \ - : sizeof *(r) == sizeof (int) \ - ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned int, \ - int, INT_MIN, INT_MAX) \ - : _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow)) -# ifdef LLONG_MAX -# define _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow) \ - (sizeof *(r) == sizeof (long int) \ - ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long int, \ - long int, LONG_MIN, LONG_MAX) \ - : _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long long int, \ - long long int, LLONG_MIN, LLONG_MAX)) -# else -# define _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow) \ - _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long int, \ - long int, LONG_MIN, LONG_MAX) -# endif +# define _GL_INT_OP_WRAPV(a, b, r, op, builtin, overflow) \ + (sizeof *(r) == sizeof (signed char) \ + ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned int, signed char, SCHAR_MIN, SCHAR_MAX) \ + : sizeof *(r) == sizeof (short int) \ + ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned int, short int, SHRT_MIN, SHRT_MAX) \ + : sizeof *(r) == sizeof (int) \ + ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned int, int, INT_MIN, INT_MAX) \ + : _GL_INT_OP_WRAPV_LONGISH (a, b, r, op, overflow)) +# ifdef LLONG_MAX +# define _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow) \ + (sizeof *(r) == sizeof (long int) \ + ? _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long int, long int, LONG_MIN, LONG_MAX) \ + : _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long long int, long long int, LLONG_MIN, LLONG_MAX)) +# else +# define _GL_INT_OP_WRAPV_LONGISH(a, b, r, op, overflow) \ + _GL_INT_OP_CALC (a, b, r, op, overflow, unsigned long int, long int, LONG_MIN, LONG_MAX) +# endif #endif /* Store the low-order bits of A B into *R, where the operation is given by OP. Use the unsigned type UT for calculation to avoid overflow problems. *R's type is T, with extrema TMIN and TMAX. T must be a signed integer type. Return 1 if the result overflows. */ -#define _GL_INT_OP_CALC(a, b, r, op, overflow, ut, t, tmin, tmax) \ - (sizeof ((a) op (b)) < sizeof (t) \ - ? _GL_INT_OP_CALC1 ((t) (a), (t) (b), r, op, overflow, ut, t, tmin, tmax) \ - : _GL_INT_OP_CALC1 (a, b, r, op, overflow, ut, t, tmin, tmax)) -#define _GL_INT_OP_CALC1(a, b, r, op, overflow, ut, t, tmin, tmax) \ - ((overflow (a, b) \ - || (EXPR_SIGNED ((a) op (b)) && ((a) op (b)) < (tmin)) \ - || (tmax) < ((a) op (b))) \ - ? (*(r) = _GL_INT_OP_WRAPV_VIA_UNSIGNED (a, b, op, ut, t), 1) \ - : (*(r) = _GL_INT_OP_WRAPV_VIA_UNSIGNED (a, b, op, ut, t), 0)) +#define _GL_INT_OP_CALC(a, b, r, op, overflow, ut, t, tmin, tmax) \ + (sizeof (( a ) op (b)) < sizeof (t) ? _GL_INT_OP_CALC1 ((t) (a), (t) (b), r, op, overflow, ut, t, tmin, tmax) \ + : _GL_INT_OP_CALC1 (a, b, r, op, overflow, ut, t, tmin, tmax)) +#define _GL_INT_OP_CALC1(a, b, r, op, overflow, ut, t, tmin, tmax) \ + ((overflow (a, b) || (EXPR_SIGNED (( a ) op (b)) && (( a ) op (b)) < (tmin)) || (tmax) < (( a ) op (b))) \ + ? (*(r) = _GL_INT_OP_WRAPV_VIA_UNSIGNED (a, b, op, ut, t), 1) \ + : (*(r) = _GL_INT_OP_WRAPV_VIA_UNSIGNED (a, b, op, ut, t), 0)) /* Return the low-order bits of A B, where the operation is given by OP. Use the unsigned type UT for calculation to avoid undefined @@ -447,7 +364,6 @@ As the compiler bug is real, don't try to work around the theoretical problem. */ -#define _GL_INT_OP_WRAPV_VIA_UNSIGNED(a, b, op, ut, t) \ - ((t) ((ut) (a) op (ut) (b))) +#define _GL_INT_OP_WRAPV_VIA_UNSIGNED(a, b, op, ut, t) ((t) ((ut) ( a ) op (ut) (b))) #endif /* _GL_INTPROPS_H */ diff --git a/src/libcrun/linux.c b/src/libcrun/linux.c index ac1d1d8f7c..ee426a95ea 100644 --- a/src/libcrun/linux.c +++ b/src/libcrun/linux.c @@ -27,7 +27,7 @@ #include #include #ifdef HAVE_FSCONFIG_CMD_CREATE -# include +# include #endif #include #include @@ -56,10 +56,10 @@ #include #include -#define YAJL_STR(x) ((const unsigned char *) (x)) +#define YAJL_STR(x) (( const unsigned char * ) (x)) #ifndef RLIMIT_RTTIME -# define RLIMIT_RTTIME 15 +# define RLIMIT_RTTIME 15 #endif struct remount_s @@ -120,22 +120,19 @@ get_private_data (struct libcrun_container_s *container) return container->private_data; } -static struct linux_namespace_s namespaces[] = - { - {"mount", "mnt", CLONE_NEWNS}, - {"network", "net", CLONE_NEWNET}, - {"ipc", "ipc", CLONE_NEWIPC}, - {"pid", "pid", CLONE_NEWPID}, - {"uts", "uts", CLONE_NEWUTS}, - {"user", "user", CLONE_NEWUSER}, +static struct linux_namespace_s namespaces[] = { { "mount", "mnt", CLONE_NEWNS }, + { "network", "net", CLONE_NEWNET }, + { "ipc", "ipc", CLONE_NEWIPC }, + { "pid", "pid", CLONE_NEWPID }, + { "uts", "uts", CLONE_NEWUTS }, + { "user", "user", CLONE_NEWUSER }, #ifdef CLONE_NEWCGROUP - {"cgroup", "cgroup", CLONE_NEWCGROUP}, + { "cgroup", "cgroup", CLONE_NEWCGROUP }, #endif #ifdef CLONE_NEWTIME - {"time", "time", CLONE_NEWTIME}, + { "time", "time", CLONE_NEWTIME }, #endif - {NULL, NULL, 0} - }; + { NULL, NULL, 0 } }; static int get_and_reset (int *old) @@ -159,9 +156,9 @@ static int syscall_clone (unsigned long flags, void *child_stack) { #if defined __s390__ || defined __CRIS__ - return (int) syscall (__NR_clone, child_stack, flags); + return ( int ) syscall (__NR_clone, child_stack, flags); #else - return (int) syscall (__NR_clone, flags, child_stack); + return ( int ) syscall (__NR_clone, flags, child_stack); #endif } @@ -169,7 +166,7 @@ static int syscall_fsopen (const char *fs_name, unsigned int flags) { #if defined __NR_fsopen - return (int) syscall (__NR_fsopen, fs_name, flags); + return ( int ) syscall (__NR_fsopen, fs_name, flags); #else errno = ENOTSUP; return -1; @@ -180,7 +177,7 @@ static int syscall_fsmount (int fsfd, unsigned int flags, unsigned int attr_flags) { #if defined __NR_fsmount - return (int) syscall (__NR_fsmount, fsfd, flags, attr_flags); + return ( int ) syscall (__NR_fsmount, fsfd, flags, attr_flags); #else errno = ENOTSUP; return -1; @@ -191,7 +188,7 @@ static int syscall_fsconfig (int fsfd, unsigned int cmd, const char *key, const void *val, int aux) { #if defined __NR_fsconfig - return (int) syscall (__NR_fsconfig, fsfd, cmd, key, val, aux); + return ( int ) syscall (__NR_fsconfig, fsfd, cmd, key, val, aux); #else errno = ENOTSUP; return -1; @@ -199,12 +196,11 @@ syscall_fsconfig (int fsfd, unsigned int cmd, const char *key, const void *val, } static int -syscall_move_mount (int from_dfd, const char *from_pathname, int to_dfd, - const char *to_pathname, unsigned int flags) +syscall_move_mount (int from_dfd, const char *from_pathname, int to_dfd, const char *to_pathname, unsigned int flags) { #if defined __NR_move_mount - return (int) syscall (__NR_move_mount, from_dfd, from_pathname, to_dfd, to_pathname, flags); + return ( int ) syscall (__NR_move_mount, from_dfd, from_pathname, to_dfd, to_pathname, flags); #else errno = ENOTSUP; return -1; @@ -215,17 +211,17 @@ static int syscall_keyctl_join (const char *name) { #define KEYCTL_JOIN_SESSION_KEYRING 0x1 - return (int) syscall (__NR_keyctl, KEYCTL_JOIN_SESSION_KEYRING, name, 0); + return ( int ) syscall (__NR_keyctl, KEYCTL_JOIN_SESSION_KEYRING, name, 0); } static int syscall_pidfd_open (pid_t pid, unsigned int flags) { #if defined __NR_pidfd_open - return (int) syscall (__NR_pidfd_open, pid, flags); + return ( int ) syscall (__NR_pidfd_open, pid, flags); #else - (void) pid; - (void) flags; + ( void ) pid; + ( void ) flags; errno = ENOTSUP; return -1; #endif @@ -235,12 +231,12 @@ static int syscall_pidfd_send_signal (int pidfd, int sig, siginfo_t *info, unsigned int flags) { #if defined __NR_pidfd_send_signal - return (int) syscall (__NR_pidfd_send_signal, pidfd, sig, info, flags); + return ( int ) syscall (__NR_pidfd_send_signal, pidfd, sig, info, flags); #else - (void) pidfd; - (void) sig; - (void) info; - (void) flags; + ( void ) pidfd; + ( void ) sig; + ( void ) info; + ( void ) flags; errno = ENOTSUP; return -1; #endif @@ -271,56 +267,54 @@ get_uid_gid_from_def (runtime_spec_schema_config_schema *def, uid_t *uid, gid_t } struct propagation_flags_s - { - const char *name; - int clear; - int flags; - int extra_flags; - }; +{ + const char *name; + int clear; + int flags; + int extra_flags; +}; -enum { - OPTION_TMPCOPYUP = 1 +enum +{ + OPTION_TMPCOPYUP = 1 }; -static struct propagation_flags_s propagation_flags[] = - { - {"defaults", 0, 0, 0}, - {"rbind", 0, MS_REC | MS_BIND, 0}, - {"ro", 0, MS_RDONLY, 0}, - {"rw", 1, MS_RDONLY, 0}, - {"suid", 1, MS_NOSUID, 0}, - {"nosuid", 0, MS_NOSUID, 0}, - {"dev", 1, MS_NODEV, 0}, - {"nodev", 0, MS_NODEV, 0}, - {"exec", 1, MS_NOEXEC, 0}, - {"noexec", 0, MS_NOEXEC, 0}, - {"sync", 0, MS_SYNCHRONOUS, 0}, - {"async", 1, MS_SYNCHRONOUS, 0}, - {"dirsync", 0, MS_DIRSYNC, 0}, - {"remount", 0, MS_REMOUNT, 0}, - {"mand", 0, MS_MANDLOCK, 0}, - {"nomand", 1, MS_MANDLOCK, 0}, - {"atime", 1, MS_NOATIME, 0}, - {"noatime", 0, MS_NOATIME, 0}, - {"diratime", 1, MS_NODIRATIME, 0}, - {"nodiratime", 0, MS_NODIRATIME, 0}, - {"relatime", 0, MS_RELATIME, 0}, - {"norelatime", 1, MS_RELATIME, 0}, - {"strictatime", 0, MS_STRICTATIME, 0}, - {"nostrictatime", 1, MS_STRICTATIME, 0}, - {"shared", 0, MS_SHARED, 0}, - {"rshared", 0, MS_REC | MS_SHARED, 0}, - {"slave", 0, MS_SLAVE, 0}, - {"rslave", 0, MS_REC | MS_SLAVE, 0}, - {"private", 0, MS_PRIVATE, 0}, - {"rprivate", 0, MS_REC | MS_PRIVATE, 0}, - {"unbindable", 0, MS_UNBINDABLE, 0}, - {"runbindable", 0, MS_REC | MS_UNBINDABLE, 0}, - - {"tmpcopyup", 0, 0, OPTION_TMPCOPYUP}, - - {NULL, 0, 0, 0} - }; +static struct propagation_flags_s propagation_flags[] = { { "defaults", 0, 0, 0 }, + { "rbind", 0, MS_REC | MS_BIND, 0 }, + { "ro", 0, MS_RDONLY, 0 }, + { "rw", 1, MS_RDONLY, 0 }, + { "suid", 1, MS_NOSUID, 0 }, + { "nosuid", 0, MS_NOSUID, 0 }, + { "dev", 1, MS_NODEV, 0 }, + { "nodev", 0, MS_NODEV, 0 }, + { "exec", 1, MS_NOEXEC, 0 }, + { "noexec", 0, MS_NOEXEC, 0 }, + { "sync", 0, MS_SYNCHRONOUS, 0 }, + { "async", 1, MS_SYNCHRONOUS, 0 }, + { "dirsync", 0, MS_DIRSYNC, 0 }, + { "remount", 0, MS_REMOUNT, 0 }, + { "mand", 0, MS_MANDLOCK, 0 }, + { "nomand", 1, MS_MANDLOCK, 0 }, + { "atime", 1, MS_NOATIME, 0 }, + { "noatime", 0, MS_NOATIME, 0 }, + { "diratime", 1, MS_NODIRATIME, 0 }, + { "nodiratime", 0, MS_NODIRATIME, 0 }, + { "relatime", 0, MS_RELATIME, 0 }, + { "norelatime", 1, MS_RELATIME, 0 }, + { "strictatime", 0, MS_STRICTATIME, 0 }, + { "nostrictatime", 1, MS_STRICTATIME, 0 }, + { "shared", 0, MS_SHARED, 0 }, + { "rshared", 0, MS_REC | MS_SHARED, 0 }, + { "slave", 0, MS_SLAVE, 0 }, + { "rslave", 0, MS_REC | MS_SLAVE, 0 }, + { "private", 0, MS_PRIVATE, 0 }, + { "rprivate", 0, MS_REC | MS_PRIVATE, 0 }, + { "unbindable", 0, MS_UNBINDABLE, 0 }, + { "runbindable", 0, MS_REC | MS_UNBINDABLE, 0 }, + + { "tmpcopyup", 0, 0, OPTION_TMPCOPYUP }, + + { NULL, 0, 0, 0 } }; static unsigned long get_mount_flags (const char *name, int current_flags, int *found, unsigned long *extra_flags) @@ -364,7 +358,7 @@ get_mount_flags_or_option (const char *name, int current_flags, unsigned long *e } int -pivot_root (const char * new_root, const char * put_old) +pivot_root (const char *new_root, const char *put_old) { return syscall (__NR_pivot_root, new_root, put_old); } @@ -452,7 +446,7 @@ finalize_mounts (libcrun_container_t *container, libcrun_error_t *err) r = next; } - cleanup: +cleanup: while (r) { struct remount_s *next = r->next; @@ -472,7 +466,7 @@ open_mount_target (libcrun_container_t *container, const char *target_rel, libcr int rootfsfd = get_private_data (container)->rootfsfd; if (rootfsfd < 0) - return crun_make_error (err, 0, "invalid rootfs state"); + return crun_make_error (err, 0, "invalid rootfs state"); return safe_openat (rootfsfd, rootfs, rootfs_len, target_rel, O_PATH | O_CLOEXEC, 0, err); } @@ -495,9 +489,9 @@ fsopen_mount (runtime_spec_schema_defs_mount *mount) return syscall_fsmount (fsfd, FSMOUNT_CLOEXEC, 0); #else - (void) syscall_fsopen; - (void) syscall_fsconfig; - (void) syscall_fsmount; + ( void ) syscall_fsopen; + ( void ) syscall_fsconfig; + ( void ) syscall_fsmount; errno = ENOTSUP; return -1; #endif @@ -509,32 +503,25 @@ fs_move_mount_to (int fd, int dirfd, const char *name) #ifdef HAVE_FSCONFIG_CMD_CREATE return syscall_move_mount (fd, "", dirfd, name, MOVE_MOUNT_F_EMPTY_PATH); #else - (void) syscall_move_mount; + ( void ) syscall_move_mount; errno = ENOTSUP; return -1; #endif } enum - { - /* Do not apply any label to the mount. */ - LABEL_NONE = 0, - /* Apply the label as a mount option. */ - LABEL_MOUNT, - /* Apply the label using setxattr. */ - LABEL_XATTR, - }; +{ + /* Do not apply any label to the mount. */ + LABEL_NONE = 0, + /* Apply the label as a mount option. */ + LABEL_MOUNT, + /* Apply the label using setxattr. */ + LABEL_XATTR, +}; static int -do_mount (libcrun_container_t *container, - const char *source, - int targetfd, - const char *target, - const char *fstype, - unsigned long mountflags, - const void *data, - int label_how, - libcrun_error_t *err) +do_mount (libcrun_container_t *container, const char *source, int targetfd, const char *target, const char *fstype, + unsigned long mountflags, const void *data, int label_how, libcrun_error_t *err) { cleanup_free char *data_with_label = NULL; const char *temporary_mount = NULL; @@ -557,10 +544,9 @@ do_mount (libcrun_container_t *container, if (targetfd >= 0) { - use_temporary_mount = \ - (get_private_data (container)->unshare_flags & CLONE_NEWNS) \ - && get_private_data (container)->tmpmountdir \ - && (mountflags & (ALL_PROPAGATIONS | MS_BIND | MS_RDONLY)); + use_temporary_mount = (get_private_data (container)->unshare_flags & CLONE_NEWNS) + && get_private_data (container)->tmpmountdir + && (mountflags & (ALL_PROPAGATIONS | MS_BIND | MS_RDONLY)); sprintf (target_buffer, "/proc/self/fd/%d", targetfd); real_target = target_buffer; } @@ -585,7 +571,7 @@ do_mount (libcrun_container_t *container, if (label_how == LABEL_MOUNT) { ret = add_selinux_mount_label (&data_with_label, data, label, err); - if (ret < 0) + if (ret < 0) return ret; data = data_with_label; } @@ -643,7 +629,7 @@ do_mount (libcrun_container_t *container, sprintf (proc_file, "/proc/self/fd/%d", fd); /* We need to go through the proc_file since fd itself is opened as O_PATH. */ - (void) setxattr (proc_file, "security.selinux", label, strlen (label), 0); + ( void ) setxattr (proc_file, "security.selinux", label, strlen (label), 0); } #endif /* We have a fd pointing to the new mountpoint (done in a safe location). We can move @@ -687,10 +673,7 @@ do_mount (libcrun_container_t *container, if (needs_remount) { - unsigned long remount_flags = \ - MS_REMOUNT \ - | (single_instance ? 0 : MS_BIND) \ - | (mountflags & ~ALL_PROPAGATIONS); + unsigned long remount_flags = MS_REMOUNT | (single_instance ? 0 : MS_BIND) | (mountflags & ~ALL_PROPAGATIONS); if ((remount_flags & MS_RDONLY) == 0) { @@ -709,8 +692,7 @@ do_mount (libcrun_container_t *container, } /* The remount owns the fd. */ - r = make_remount (get_and_reset (&fd), target, remount_flags, data, - get_private_data (container)->remounts); + r = make_remount (get_and_reset (&fd), target, remount_flags, data, get_private_data (container)->remounts); get_private_data (container)->remounts = r; } } @@ -719,10 +701,7 @@ do_mount (libcrun_container_t *container, } static int -do_mount_cgroup_v2 (libcrun_container_t *container, - int targetfd, - const char *target, - unsigned long mountflags, +do_mount_cgroup_v2 (libcrun_container_t *container, int targetfd, const char *target, unsigned long mountflags, libcrun_error_t *err) { int ret; @@ -739,7 +718,8 @@ do_mount_cgroup_v2 (libcrun_container_t *container, { crun_error_release (err); - ret = do_mount (container, "/sys/fs/cgroup", targetfd, target, NULL, MS_BIND | mountflags, NULL, LABEL_NONE, err); + ret = do_mount (container, "/sys/fs/cgroup", targetfd, target, NULL, MS_BIND | mountflags, NULL, LABEL_NONE, + err); } return ret; } @@ -762,12 +742,8 @@ has_mount_for (libcrun_container_t *container, const char *destination) } static int -do_mount_cgroup_systemd_v1 (libcrun_container_t *container, - const char *source, - int targetfd, - const char *target, - unsigned long mountflags, - libcrun_error_t *err) +do_mount_cgroup_systemd_v1 (libcrun_container_t *container, const char *source, int targetfd, const char *target, + unsigned long mountflags, libcrun_error_t *err) { int ret; cleanup_close int fd = -1; @@ -797,16 +773,13 @@ do_mount_cgroup_systemd_v1 (libcrun_container_t *container, xasprintf (&subsystem_path, "%s/%s", target, subsystem); - return do_mount (container, "cgroup", fd, subsystem_path, "cgroup", mountflags, "none,name=systemd,xattr", LABEL_NONE, err); + return do_mount (container, "cgroup", fd, subsystem_path, "cgroup", mountflags, "none,name=systemd,xattr", LABEL_NONE, + err); } static int -do_mount_cgroup_v1 (libcrun_container_t *container, - const char *source, - int targetfd, - const char *target, - unsigned long mountflags, - libcrun_error_t *err) +do_mount_cgroup_v1 (libcrun_container_t *container, const char *source, int targetfd, const char *target, + unsigned long mountflags, libcrun_error_t *err) { int ret; const cgroups_subsystem_t *subsystems = NULL; @@ -885,7 +858,8 @@ do_mount_cgroup_v1 (libcrun_container_t *container, if (has_cgroupns) { - ret = do_mount (container, source_path, subsystemfd, subsystem_path, "cgroup", mountflags, subsystem_fqn, LABEL_NONE, err); + ret = do_mount (container, source_path, subsystemfd, subsystem_path, "cgroup", mountflags, subsystem_fqn, + LABEL_NONE, err); if (UNLIKELY (ret < 0)) { if (crun_error_get_errno (err) == ENOENT || crun_error_get_errno (err) == ENODEV) @@ -899,7 +873,8 @@ do_mount_cgroup_v1 (libcrun_container_t *container, } else { - ret = do_mount (container, source_path, subsystemfd, subsystem_path, NULL, MS_BIND | mountflags, NULL, LABEL_NONE, err); + ret = do_mount (container, source_path, subsystemfd, subsystem_path, NULL, MS_BIND | mountflags, NULL, + LABEL_NONE, err); if (UNLIKELY (ret < 0)) { if (crun_error_get_errno (err) != ENOENT) @@ -908,7 +883,8 @@ do_mount_cgroup_v1 (libcrun_container_t *container, crun_error_release (err); /* We might already be in a container. Mount the source subsystem. */ - ret = do_mount (container, source_subsystem, subsystemfd, subsystem_path, NULL, MS_BIND | mountflags, NULL, LABEL_NONE, err); + ret = do_mount (container, source_subsystem, subsystemfd, subsystem_path, NULL, MS_BIND | mountflags, + NULL, LABEL_NONE, err); if (UNLIKELY (ret < 0)) return ret; } @@ -923,12 +899,8 @@ do_mount_cgroup_v1 (libcrun_container_t *container, } static int -do_mount_cgroup (libcrun_container_t *container, - const char *source, - int targetfd, - const char *target, - unsigned long mountflags, - libcrun_error_t *err) +do_mount_cgroup (libcrun_container_t *container, const char *source, int targetfd, const char *target, + unsigned long mountflags, libcrun_error_t *err) { int cgroup_mode; @@ -959,16 +931,13 @@ struct device_s gid_t gid; }; -struct device_s needed_devs[] = - { - {"/dev/null", "c", 1, 3, 0666, 0, 0}, - {"/dev/zero", "c", 1, 5, 0666, 0, 0}, - {"/dev/full", "c", 1, 7, 0666, 0, 0}, - {"/dev/tty", "c", 5, 0, 0666, 0, 0}, - {"/dev/random", "c", 1, 8, 0666, 0, 0}, - {"/dev/urandom", "c", 1, 9, 0666, 0, 0}, - {} - }; +struct device_s needed_devs[] = { { "/dev/null", "c", 1, 3, 0666, 0, 0 }, + { "/dev/zero", "c", 1, 5, 0666, 0, 0 }, + { "/dev/full", "c", 1, 7, 0666, 0, 0 }, + { "/dev/tty", "c", 5, 0, 0666, 0, 0 }, + { "/dev/random", "c", 1, 8, 0666, 0, 0 }, + { "/dev/urandom", "c", 1, 9, 0666, 0, 0 }, + {} }; /* Check if the specified path is a direct child of /dev. If it is return a pointer to the basename. */ @@ -987,7 +956,8 @@ relative_path_under_dev (const char *path) } static int -create_dev (libcrun_container_t *container, int devfd, struct device_s *device, bool binds, bool ensure_parent_dir, libcrun_error_t *err) +create_dev (libcrun_container_t *container, int devfd, struct device_s *device, bool binds, bool ensure_parent_dir, + libcrun_error_t *err) { int ret; dev_t dev; @@ -1002,7 +972,7 @@ create_dev (libcrun_container_t *container, int devfd, struct device_s *device, if (binds) { - cleanup_close int fd = - 1; + cleanup_close int fd = -1; const char *rel_path = device->path; while (*rel_path == '/') @@ -1113,7 +1083,6 @@ create_dev (libcrun_container_t *container, int devfd, struct device_s *device, if (UNLIKELY (ret < 0)) return crun_make_error (err, errno, "chown `%s`", device->path); } - } return 0; } @@ -1125,16 +1094,13 @@ struct symlink_s bool force; }; -static struct symlink_s symlinks[] = - { - {"/proc/self/fd", "fd", false}, - {"/proc/self/fd/0", "stdin", false}, - {"/proc/self/fd/1", "stdout", false}, - {"/proc/self/fd/2", "stderr", false}, - {"/proc/kcore", "core", false}, - {"pts/ptmx", "ptmx", true}, - {NULL, NULL, false} - }; +static struct symlink_s symlinks[] = { { "/proc/self/fd", "fd", false }, + { "/proc/self/fd/0", "stdin", false }, + { "/proc/self/fd/1", "stdout", false }, + { "/proc/self/fd/2", "stderr", false }, + { "/proc/kcore", "core", false }, + { "pts/ptmx", "ptmx", true }, + { NULL, NULL, false } }; static int create_missing_devs (libcrun_container_t *container, bool binds, libcrun_error_t *err) @@ -1153,13 +1119,10 @@ create_missing_devs (libcrun_container_t *container, bool binds, libcrun_error_t for (i = 0; i < def->linux->devices_len; i++) { - struct device_s device = {def->linux->devices[i]->path, - def->linux->devices[i]->type, - def->linux->devices[i]->major, - def->linux->devices[i]->minor, - def->linux->devices[i]->file_mode, - def->linux->devices[i]->uid, - def->linux->devices[i]->gid, + struct device_s device = { + def->linux->devices[i]->path, def->linux->devices[i]->type, def->linux->devices[i]->major, + def->linux->devices[i]->minor, def->linux->devices[i]->file_mode, def->linux->devices[i]->uid, + def->linux->devices[i]->gid, }; if (! def->linux->devices[i]->file_mode_present) @@ -1179,19 +1142,19 @@ create_missing_devs (libcrun_container_t *container, bool binds, libcrun_error_t for (i = 0; symlinks[i].target; i++) { -retry_symlink: + retry_symlink: ret = symlinkat (symlinks[i].path, devfd, symlinks[i].target); if (UNLIKELY (ret < 0)) { int saved_errno = errno; - if (errno == EEXIST && !symlinks[i].force) + if (errno == EEXIST && ! symlinks[i].force) continue; /* If the symlink should be forced, make sure to unlink any existing file at the same path. */ if (errno == EEXIST) { -retry_unlink: + retry_unlink: ret = unlinkat (devfd, symlinks[i].target, 0); if (ret < 0 && errno == EISDIR) ret = unlinkat (devfd, symlinks[i].target, AT_REMOVEDIR); @@ -1204,7 +1167,7 @@ create_missing_devs (libcrun_container_t *container, bool binds, libcrun_error_t sprintf (procpath, "/proc/self/fd/%d", tfd); if (umount2 (procpath, MNT_DETACH) == 0) - goto retry_unlink; + goto retry_unlink; } } if (ret == 0) @@ -1218,10 +1181,7 @@ create_missing_devs (libcrun_container_t *container, bool binds, libcrun_error_t } static int -do_masked_or_readonly_path (libcrun_container_t *container, - int rootfsfd, - const char *rel_path, - bool readonly, +do_masked_or_readonly_path (libcrun_container_t *container, int rootfsfd, const char *rel_path, bool readonly, libcrun_error_t *err) { cleanup_close int pathfd = -1; @@ -1246,7 +1206,8 @@ do_masked_or_readonly_path (libcrun_container_t *container, char source_buffer[64]; sprintf (source_buffer, "/proc/self/fd/%d", pathfd); - ret = do_mount (container, source_buffer, pathfd, rel_path, NULL, MS_BIND | MS_PRIVATE | MS_RDONLY | MS_REC, NULL, LABEL_NONE, err); + ret = do_mount (container, source_buffer, pathfd, rel_path, NULL, MS_BIND | MS_PRIVATE | MS_RDONLY | MS_REC, NULL, + LABEL_NONE, err); if (UNLIKELY (ret < 0)) return ret; } @@ -1259,7 +1220,8 @@ do_masked_or_readonly_path (libcrun_container_t *container, if ((mode & S_IFMT) == S_IFDIR) ret = do_mount (container, "tmpfs", pathfd, rel_path, "tmpfs", MS_RDONLY, "size=0k", false, err); else - ret = do_mount (container, "/dev/null", pathfd, rel_path, NULL, MS_BIND | MS_UNBINDABLE | MS_REC, NULL, LABEL_MOUNT, err); + ret = do_mount (container, "/dev/null", pathfd, rel_path, NULL, MS_BIND | MS_UNBINDABLE | MS_REC, NULL, + LABEL_MOUNT, err); if (UNLIKELY (ret < 0)) return ret; } @@ -1341,9 +1303,8 @@ static int get_default_flags (libcrun_container_t *container, const char *destination, char **data) { if (strcmp (destination, "/proc") == 0) - return 0; - if (strcmp (destination, "/dev/cgroup") == 0 - || strcmp (destination, "/sys/fs/cgroup") == 0) + return 0; + if (strcmp (destination, "/dev/cgroup") == 0 || strcmp (destination, "/sys/fs/cgroup") == 0) { *data = xstrdup ("none,name="); return MS_NOEXEC | MS_NOSUID | MS_STRICTATIME; @@ -1359,7 +1320,7 @@ get_default_flags (libcrun_container_t *container, const char *destination, char return MS_NOEXEC | MS_NOSUID | MS_NODEV; } if (strcmp (destination, "/dev/mqueue") == 0) - return MS_NOEXEC | MS_NOSUID | MS_NODEV; + return MS_NOEXEC | MS_NOSUID | MS_NODEV; if (strcmp (destination, "/dev/pts") == 0) { if (container->host_uid == 0) @@ -1369,7 +1330,7 @@ get_default_flags (libcrun_container_t *container, const char *destination, char return MS_NOEXEC | MS_NOSUID; } if (strcmp (destination, "/sys") == 0) - return MS_NOEXEC | MS_NOSUID | MS_NODEV; + return MS_NOEXEC | MS_NOSUID | MS_NODEV; return 0; } @@ -1386,13 +1347,9 @@ do_mounts (libcrun_container_t *container, int rootfsfd, const char *rootfs, lib { int *fd; const char *fstype; - } - fsfd_mounts[] = - { - {.fstype = "proc", .fd = &(get_private_data (container)->procfsfd)}, - {.fstype = "mqueue", .fd = &(get_private_data (container)->mqueuefsfd)}, - {.fd = NULL, .fstype = NULL} - }; + } fsfd_mounts[] = { { .fstype = "proc", .fd = &(get_private_data (container)->procfsfd) }, + { .fstype = "mqueue", .fd = &(get_private_data (container)->mqueuefsfd) }, + { .fd = NULL, .fstype = NULL } }; for (i = 0; i < def->mounts_len; i++) { @@ -1428,7 +1385,8 @@ do_mounts (libcrun_container_t *container, int rootfsfd, const char *rootfs, lib for (j = 0; j < def->mounts[i]->options_len; j++) { - if (strcmp (def->mounts[i]->options[j], "bind") == 0 || strcmp (def->mounts[i]->options[j], "rbind") == 0) + if (strcmp (def->mounts[i]->options[j], "bind") == 0 + || strcmp (def->mounts[i]->options[j], "rbind") == 0) { type = "bind"; break; @@ -1475,8 +1433,7 @@ do_mounts (libcrun_container_t *container, int rootfsfd, const char *rootfs, lib if (is_dir) { /* Enforce /proc and /sys to be directories without any symlink under rootfs. */ - bool must_be_dir_under_root = strcmp (type, "sysfs") == 0 - || strcmp (type, "proc") == 0; + bool must_be_dir_under_root = strcmp (type, "sysfs") == 0 || strcmp (type, "proc") == 0; ret = crun_safe_ensure_directory_at (rootfsfd, rootfs, rootfs_len, target, 01755, err); if (UNLIKELY (ret < 0)) @@ -1562,8 +1519,7 @@ do_mounts (libcrun_container_t *container, int rootfsfd, const char *rootfs, lib { int label_how = LABEL_MOUNT; - if (strcmp (type, "sysfs") == 0 - || strcmp (type, "proc") == 0) + if (strcmp (type, "sysfs") == 0 || strcmp (type, "proc") == 0) label_how = LABEL_NONE; else if (strcmp (type, "mqueue") == 0) label_how = LABEL_XATTR; @@ -1631,21 +1587,21 @@ get_notify_fd (libcrun_context_t *context, libcrun_container_t *container, int * if (UNLIKELY (chmod (host_path, 0777) < 0)) return crun_make_error (err, errno, "chmod `%s`", host_path); -#ifdef HAVE_FGETXATTR +# ifdef HAVE_FGETXATTR if (container && container->container_def->linux && container->container_def->linux->mount_label) { /* Ignore the error, the worse that can happen is that the container fails to notify it is ready. */ - (void) setxattr (host_path, "security.selinux", container->container_def->linux->mount_label, - strlen (container->container_def->linux->mount_label), 0); + ( void ) setxattr (host_path, "security.selinux", container->container_def->linux->mount_label, + strlen (container->container_def->linux->mount_label), 0); } -#endif +# endif *notify_socket_out = get_and_reset (¬ify_fd); return 1; #else - (void) context; - (void) container; - (void) err; + ( void ) context; + ( void ) container; + ( void ) err; *notify_socket_out = -1; return 0; #endif @@ -1687,7 +1643,8 @@ do_finalize_notify_socket (libcrun_container_t *container, libcrun_error_t *err) cleanup_free char *container_notify_socket_path_dir_alloc = NULL; char *container_notify_socket_path_dir = NULL; - get_private_data (container)->host_notify_socket_path = get_private_data (container)->container_notify_socket_path = NULL; + get_private_data (container)->host_notify_socket_path = get_private_data (container)->container_notify_socket_path + = NULL; if (host_notify_socket_path == NULL || container_notify_socket_path == NULL) return 0; @@ -1702,7 +1659,7 @@ do_finalize_notify_socket (libcrun_container_t *container, libcrun_error_t *err) ret = do_mount (container, host_notify_socket_path, -1, container_notify_socket_path_dir, NULL, MS_BIND | MS_REC | MS_PRIVATE, NULL, LABEL_MOUNT, err); if (UNLIKELY (ret < 0)) - return ret; + return ret; return 0; } @@ -1744,8 +1701,8 @@ make_parent_mount_private (const char *rootfs, libcrun_error_t *err) } static int -allocate_tmp_mounts (libcrun_container_t *container, char **parent_tmpdir_out, - char **tmpdir_out, char **tmpfile_out, libcrun_error_t *err) +allocate_tmp_mounts (libcrun_container_t *container, char **parent_tmpdir_out, char **tmpdir_out, char **tmpfile_out, + libcrun_error_t *err) { cleanup_free char *state_dir = NULL; cleanup_free char *tmpdir = NULL; @@ -1753,20 +1710,18 @@ allocate_tmp_mounts (libcrun_container_t *container, char **parent_tmpdir_out, char *where = NULL; int ret; - state_dir = libcrun_get_state_directory (container->context->state_root, - container->context->id); + state_dir = libcrun_get_state_directory (container->context->state_root, container->context->id); where = state_dir; - repeat: +repeat: xasprintf (&tmpdir, "%s/tmp-dir", where); ret = crun_ensure_directory (tmpdir, 0700, true, err); if (UNLIKELY (ret < 0)) { /*If the current user has no access to the state directory (e.g. running in an user namespace), then try with a temporary directory. */ - if (crun_error_get_errno (err) == EPERM \ - || crun_error_get_errno (err) == EROFS \ + if (crun_error_get_errno (err) == EPERM || crun_error_get_errno (err) == EROFS || crun_error_get_errno (err) == EACCES) { char tmp_dir[32]; @@ -1809,7 +1764,7 @@ static int cleanup_rmdir (void *p) { int ret; - char **pp = (char **) p; + char **pp = ( char ** ) p; if (*pp) { cleanup_dir DIR *d = NULL; @@ -1831,7 +1786,7 @@ cleanup_rmdir (void *p) } unlinkat (AT_FDCWD, *pp, AT_REMOVEDIR); } - exit: +exit: free (*pp); return 0; } @@ -1843,7 +1798,7 @@ libcrun_set_mounts (libcrun_container_t *container, const char *rootfs, libcrun_ int ret = 0, is_user_ns = 0; unsigned long rootfs_propagation = 0; cleanup_close int rootfsfd_cleanup = -1; - __attribute__((cleanup (cleanup_rmdir))) char *tmpdirparent = NULL; + __attribute__ ((cleanup (cleanup_rmdir))) char *tmpdirparent = NULL; int rootfsfd = -1; if (def->linux->rootfs_propagation) @@ -1889,7 +1844,7 @@ libcrun_set_mounts (libcrun_container_t *container, const char *rootfs, libcrun_ rootfsfd = AT_FDCWD; else { - rootfsfd = rootfsfd_cleanup = open (rootfs, O_PATH|O_CLOEXEC); + rootfsfd = rootfsfd_cleanup = open (rootfs, O_PATH | O_CLOEXEC); if (UNLIKELY (rootfsfd < 0)) return crun_make_error (err, errno, "open `%s`", rootfs); } @@ -1920,14 +1875,14 @@ libcrun_set_mounts (libcrun_container_t *container, const char *rootfs, libcrun_ return ret; is_user_ns = (get_private_data (container)->unshare_flags & CLONE_NEWUSER); - if (!is_user_ns) + if (! is_user_ns) { is_user_ns = check_running_in_user_namespace (err); if (UNLIKELY (is_user_ns < 0)) return is_user_ns; } - if (!get_private_data (container)->mount_dev_from_host) + if (! get_private_data (container)->mount_dev_from_host) { ret = create_missing_devs (container, is_user_ns ? true : false, err); if (UNLIKELY (ret < 0)) @@ -2020,8 +1975,8 @@ libcrun_do_pivot_root (libcrun_container_t *container, bool no_pivot, const char return ret; } - ret = do_mount (container, NULL, -1, "/", NULL, get_private_data (container)->rootfs_propagation, - NULL, LABEL_MOUNT, err); + ret = do_mount (container, NULL, -1, "/", NULL, get_private_data (container)->rootfs_propagation, NULL, + LABEL_MOUNT, err); if (UNLIKELY (ret < 0)) return ret; } @@ -2043,7 +1998,7 @@ libcrun_do_pivot_root (libcrun_container_t *container, bool no_pivot, const char * the outside of the container, this moves it to /dev/null inside * of the container. This needs to run afer pivot/chroot-ing. */ int -libcrun_reopen_dev_null (libcrun_error_t * err) +libcrun_reopen_dev_null (libcrun_error_t *err) { struct stat dev_null; struct stat statbuf; @@ -2056,19 +2011,19 @@ libcrun_reopen_dev_null (libcrun_error_t * err) return crun_make_error (err, errno, "failed open()ing /dev/null"); if (UNLIKELY (fstat (fd, &dev_null) == -1)) - return crun_make_error (err, errno, "failed stat()ing /dev/null"); + return crun_make_error (err, errno, "failed stat()ing /dev/null"); for (i = 0; i <= 2; i++) { if (UNLIKELY (fstat (i, &statbuf) == -1)) - return crun_make_error (err, errno, "failed stat()ing fd %d", i); + return crun_make_error (err, errno, "failed stat()ing fd %d", i); if (statbuf.st_rdev == dev_null.st_rdev) - { - /* This FD is pointing to /dev/null. Point it to /dev/null inside - * of the container. */ - if (UNLIKELY (dup2 (fd, i) == -1)) - return crun_make_error (err, errno, "failed dup2()ing %d", i); - } + { + /* This FD is pointing to /dev/null. Point it to /dev/null inside + * of the container. */ + if (UNLIKELY (dup2 (fd, i) == -1)) + return crun_make_error (err, errno, "failed dup2()ing %d", i); + } } return 0; } @@ -2210,7 +2165,7 @@ libcrun_set_usernamespace (libcrun_container_t *container, pid_t pid, libcrun_er if ((get_private_data (container)->unshare_flags & CLONE_NEWUSER) == 0) return 0; - if (!def->linux->uid_mappings_len) + if (! def->linux->uid_mappings_len) { uid_map_len = format_default_id_mapping (&uid_map, container->container_uid, container->host_uid, 1); if (uid_map == NULL) @@ -2230,10 +2185,8 @@ libcrun_set_usernamespace (libcrun_container_t *container, pid_t pid, libcrun_er { size_t len; - len = sprintf (buffer, MAPPING_FMT_SIZE, - def->linux->uid_mappings[s]->container_id, - def->linux->uid_mappings[s]->host_id, - def->linux->uid_mappings[s]->size); + len = sprintf (buffer, MAPPING_FMT_SIZE, def->linux->uid_mappings[s]->container_id, + def->linux->uid_mappings[s]->host_id, def->linux->uid_mappings[s]->size); memcpy (uid_map + written, buffer, len); written += len; } @@ -2241,7 +2194,7 @@ libcrun_set_usernamespace (libcrun_container_t *container, pid_t pid, libcrun_er uid_map_len = written; } - if (!def->linux->gid_mappings_len) + if (! def->linux->gid_mappings_len) { gid_map_len = format_default_id_mapping (&gid_map, container->container_gid, container->host_uid, 0); if (gid_map == NULL) @@ -2261,10 +2214,8 @@ libcrun_set_usernamespace (libcrun_container_t *container, pid_t pid, libcrun_er { size_t len; - len = sprintf (buffer, MAPPING_FMT_SIZE, - def->linux->gid_mappings[s]->container_id, - def->linux->gid_mappings[s]->host_id, - def->linux->gid_mappings[s]->size); + len = sprintf (buffer, MAPPING_FMT_SIZE, def->linux->gid_mappings[s]->container_id, + def->linux->gid_mappings[s]->host_id, def->linux->gid_mappings[s]->size); memcpy (gid_map + written, buffer, len); written += len; } @@ -2280,7 +2231,7 @@ libcrun_set_usernamespace (libcrun_container_t *container, pid_t pid, libcrun_er xasprintf (&gid_map_file, "/proc/%d/gid_map", pid); ret = write_file (gid_map_file, gid_map, gid_map_len, err); - if (ret < 0 && !def->linux->gid_mappings_len) + if (ret < 0 && ! def->linux->gid_mappings_len) { size_t single_mapping_len; char single_mapping[32]; @@ -2305,13 +2256,13 @@ libcrun_set_usernamespace (libcrun_container_t *container, pid_t pid, libcrun_er xasprintf (&uid_map_file, "/proc/%d/uid_map", pid); ret = write_file (uid_map_file, uid_map, uid_map_len, err); - if (ret < 0 && !def->linux->uid_mappings_len) + if (ret < 0 && ! def->linux->uid_mappings_len) { size_t single_mapping_len; char single_mapping[32]; crun_error_release (err); - if (!get_private_data (container)->deny_setgroups) + if (! get_private_data (container)->deny_setgroups) { ret = deny_setgroups (container, pid, err); if (UNLIKELY (ret < 0)) @@ -2330,8 +2281,8 @@ libcrun_set_usernamespace (libcrun_container_t *container, pid_t pid, libcrun_er #undef MAPPING_FMT_1 } -#define CAP_TO_MASK_0(x) (1L << ((x) & 31)) -#define CAP_TO_MASK_1(x) CAP_TO_MASK_0(x - 32) +#define CAP_TO_MASK_0(x) (1L << (( x ) &31)) +#define CAP_TO_MASK_1(x) CAP_TO_MASK_0 (x - 32) struct all_caps_s { @@ -2362,7 +2313,7 @@ set_required_caps (struct all_caps_s *caps, uid_t uid, gid_t gid, int no_new_pri if (! has_cap_on (cap, caps->bounding)) { ret = prctl (PR_CAPBSET_DROP, cap, 0, 0, 0); - if (UNLIKELY (ret < 0 && !(errno == EINVAL))) + if (UNLIKELY (ret < 0 && ! (errno == EINVAL))) return crun_make_error (err, errno, "prctl drop bounding"); } @@ -2391,14 +2342,14 @@ set_required_caps (struct all_caps_s *caps, uid_t uid, gid_t gid, int no_new_pri #ifdef PR_CAP_AMBIENT ret = prctl (PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0); - if (UNLIKELY (ret < 0 && !(errno == EINVAL || errno == EPERM))) + if (UNLIKELY (ret < 0 && ! (errno == EINVAL || errno == EPERM))) return crun_make_error (err, errno, "prctl reset ambient"); for (cap = 0; cap <= CAP_LAST_CAP; cap++) if (has_cap_on (cap, caps->ambient)) { ret = prctl (PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, cap, 0, 0); - if (UNLIKELY (ret < 0 && !(errno == EINVAL || errno == EPERM))) + if (UNLIKELY (ret < 0 && ! (errno == EINVAL || errno == EPERM))) return crun_make_error (err, errno, "prctl ambient raise"); } #endif @@ -2420,9 +2371,9 @@ read_caps (unsigned long caps[2], char **values, size_t len, libcrun_error_t *er if (cap_from_name (values[i], &cap) < 0) return crun_make_error (err, 0, "unknown cap: `%s`", values[i]); if (cap < 32) - caps[0] |= CAP_TO_MASK_0 (cap); + caps[0] |= CAP_TO_MASK_0 (cap); else - caps[1] |= CAP_TO_MASK_1 (cap); + caps[1] |= CAP_TO_MASK_1 (cap); } return 0; } @@ -2445,45 +2396,31 @@ libcrun_set_apparmor_profile (runtime_spec_schema_config_schema_process *proc, l } int -libcrun_set_caps (runtime_spec_schema_config_schema_process_capabilities *capabilities, uid_t uid, gid_t gid, int no_new_privileges, libcrun_error_t *err) +libcrun_set_caps (runtime_spec_schema_config_schema_process_capabilities *capabilities, uid_t uid, gid_t gid, + int no_new_privileges, libcrun_error_t *err) { int ret; struct all_caps_s caps = {}; if (capabilities) { - ret = read_caps (caps.effective, - capabilities->effective, - capabilities->effective_len, - err); + ret = read_caps (caps.effective, capabilities->effective, capabilities->effective_len, err); if (ret < 0) return ret; - ret = read_caps (caps.inheritable, - capabilities->inheritable, - capabilities->inheritable_len, - err); + ret = read_caps (caps.inheritable, capabilities->inheritable, capabilities->inheritable_len, err); if (ret < 0) return ret; - ret = read_caps (caps.ambient, - capabilities->ambient, - capabilities->ambient_len, - err); + ret = read_caps (caps.ambient, capabilities->ambient, capabilities->ambient_len, err); if (ret < 0) return ret; - ret = read_caps (caps.bounding, - capabilities->bounding, - capabilities->bounding_len, - err); + ret = read_caps (caps.bounding, capabilities->bounding, capabilities->bounding_len, err); if (ret < 0) return ret; - ret = read_caps (caps.permitted, - capabilities->permitted, - capabilities->permitted_len, - err); + ret = read_caps (caps.permitted, capabilities->permitted, capabilities->permitted_len, err); if (ret < 0) return ret; } @@ -2497,26 +2434,23 @@ struct rlimit_s int value; }; -struct rlimit_s rlimits[] = - { - {"RLIMIT_AS", RLIMIT_AS}, - {"RLIMIT_CORE", RLIMIT_CORE}, - {"RLIMIT_CPU", RLIMIT_CPU}, - {"RLIMIT_DATA", RLIMIT_DATA}, - {"RLIMIT_FSIZE", RLIMIT_FSIZE}, - {"RLIMIT_LOCKS", RLIMIT_LOCKS}, - {"RLIMIT_MEMLOCK", RLIMIT_MEMLOCK}, - {"RLIMIT_MSGQUEUE", RLIMIT_MSGQUEUE}, - {"RLIMIT_NICE", RLIMIT_NICE}, - {"RLIMIT_NOFILE", RLIMIT_NOFILE}, - {"RLIMIT_NPROC", RLIMIT_NPROC}, - {"RLIMIT_RSS", RLIMIT_RSS}, - {"RLIMIT_RTPRIO", RLIMIT_RTPRIO}, - {"RLIMIT_RTTIME", RLIMIT_RTTIME}, - {"RLIMIT_SIGPENDING", RLIMIT_SIGPENDING}, - {"RLIMIT_STACK", RLIMIT_STACK}, - {NULL, 0} - }; +struct rlimit_s rlimits[] = { { "RLIMIT_AS", RLIMIT_AS }, + { "RLIMIT_CORE", RLIMIT_CORE }, + { "RLIMIT_CPU", RLIMIT_CPU }, + { "RLIMIT_DATA", RLIMIT_DATA }, + { "RLIMIT_FSIZE", RLIMIT_FSIZE }, + { "RLIMIT_LOCKS", RLIMIT_LOCKS }, + { "RLIMIT_MEMLOCK", RLIMIT_MEMLOCK }, + { "RLIMIT_MSGQUEUE", RLIMIT_MSGQUEUE }, + { "RLIMIT_NICE", RLIMIT_NICE }, + { "RLIMIT_NOFILE", RLIMIT_NOFILE }, + { "RLIMIT_NPROC", RLIMIT_NPROC }, + { "RLIMIT_RSS", RLIMIT_RSS }, + { "RLIMIT_RTPRIO", RLIMIT_RTPRIO }, + { "RLIMIT_RTTIME", RLIMIT_RTTIME }, + { "RLIMIT_SIGPENDING", RLIMIT_SIGPENDING }, + { "RLIMIT_STACK", RLIMIT_STACK }, + { NULL, 0 } }; static int get_rlimit_resource (const char *name) @@ -2529,7 +2463,8 @@ get_rlimit_resource (const char *name) } int -libcrun_set_rlimits (runtime_spec_schema_config_schema_process_rlimits_element **new_rlimits, size_t len, libcrun_error_t *err) +libcrun_set_rlimits (runtime_spec_schema_config_schema_process_rlimits_element **new_rlimits, size_t len, + libcrun_error_t *err) { size_t i; for (i = 0; i < len; i++) @@ -2555,7 +2490,7 @@ libcrun_set_hostname (libcrun_container_t *container, libcrun_error_t *err) int ret; if (def->hostname == NULL || def->hostname[0] == '\0') return 0; - if (!has_uts) + if (! has_uts) return crun_make_error (err, 0, "hostname requires the UTS namespace"); ret = sethostname (def->hostname, strlen (def->hostname)); if (UNLIKELY (ret < 0)) @@ -2588,7 +2523,7 @@ libcrun_set_sysctl_from_schema (runtime_spec_schema_config_schema *def, libcrun_ size_t i; cleanup_close int dirfd = -1; - if (!def->linux || !def->linux->sysctl) + if (! def->linux || ! def->linux->sysctl) return 0; dirfd = open ("/proc/sys", O_DIRECTORY | O_RDONLY); @@ -2636,8 +2571,7 @@ open_terminal (libcrun_container_t *container, char **pty, libcrun_error_t *err) if (UNLIKELY (ret < 0)) return ret; - if (container->container_def->process - && container->container_def->process->user + if (container->container_def->process && container->container_def->process->user && container->container_def->process->user->uid) { ret = chown (*pty, container->container_def->process->user->uid, -1); @@ -2656,9 +2590,7 @@ libcrun_get_external_descriptors (libcrun_container_t *container) } static int -save_external_descriptors (libcrun_container_t *container, - pid_t pid, - libcrun_error_t *err) +save_external_descriptors (libcrun_container_t *container, pid_t pid, libcrun_error_t *err) { const unsigned char *buf = NULL; yajl_gen gen = NULL; @@ -2682,7 +2614,7 @@ save_external_descriptors (libcrun_container_t *container, { /* The fd could not exist. */ if (errno == ENOENT) - strcpy (link_path, "/dev/null"); + strcpy (link_path, "/dev/null"); else { yajl_gen_free (gen); @@ -2696,7 +2628,7 @@ save_external_descriptors (libcrun_container_t *container, yajl_gen_array_close (gen); yajl_gen_get_buf (gen, &buf, &buf_len); if (buf) - get_private_data (container)->external_descriptors = xstrdup((const char *) buf); + get_private_data (container)->external_descriptors = xstrdup (( const char * ) buf); yajl_gen_free (gen); return 0; @@ -2710,7 +2642,7 @@ libcrun_set_terminal (libcrun_container_t *container, libcrun_error_t *err) cleanup_free char *pty = NULL; runtime_spec_schema_config_schema *def = container->container_def; - if (def->process == NULL || !def->process->terminal) + if (def->process == NULL || ! def->process->terminal) return 0; fd = open_terminal (container, &pty, err); @@ -2719,9 +2651,7 @@ libcrun_set_terminal (libcrun_container_t *container, libcrun_error_t *err) if (def->process->console_size) { - ret = libcrun_terminal_setup_size (0, def->process->console_size->height, - def->process->console_size->width, - err); + ret = libcrun_terminal_setup_size (0, def->process->console_size->height, def->process->console_size->width, err); if (UNLIKELY (ret < 0)) return ret; } @@ -2752,7 +2682,6 @@ libcrun_set_terminal (libcrun_container_t *container, libcrun_error_t *err) return get_and_reset (&fd); } - static bool read_error_from_sync_socket (int sync_socket_fd, int *error, char **str) { @@ -2827,7 +2756,7 @@ send_error_to_sync_socket (int sync_socket_fd, bool has_fd, libcrun_error_t *err return true; } -static __attribute__ ((noreturn)) void +static __attribute__ ((noreturn)) void send_error_to_sync_socket_and_die (int sync_socket_fd, bool has_terminal, libcrun_error_t *err) { char *msg; @@ -2866,12 +2795,8 @@ expect_success_from_sync_socket (int sync_fd, libcrun_error_t *err) } static int -join_namespaces (runtime_spec_schema_config_schema *def, - int *namespaces_to_join, - int n_namespaces_to_join, - int *namespaces_to_join_index, - bool ignore_join_errors, - libcrun_error_t *err) +join_namespaces (runtime_spec_schema_config_schema *def, int *namespaces_to_join, int n_namespaces_to_join, + int *namespaces_to_join_index, bool ignore_join_errors, libcrun_error_t *err) { int ret; int i; @@ -2922,7 +2847,7 @@ join_namespaces (runtime_spec_schema_config_schema *def, struct init_status_s { /* fd to the namespace to join. */ - int fd[MAX_NAMESPACES+1]; + int fd[MAX_NAMESPACES + 1]; /* Index into def->linux->namespaces. */ int index[MAX_NAMESPACES]; /* CLONE_* value. */ @@ -2952,7 +2877,8 @@ struct init_status_s int namespaces_to_unshare; }; -void cleanup_free_init_statusp (struct init_status_s *ns) +void +cleanup_free_init_statusp (struct init_status_s *ns) { size_t i; @@ -2961,7 +2887,7 @@ void cleanup_free_init_statusp (struct init_status_s *ns) } static int -configure_init_status (struct init_status_s *ns, libcrun_container_t *container,libcrun_error_t *err) +configure_init_status (struct init_status_s *ns, libcrun_container_t *container, libcrun_error_t *err) { runtime_spec_schema_config_schema *def = container->container_def; size_t i; @@ -2998,7 +2924,7 @@ configure_init_status (struct init_status_s *ns, libcrun_container_t *container, fd = open (def->linux->namespaces[i]->path, O_RDONLY | O_CLOEXEC); if (UNLIKELY (fd < 0)) - return crun_make_error (err, errno, "open `%s`", def->linux->namespaces[i]->path); + return crun_make_error (err, errno, "open `%s`", def->linux->namespaces[i]->path); if (value == CLONE_NEWUSER) { @@ -3024,9 +2950,7 @@ configure_init_status (struct init_status_s *ns, libcrun_container_t *container, } static int -init_container (libcrun_container_t *container, - int sync_socket_container, - struct init_status_s *init_status, +init_container (libcrun_container_t *container, int sync_socket_container, struct init_status_s *init_status, libcrun_error_t *err) { runtime_spec_schema_config_schema *def = container->container_def; @@ -3093,7 +3017,8 @@ init_container (libcrun_container_t *container, /* If we need to join another user namespace, do it immediately before creating any other namespace. */ ret = setns (init_status->fd[init_status->userns_index], CLONE_NEWUSER); if (UNLIKELY (ret < 0)) - return crun_make_error (err, errno, "cannot setns `%s`", def->linux->namespaces[init_status->userns_index_origin]->path); + return crun_make_error (err, errno, "cannot setns `%s`", + def->linux->namespaces[init_status->userns_index_origin]->path); } ret = setresuid (0, 0, 0); @@ -3162,13 +3087,10 @@ init_container (libcrun_container_t *container, } pid_t -libcrun_run_linux_container (libcrun_container_t *container, - container_entrypoint_t entrypoint, - void *args, - int *sync_socket_out, - libcrun_error_t *err) +libcrun_run_linux_container (libcrun_container_t *container, container_entrypoint_t entrypoint, void *args, + int *sync_socket_out, libcrun_error_t *err) { - __attribute__((cleanup (cleanup_free_init_statusp))) struct init_status_s init_status; + __attribute__ ((cleanup (cleanup_free_init_statusp))) struct init_status_s init_status; runtime_spec_schema_config_schema *def = container->container_def; cleanup_close int sync_socket_container = -1; char *notify_socket_env = NULL; @@ -3202,9 +3124,7 @@ libcrun_run_linux_container (libcrun_container_t *container, return ret; #endif - get_uid_gid_from_def (container->container_def, - &container->container_uid, - &container->container_gid); + get_uid_gid_from_def (container->container_def, &container->container_uid, &container->container_gid); /* This must be done before we enter a user namespace. */ if (def->process) @@ -3262,10 +3182,11 @@ libcrun_run_linux_container (libcrun_container_t *container, clone_can_create_userns = init_status.fd_len == 0; if ((init_status.all_namespaces & CLONE_NEWUSER) && init_status.userns_index < 0) - init_status.delayed_userns_create = !clone_can_create_userns || init_status.fd_len > 0; + init_status.delayed_userns_create = ! clone_can_create_userns || init_status.fd_len > 0; /* If we create a new user namespace, create it as part of the clone. */ - pid = syscall_clone ((init_status.namespaces_to_unshare & (clone_can_create_userns ? CLONE_NEWUSER : 0)) | SIGCHLD, NULL); + pid = syscall_clone ((init_status.namespaces_to_unshare & (clone_can_create_userns ? CLONE_NEWUSER : 0)) | SIGCHLD, + NULL); if (UNLIKELY (pid < 0)) return crun_make_error (err, errno, "clone"); @@ -3348,7 +3269,7 @@ libcrun_run_linux_container (libcrun_container_t *container, send_error_to_sync_socket_and_die (sync_socket_container, false, err); -localfail: + localfail: libcrun_fail_with_error ((*err)->status, "%s", (*err)->msg); _exit (EXIT_FAILURE); } @@ -3374,10 +3295,7 @@ libcrun_run_linux_container (libcrun_container_t *container, } static int -join_process_parent_helper (pid_t child_pid, - int sync_socket_fd, - libcrun_container_status_t *status, - int *terminal_fd, +join_process_parent_helper (pid_t child_pid, int sync_socket_fd, libcrun_container_status_t *status, int *terminal_fd, libcrun_error_t *err) { int ret, pid_status; @@ -3435,13 +3353,18 @@ join_process_parent_helper (pid_t child_pid, } int -libcrun_join_process (libcrun_container_t *container, pid_t pid_to_join, libcrun_container_status_t *status, int detach, int *terminal_fd, libcrun_error_t *err) +libcrun_join_process (libcrun_container_t *container, pid_t pid_to_join, libcrun_container_status_t *status, int detach, + int *terminal_fd, libcrun_error_t *err) { pid_t pid; int ret; int sync_socket_fd[2]; - int fds[10] = {-1, }; - int fds_joined[10] = {0, }; + int fds[10] = { + -1, + }; + int fds_joined[10] = { + 0, + }; runtime_spec_schema_config_schema *def = container->container_def; size_t i; cleanup_close int sync_fd = -1; @@ -3527,7 +3450,7 @@ libcrun_join_process (libcrun_container_t *container, pid_t pid_to_join, libcrun break; } } - if (!found) + if (! found) { /* It was not requested to create this ns, so just ignore it. */ fds_joined[i] = 1; @@ -3620,7 +3543,7 @@ libcrun_join_process (libcrun_container_t *container, pid_t pid_to_join, libcrun return pid; - exit: +exit: if (sync_socket_fd[0] >= 0) TEMP_FAILURE_RETRY (close (sync_socket_fd[0])); if (sync_socket_fd[1] >= 0) @@ -3632,13 +3555,14 @@ libcrun_join_process (libcrun_container_t *container, pid_t pid_to_join, libcrun } int -libcrun_linux_container_update (libcrun_container_status_t *status, const char *content, size_t len arg_unused, libcrun_error_t *err) +libcrun_linux_container_update (libcrun_container_status_t *status, const char *content, size_t len arg_unused, + libcrun_error_t *err) { int ret; yajl_val tree = NULL; parser_error parser_err = NULL; runtime_spec_schema_config_linux_resources *resources = NULL; - struct parser_context ctx = {0, stderr}; + struct parser_context ctx = { 0, stderr }; int cgroup_mode; cgroup_mode = libcrun_get_cgroup_mode (err); @@ -3658,7 +3582,7 @@ libcrun_linux_container_update (libcrun_container_status_t *status, const char * ret = libcrun_update_cgroup_resources (cgroup_mode, resources, status->cgroup_path, err); - cleanup: +cleanup: if (tree) yajl_tree_free (tree); free (parser_err); @@ -3693,9 +3617,9 @@ libcrun_set_personality (runtime_spec_schema_defs_linux_personality *p, libcrun_ int ret; if (strcmp (p->domain, "LINUX") == 0) - persona = PER_LINUX; + persona = PER_LINUX; else if (strcmp (p->domain, "LINUX32") == 0) - persona = PER_LINUX32; + persona = PER_LINUX32; else return crun_make_error (err, 0, "unknown persona specified `%s`", p->domain); @@ -3712,10 +3636,7 @@ libcrun_configure_network (libcrun_container_t *container, libcrun_error_t *err) int ret; size_t i; bool configure_network = false; - struct ifreq ifr_lo = { - .ifr_name = "lo", - .ifr_flags = IFF_UP | IFF_RUNNING - }; + struct ifreq ifr_lo = { .ifr_name = "lo", .ifr_flags = IFF_UP | IFF_RUNNING }; runtime_spec_schema_config_schema *def = container->container_def; cleanup_close int sockfd = -1; @@ -3748,7 +3669,8 @@ libcrun_configure_network (libcrun_container_t *container, libcrun_error_t *err) /* Protection for attacks like CVE-2019-5736. */ int ensure_cloned_binary (); -__attribute__((constructor)) static void libcrun_rexec(void) +__attribute__ ((constructor)) static void +libcrun_rexec (void) { if (ensure_cloned_binary () < 0) { @@ -3758,24 +3680,18 @@ __attribute__((constructor)) static void libcrun_rexec(void) } int -libcrun_container_checkpoint_linux (libcrun_container_status_t *status, - libcrun_container_t *container, - libcrun_checkpoint_restore_t *cr_options, - libcrun_error_t *err) +libcrun_container_checkpoint_linux (libcrun_container_status_t *status, libcrun_container_t *container, + libcrun_checkpoint_restore_t *cr_options, libcrun_error_t *err) { - return libcrun_container_checkpoint_linux_criu (status, container, - cr_options, err); + return libcrun_container_checkpoint_linux_criu (status, container, cr_options, err); } int -libcrun_container_restore_linux (libcrun_container_status_t *status, - libcrun_container_t *container, - libcrun_checkpoint_restore_t *cr_options, - libcrun_error_t *err) +libcrun_container_restore_linux (libcrun_container_status_t *status, libcrun_container_t *container, + libcrun_checkpoint_restore_t *cr_options, libcrun_error_t *err) { int ret; - ret = libcrun_container_restore_linux_criu (status, container, - cr_options, err); + ret = libcrun_container_restore_linux_criu (status, container, cr_options, err); if (UNLIKELY (ret < 0)) return ret; diff --git a/src/libcrun/linux.h b/src/libcrun/linux.h index fd9524f4a1..c40364b146 100644 --- a/src/libcrun/linux.h +++ b/src/libcrun/linux.h @@ -16,33 +16,31 @@ * along with crun. If not, see . */ #ifndef LINUX_H -# define LINUX_H -# include -# include -# include -# include "error.h" -# include -# include -# include -# include "container.h" -# include "status.h" +#define LINUX_H +#include +#include +#include +#include "error.h" +#include +#include +#include +#include "container.h" +#include "status.h" -typedef int (*container_entrypoint_t) (void *args, char *notify_socket, - int sync_socket, - libcrun_error_t *err); +typedef int (*container_entrypoint_t) (void *args, char *notify_socket, int sync_socket, libcrun_error_t *err); -pid_t libcrun_run_linux_container (libcrun_container_t *container, - container_entrypoint_t entrypoint, - void *args, - int *sync_socket_out, - libcrun_error_t *err); -int get_notify_fd (libcrun_context_t *context, libcrun_container_t *container, int *notify_socket_out, libcrun_error_t *err); +pid_t libcrun_run_linux_container (libcrun_container_t *container, container_entrypoint_t entrypoint, void *args, + int *sync_socket_out, libcrun_error_t *err); +int get_notify_fd (libcrun_context_t *context, libcrun_container_t *container, int *notify_socket_out, + libcrun_error_t *err); int libcrun_set_mounts (libcrun_container_t *container, const char *rootfs, libcrun_error_t *err); int libcrun_do_pivot_root (libcrun_container_t *container, bool no_pivot, const char *rootfs, libcrun_error_t *err); int libcrun_reopen_dev_null (libcrun_error_t *err); int libcrun_set_usernamespace (libcrun_container_t *container, pid_t pid, libcrun_error_t *err); -int libcrun_set_caps (runtime_spec_schema_config_schema_process_capabilities *capabilities, uid_t uid, gid_t gid, int no_new_privileges, libcrun_error_t *err); -int libcrun_set_rlimits (runtime_spec_schema_config_schema_process_rlimits_element **rlimits, size_t len, libcrun_error_t *err); +int libcrun_set_caps (runtime_spec_schema_config_schema_process_capabilities *capabilities, uid_t uid, gid_t gid, + int no_new_privileges, libcrun_error_t *err); +int libcrun_set_rlimits (runtime_spec_schema_config_schema_process_rlimits_element **rlimits, size_t len, + libcrun_error_t *err); int libcrun_set_selinux_exec_label (runtime_spec_schema_config_schema_process *proc, libcrun_error_t *err); int libcrun_set_apparmor_profile (runtime_spec_schema_config_schema_process *proc, libcrun_error_t *err); int libcrun_set_hostname (libcrun_container_t *container, libcrun_error_t *err); @@ -50,8 +48,10 @@ int libcrun_set_oom (libcrun_container_t *container, libcrun_error_t *err); int libcrun_set_sysctl_from_schema (runtime_spec_schema_config_schema *def, libcrun_error_t *err); int libcrun_set_sysctl (libcrun_container_t *container, libcrun_error_t *err); int libcrun_set_terminal (libcrun_container_t *container, libcrun_error_t *err); -int libcrun_join_process (libcrun_container_t *container, pid_t pid_to_join, libcrun_container_status_t *status, int detach, int *terminal_fd, libcrun_error_t *err); -int libcrun_linux_container_update (libcrun_container_status_t *status, const char *content, size_t len, libcrun_error_t *err); +int libcrun_join_process (libcrun_container_t *container, pid_t pid_to_join, libcrun_container_status_t *status, + int detach, int *terminal_fd, libcrun_error_t *err); +int libcrun_linux_container_update (libcrun_container_status_t *status, const char *content, size_t len, + libcrun_error_t *err); int libcrun_create_keyring (const char *name, libcrun_error_t *err); int libcrun_container_pause_linux (libcrun_container_status_t *status, libcrun_error_t *err); int libcrun_container_unpause_linux (libcrun_container_status_t *status, libcrun_error_t *err); @@ -59,15 +59,11 @@ int libcrun_container_enter_cgroup_ns (libcrun_container_t *container, libcrun_e int libcrun_set_personality (runtime_spec_schema_defs_linux_personality *p, libcrun_error_t *err); int libcrun_configure_network (libcrun_container_t *container, libcrun_error_t *err); -int libcrun_container_checkpoint_linux (libcrun_container_status_t *status, - libcrun_container_t *container, - libcrun_checkpoint_restore_t *cr_options, - libcrun_error_t *err); +int libcrun_container_checkpoint_linux (libcrun_container_status_t *status, libcrun_container_t *container, + libcrun_checkpoint_restore_t *cr_options, libcrun_error_t *err); -int libcrun_container_restore_linux (libcrun_container_status_t *status, - libcrun_container_t *container, - libcrun_checkpoint_restore_t *cr_options, - libcrun_error_t *err); +int libcrun_container_restore_linux (libcrun_container_status_t *status, libcrun_container_t *container, + libcrun_checkpoint_restore_t *cr_options, libcrun_error_t *err); int libcrun_find_namespace (const char *name); char *libcrun_get_external_descriptors (libcrun_container_t *container); diff --git a/src/libcrun/seccomp.c b/src/libcrun/seccomp.c index 0123cc5f92..9daa18f791 100644 --- a/src/libcrun/seccomp.c +++ b/src/libcrun/seccomp.c @@ -42,33 +42,33 @@ #include #ifndef __NR_seccomp -# define __NR_seccomp 0xffff //seccomp syscall number unknown for this architecture +# define __NR_seccomp 0xffff // seccomp syscall number unknown for this architecture #endif #ifndef SECCOMP_SET_MODE_STRICT -# define SECCOMP_SET_MODE_STRICT 0 +# define SECCOMP_SET_MODE_STRICT 0 #endif #ifndef SECCOMP_SET_MODE_FILTER -# define SECCOMP_SET_MODE_FILTER 1 +# define SECCOMP_SET_MODE_FILTER 1 #endif #ifndef SECCOMP_FILTER_FLAG_TSYNC -# define SECCOMP_FILTER_FLAG_TSYNC (1UL << 0) +# define SECCOMP_FILTER_FLAG_TSYNC (1UL << 0) #endif #ifndef SECCOMP_FILTER_FLAG_LOG -# define SECCOMP_FILTER_FLAG_LOG (1UL << 1) +# define SECCOMP_FILTER_FLAG_LOG (1UL << 1) #endif #ifndef SECCOMP_FILTER_FLAG_SPEC_ALLOW -# define SECCOMP_FILTER_FLAG_SPEC_ALLOW (1UL << 2) +# define SECCOMP_FILTER_FLAG_SPEC_ALLOW (1UL << 2) #endif static int syscall_seccomp (unsigned int operation, unsigned int flags, void *args) { - return (int) syscall (__NR_seccomp, operation, flags, args); + return ( int ) syscall (__NR_seccomp, operation, flags, args); } static unsigned long @@ -131,7 +131,7 @@ get_seccomp_action (const char *name, int errno_ret, libcrun_error_t *err) return SCMP_ACT_NOTIFY; #endif - fail: +fail: crun_make_error (err, 0, "seccomp get action", name); return 0; } @@ -149,14 +149,15 @@ make_lowercase (char *str) static void cleanup_seccompp (void *p) { - scmp_filter_ctx *ctx = (void **) p; + scmp_filter_ctx *ctx = ( void ** ) p; if (*ctx) seccomp_release (*ctx); } -#define cleanup_seccomp __attribute__((cleanup (cleanup_seccompp))) +#define cleanup_seccomp __attribute__ ((cleanup (cleanup_seccompp))) int -libcrun_apply_seccomp (int infd, int listener_receiver_fd, char **seccomp_flags, size_t seccomp_flags_len, libcrun_error_t *err) +libcrun_apply_seccomp (int infd, int listener_receiver_fd, char **seccomp_flags, size_t seccomp_flags_len, + libcrun_error_t *err) { int ret; struct sock_fprog seccomp_filter; @@ -167,20 +168,19 @@ libcrun_apply_seccomp (int infd, int listener_receiver_fd, char **seccomp_flags, if (infd < 0) return 0; - if (UNLIKELY (lseek (infd, 0, SEEK_SET) == (off_t) -1)) + if (UNLIKELY (lseek (infd, 0, SEEK_SET) == ( off_t ) -1)) return crun_make_error (err, errno, "lseek"); - /* if no seccomp flag was specified use a sane default. */ if (seccomp_flags == NULL) - flags = SECCOMP_FILTER_FLAG_LOG|SECCOMP_FILTER_FLAG_SPEC_ALLOW; + flags = SECCOMP_FILTER_FLAG_LOG | SECCOMP_FILTER_FLAG_SPEC_ALLOW; else { size_t i = 0; for (i = 0; i < seccomp_flags_len; i++) { if (strcmp (seccomp_flags[i], "SECCOMP_FILTER_FLAG_TSYNC") == 0) - flags |= SECCOMP_FILTER_FLAG_TSYNC; + flags |= SECCOMP_FILTER_FLAG_TSYNC; else if (strcmp (seccomp_flags[i], "SECCOMP_FILTER_FLAG_SPEC_ALLOW") == 0) flags |= SECCOMP_FILTER_FLAG_SPEC_ALLOW; else if (strcmp (seccomp_flags[i], "SECCOMP_FILTER_FLAG_LOG") == 0) @@ -195,7 +195,7 @@ libcrun_apply_seccomp (int infd, int listener_receiver_fd, char **seccomp_flags, return ret; seccomp_filter.len = len / 8; - seccomp_filter.filter = (struct sock_filter *) bpf; + seccomp_filter.filter = ( struct sock_filter * ) bpf; if (listener_receiver_fd >= 0) { @@ -348,11 +348,7 @@ libcrun_generate_seccomp (libcrun_container_t *container, int outfd, unsigned in if (! multiple_args) { - ret = seccomp_rule_add_array (ctx, - action, - syscall, - k, - arg_cmp); + ret = seccomp_rule_add_array (ctx, action, syscall, k, arg_cmp); if (UNLIKELY (ret < 0)) return crun_make_error (err, -ret, "seccomp_rule_add_array"); } @@ -362,11 +358,7 @@ libcrun_generate_seccomp (libcrun_container_t *container, int outfd, unsigned in for (r = 0; r < k; r++) { - ret = seccomp_rule_add_array (ctx, - action, - syscall, - 1, - &arg_cmp[r]); + ret = seccomp_rule_add_array (ctx, action, syscall, 1, &arg_cmp[r]); if (UNLIKELY (ret < 0)) return crun_make_error (err, -ret, "seccomp_rule_add_array"); } diff --git a/src/libcrun/seccomp.h b/src/libcrun/seccomp.h index eabf6f463b..6314d44d20 100644 --- a/src/libcrun/seccomp.h +++ b/src/libcrun/seccomp.h @@ -16,20 +16,20 @@ * along with crun. If not, see . */ #ifndef SECCOMP_H -# define SECCOMP_H -# include -# include -# include -# include "error.h" -# include -# include -# include -# include "container.h" +#define SECCOMP_H +#include +#include +#include +#include "error.h" +#include +#include +#include +#include "container.h" enum - { - LIBCRUN_SECCOMP_FAIL_UNKNOWN_SYSCALL = 1 << 0, - }; +{ + LIBCRUN_SECCOMP_FAIL_UNKNOWN_SYSCALL = 1 << 0, +}; int libcrun_generate_seccomp (libcrun_container_t *container, int outfd, unsigned int options, libcrun_error_t *err); int libcrun_apply_seccomp (int infd, int listener_receiver_fd, char **flags, size_t flags_len, libcrun_error_t *err); diff --git a/src/libcrun/seccomp_notify.c b/src/libcrun/seccomp_notify.c index f872107c07..a179615801 100644 --- a/src/libcrun/seccomp_notify.c +++ b/src/libcrun/seccomp_notify.c @@ -19,21 +19,21 @@ #include #if HAVE_SECCOMP_GET_NOTIF_SIZES -# include -# include -# include -# include +# include +# include +# include +# include #endif #ifdef HAVE_DLOPEN -# include +# include #endif #include "utils.h" #include "seccomp_notify.h" #ifndef SECCOMP_USER_NOTIF_FLAG_CONTINUE -# define SECCOMP_USER_NOTIF_FLAG_CONTINUE (1UL << 0) +# define SECCOMP_USER_NOTIF_FLAG_CONTINUE (1UL << 0) #endif struct plugin @@ -80,7 +80,8 @@ seccomp_syscall (unsigned int op, unsigned int flags, void *args) #endif LIBCRUN_PUBLIC int -libcrun_load_seccomp_notify_plugins (struct seccomp_notify_context_s **out, const char *plugins, struct libcrun_load_seccomp_notify_conf_s *conf, libcrun_error_t *err) +libcrun_load_seccomp_notify_plugins (struct seccomp_notify_context_s **out, const char *plugins, + struct libcrun_load_seccomp_notify_conf_s *conf, libcrun_error_t *err) { #if HAVE_DLOPEN && HAVE_SECCOMP_GET_NOTIF_SIZES cleanup_seccomp_notify_context struct seccomp_notify_context_s *ctx = xmalloc0 (sizeof *ctx); @@ -115,7 +116,8 @@ libcrun_load_seccomp_notify_plugins (struct seccomp_notify_context_s **out, cons if (ctx->plugins[s].handle == NULL) return crun_make_error (err, 0, "cannot load `%s`: %s", it, dlerror ()); - version_cb = (run_oci_seccomp_notify_plugin_version_cb) dlsym (ctx->plugins[s].handle, "run_oci_seccomp_notify_version"); + version_cb = ( run_oci_seccomp_notify_plugin_version_cb ) dlsym (ctx->plugins[s].handle, + "run_oci_seccomp_notify_version"); if (version_cb != NULL) { int version; @@ -125,11 +127,12 @@ libcrun_load_seccomp_notify_plugins (struct seccomp_notify_context_s **out, cons return crun_make_error (err, ENOTSUP, "invalid version supported by the plugin `%s`", it); } - ctx->plugins[s].handle_request_cb = (run_oci_seccomp_notify_handle_request_cb) dlsym (ctx->plugins[s].handle, "run_oci_seccomp_notify_handle_request"); + ctx->plugins[s].handle_request_cb = ( run_oci_seccomp_notify_handle_request_cb ) dlsym ( + ctx->plugins[s].handle, "run_oci_seccomp_notify_handle_request"); if (ctx->plugins[s].handle_request_cb == NULL) return crun_make_error (err, ENOTSUP, "plugin `%s` doesn't export `run_oci_seccomp_notify_handle_request`", it); - start_cb = (run_oci_seccomp_notify_start_cb) dlsym (ctx->plugins[s].handle, "run_oci_seccomp_notify_start"); + start_cb = ( run_oci_seccomp_notify_start_cb ) dlsym (ctx->plugins[s].handle, "run_oci_seccomp_notify_start"); if (start_cb) { int ret; @@ -171,7 +174,8 @@ libcrun_seccomp_notify_plugins (struct seccomp_notify_context_s *ctx, int seccom int handled = 0; int ret; - ret = ctx->plugins[i].handle_request_cb (ctx->plugins[i].opaque, &ctx->sizes, ctx->sreq, ctx->sresp, seccomp_fd, &handled); + ret = ctx->plugins[i].handle_request_cb (ctx->plugins[i].opaque, &ctx->sizes, ctx->sreq, ctx->sresp, + seccomp_fd, &handled); if (UNLIKELY (ret != 0)) return crun_make_error (err, -ret, "error handling seccomp notify request"); @@ -183,7 +187,7 @@ libcrun_seccomp_notify_plugins (struct seccomp_notify_context_s *ctx, int seccom case RUN_OCI_SECCOMP_NOTIFY_HANDLE_SEND_RESPONSE: goto send_resp; - /* The plugin will take care of it. */ + /* The plugin will take care of it. */ case RUN_OCI_SECCOMP_NOTIFY_HANDLE_DELAYED_RESPONSE: return 0; @@ -201,7 +205,7 @@ libcrun_seccomp_notify_plugins (struct seccomp_notify_context_s *ctx, int seccom ctx->sresp->error = -ENOTSUP; ctx->sresp->flags = 0; - send_resp: +send_resp: ctx->sresp->id = ctx->sreq->id; ret = ioctl (seccomp_fd, SECCOMP_IOCTL_NOTIF_SEND, ctx->sresp); if (UNLIKELY (ret < 0)) @@ -233,7 +237,7 @@ libcrun_free_seccomp_notify_plugins (struct seccomp_notify_context_s *ctx, libcr { run_oci_seccomp_notify_stop_cb cb; - cb = (run_oci_seccomp_notify_stop_cb) dlsym (ctx->plugins[i].handle, "run_oci_seccomp_notify_stop"); + cb = ( run_oci_seccomp_notify_stop_cb ) dlsym (ctx->plugins[i].handle, "run_oci_seccomp_notify_stop"); if (cb) cb (ctx->plugins[i].opaque); dlclose (ctx->plugins[i].handle); diff --git a/src/libcrun/seccomp_notify.h b/src/libcrun/seccomp_notify.h index bff71faa9e..0eb51586df 100644 --- a/src/libcrun/seccomp_notify.h +++ b/src/libcrun/seccomp_notify.h @@ -16,23 +16,26 @@ * along with crun. If not, see . */ #ifndef SECCOMP_NOTIFY_H -# define SECCOMP_NOTIFY_H +#define SECCOMP_NOTIFY_H -# include -# include "error.h" +#include +#include "error.h" -# if !(HAVE_DLOPEN && HAVE_SECCOMP_GET_NOTIF_SIZES) +#if ! (HAVE_DLOPEN && HAVE_SECCOMP_GET_NOTIF_SIZES) # define SECCOMP_NOTIFY_SKIP_TYPEDEF -# endif -# include "seccomp_notify_plugin.h" +#endif +#include "seccomp_notify_plugin.h" struct seccomp_notify_context_s; -LIBCRUN_PUBLIC int libcrun_load_seccomp_notify_plugins (struct seccomp_notify_context_s **out, const char *plugins, struct libcrun_load_seccomp_notify_conf_s *conf, libcrun_error_t *err); -LIBCRUN_PUBLIC int libcrun_seccomp_notify_plugins (struct seccomp_notify_context_s *ctx, int seccomp_fd, libcrun_error_t *err); +LIBCRUN_PUBLIC int libcrun_load_seccomp_notify_plugins (struct seccomp_notify_context_s **out, const char *plugins, + struct libcrun_load_seccomp_notify_conf_s *conf, + libcrun_error_t *err); +LIBCRUN_PUBLIC int libcrun_seccomp_notify_plugins (struct seccomp_notify_context_s *ctx, int seccomp_fd, + libcrun_error_t *err); LIBCRUN_PUBLIC int libcrun_free_seccomp_notify_plugins (struct seccomp_notify_context_s *ctx, libcrun_error_t *err); -# define cleanup_seccomp_notify_context __attribute__((cleanup (cleanup_seccomp_notify_pluginsp))) +#define cleanup_seccomp_notify_context __attribute__ ((cleanup (cleanup_seccomp_notify_pluginsp))) void cleanup_seccomp_notify_pluginsp (void *p); #endif diff --git a/src/libcrun/seccomp_notify_plugin.h b/src/libcrun/seccomp_notify_plugin.h index e7159b30ee..9ce2f54d56 100644 --- a/src/libcrun/seccomp_notify_plugin.h +++ b/src/libcrun/seccomp_notify_plugin.h @@ -17,7 +17,7 @@ */ #ifndef SECCOMP_NOTIFY_PLUGINPLUGIN_H -# include +# include struct libcrun_load_seccomp_notify_conf_s { @@ -28,33 +28,37 @@ struct libcrun_load_seccomp_notify_conf_s }; /* The plugin doesn't know how to handle the request. */ -# define RUN_OCI_SECCOMP_NOTIFY_HANDLE_NOT_HANDLED 0 +# define RUN_OCI_SECCOMP_NOTIFY_HANDLE_NOT_HANDLED 0 /* The plugin filled the response and it is ready to write. */ -# define RUN_OCI_SECCOMP_NOTIFY_HANDLE_SEND_RESPONSE 1 +# define RUN_OCI_SECCOMP_NOTIFY_HANDLE_SEND_RESPONSE 1 /* The plugin will handle the request and write directly to the fd. */ -# define RUN_OCI_SECCOMP_NOTIFY_HANDLE_DELAYED_RESPONSE 2 +# define RUN_OCI_SECCOMP_NOTIFY_HANDLE_DELAYED_RESPONSE 2 /* Specify SECCOMP_USER_NOTIF_FLAG_CONTINUE in the flags. */ -# define RUN_OCI_SECCOMP_NOTIFY_HANDLE_SEND_RESPONSE_AND_CONTINUE 3 +# define RUN_OCI_SECCOMP_NOTIFY_HANDLE_SEND_RESPONSE_AND_CONTINUE 3 -# ifndef SECCOMP_NOTIFY_SKIP_TYPEDEF +# ifndef SECCOMP_NOTIFY_SKIP_TYPEDEF /* Configure the plugin. Return an opaque pointer that will be used for successive calls. */ -typedef int (*run_oci_seccomp_notify_start_cb)(void **opaque, struct libcrun_load_seccomp_notify_conf_s *conf, size_t size_configuration); +typedef int (*run_oci_seccomp_notify_start_cb) (void **opaque, struct libcrun_load_seccomp_notify_conf_s *conf, + size_t size_configuration); /* Try to handle a single request. It MUST be defined. HANDLED specifies how the request was handled by the plugin: 0: not handled, try next plugin or return ENOTSUP if it is the last plugin. RUN_OCI_SECCOMP_NOTIFY_HANDLE_SEND_RESPONSE: sresp filled and ready to be notified to seccomp. - RUN_OCI_SECCOMP_NOTIFY_HANDLE_DELAYED_RESPONSE: the notification will be handled internally by the plugin and forwarded to seccomp_fd. It is useful for asynchronous handling. + RUN_OCI_SECCOMP_NOTIFY_HANDLE_DELAYED_RESPONSE: the notification will be handled internally by the plugin and + forwarded to seccomp_fd. It is useful for asynchronous handling. */ -typedef int (*run_oci_seccomp_notify_handle_request_cb)(void *opaque, struct seccomp_notif_sizes *sizes, struct seccomp_notif *sreq, struct seccomp_notif_resp *sresp, int seccomp_fd, int *handled); +typedef int (*run_oci_seccomp_notify_handle_request_cb) (void *opaque, struct seccomp_notif_sizes *sizes, + struct seccomp_notif *sreq, struct seccomp_notif_resp *sresp, + int seccomp_fd, int *handled); /* Stop the plugin. The opaque value is the return value from run_oci_seccomp_notify_start. */ -typedef int (*run_oci_seccomp_notify_stop_cb)(void *opaque); +typedef int (*run_oci_seccomp_notify_stop_cb) (void *opaque); /* Retrieve the API version used by the plugin. It MUST return 1. */ -typedef int (*run_oci_seccomp_notify_plugin_version_cb)(); +typedef int (*run_oci_seccomp_notify_plugin_version_cb) (); -# endif +# endif #endif diff --git a/src/libcrun/status.c b/src/libcrun/status.c index 0affa819f9..35ecbc8d28 100644 --- a/src/libcrun/status.c +++ b/src/libcrun/status.c @@ -29,7 +29,7 @@ #include #include -#define YAJL_STR(x) ((const unsigned char *) (x)) +#define YAJL_STR(x) (( const unsigned char * ) (x)) struct pid_stat { @@ -114,10 +114,10 @@ read_pid_stat (pid_t pid, struct pid_stat *st, libcrun_error_t *err) { /* The process already exited. */ if (errno == ENOENT) - { - memset (st, 0, sizeof (*st)); - return 0; - } + { + memset (st, 0, sizeof (*st)); + return 0; + } return crun_make_error (err, errno, "open state file %s", pid_stat_file); } @@ -130,11 +130,10 @@ read_pid_stat (pid_t pid, struct pid_stat *st, libcrun_error_t *err) } ret = sscanf (buffer, "%d %255s %c %d %d %d %d %d %u %lu %lu %lu %lu %lu %lu %ld %ld %ld %ld %ld %ld %llu", - &(st->pid), st->comm, &(st->state), &(st->ppid), &(st->pgrp), &(st->session), - &(st->tty_nr), &(st->tpgid), &(st->flags), &(st->minflt), &(st->cminflt), - &(st->majflt), &(st->cmajflt), &(st->utime), &(st->stime), &(st->cutime), - &(st->cstime), &(st->priority), &(st->nice), &(st->num_threads), &(st->itrealvalue), - &(st->starttime)); + &(st->pid), st->comm, &(st->state), &(st->ppid), &(st->pgrp), &(st->session), &(st->tty_nr), + &(st->tpgid), &(st->flags), &(st->minflt), &(st->cminflt), &(st->majflt), &(st->cmajflt), &(st->utime), + &(st->stime), &(st->cutime), &(st->cstime), &(st->priority), &(st->nice), &(st->num_threads), + &(st->itrealvalue), &(st->starttime)); if (UNLIKELY (ret != 22)) return crun_make_error (err, 0, "fscanf failed"); @@ -142,7 +141,8 @@ read_pid_stat (pid_t pid, struct pid_stat *st, libcrun_error_t *err) } int -libcrun_write_container_status (const char *state_root, const char *id, libcrun_container_status_t *status, libcrun_error_t *err) +libcrun_write_container_status (const char *state_root, const char *id, libcrun_container_status_t *status, + libcrun_error_t *err) { int ret; cleanup_free char *file = get_state_directory_status_file (state_root, id); @@ -213,7 +213,7 @@ libcrun_write_container_status (const char *state_root, const char *id, libcrun_ goto exit; } - if (UNLIKELY (safe_write (fd_write, buf, (ssize_t) len) < 0)) + if (UNLIKELY (safe_write (fd_write, buf, ( ssize_t ) len) < 0)) { ret = crun_make_error (err, errno, "cannot write status file"); goto exit; @@ -227,7 +227,7 @@ libcrun_write_container_status (const char *state_root, const char *id, libcrun_ goto exit; } - exit: +exit: if (gen) yajl_gen_free (gen); @@ -235,7 +235,8 @@ libcrun_write_container_status (const char *state_root, const char *id, libcrun_ } int -libcrun_read_container_status (libcrun_container_status_t *status, const char *state_root, const char *id, libcrun_error_t *err) +libcrun_read_container_status (libcrun_container_status_t *status, const char *state_root, const char *id, + libcrun_error_t *err) { cleanup_free char *buffer = NULL; char err_buffer[256]; @@ -336,7 +337,7 @@ libcrun_read_container_status (libcrun_container_status_t *status, const char *s yajl_gen_array_close (gen); yajl_gen_get_buf (gen, &buf, &buf_len); if (buf) - status->external_descriptors = xstrdup ((const char *) buf); + status->external_descriptors = xstrdup (( const char * ) buf); yajl_gen_free (gen); } yajl_tree_free (tree); @@ -356,7 +357,7 @@ libcrun_status_check_directories (const char *state_root, const char *id, libcru dir = libcrun_get_state_directory (state_root, id); if (UNLIKELY (dir == NULL)) - return crun_make_error (err, 0, "cannot get state directory"); + return crun_make_error (err, 0, "cannot get state directory"); ret = crun_path_exists (dir, err); if (UNLIKELY (ret < 0)) @@ -426,7 +427,7 @@ libcrun_container_delete_status (const char *state_root, const char *id, libcrun dir = get_run_directory (state_root); if (UNLIKELY (dir == NULL)) - return crun_make_error (err, 0, "cannot get state directory"); + return crun_make_error (err, 0, "cannot get state directory"); rundir_dfd = open (dir, O_DIRECTORY | O_RDONLY | O_CLOEXEC); if (UNLIKELY (rundir_dfd < 0)) @@ -473,7 +474,7 @@ libcrun_get_containers_list (libcrun_container_list_t **ret, const char *state_r *ret = NULL; dir = opendir (path); if (UNLIKELY (dir == NULL)) - return crun_make_error (err, errno, "cannot opendir `%s`", path); + return crun_make_error (err, errno, "cannot opendir `%s`", path); for (next = readdir (dir); next; next = readdir (dir)) { @@ -488,12 +489,12 @@ libcrun_get_containers_list (libcrun_container_list_t **ret, const char *state_r xasprintf (&status_file, "%s/%s/status", path, next->d_name); exists = crun_path_exists (status_file, err); if (exists < 0) - { - libcrun_free_containers_list (tmp); - return exists; - } + { + libcrun_free_containers_list (tmp); + return exists; + } - if (!exists) + if (! exists) continue; next_container = xmalloc (sizeof (libcrun_container_list_t)); @@ -582,7 +583,9 @@ libcrun_status_write_exec_fifo (const char *state_root, const char *id, libcrun_ { cleanup_free char *state_dir = libcrun_get_state_directory (state_root, id); cleanup_free char *fifo_path; - char buffer[1] = {0, }; + char buffer[1] = { + 0, + }; int ret; cleanup_close int fd = -1; diff --git a/src/libcrun/status.h b/src/libcrun/status.h index f96f461c6f..888567802c 100644 --- a/src/libcrun/status.h +++ b/src/libcrun/status.h @@ -17,12 +17,12 @@ */ #ifndef STATUS_H -# define STATUS_H +#define STATUS_H -# include -# include -# include "error.h" -# include "container.h" +#include +#include +#include "error.h" +#include "container.h" struct libcrun_container_list_s { @@ -46,16 +46,19 @@ struct libcrun_container_status_s }; typedef struct libcrun_container_status_s libcrun_container_status_t; -# define cleanup_container_status __attribute__((cleanup (libcrun_free_container_status))) +#define cleanup_container_status __attribute__ ((cleanup (libcrun_free_container_status))) LIBCRUN_PUBLIC void libcrun_free_container_status (libcrun_container_status_t *status); -LIBCRUN_PUBLIC int libcrun_write_container_status (const char *state_root, const char *id, libcrun_container_status_t *status, libcrun_error_t *err); -LIBCRUN_PUBLIC int libcrun_read_container_status (libcrun_container_status_t *status, const char *state_root, const char *id, libcrun_error_t *err); +LIBCRUN_PUBLIC int libcrun_write_container_status (const char *state_root, const char *id, + libcrun_container_status_t *status, libcrun_error_t *err); +LIBCRUN_PUBLIC int libcrun_read_container_status (libcrun_container_status_t *status, const char *state_root, + const char *id, libcrun_error_t *err); LIBCRUN_PUBLIC void libcrun_free_containers_list (libcrun_container_list_t *list); LIBCRUN_PUBLIC int libcrun_is_container_running (libcrun_container_status_t *status, libcrun_error_t *err); LIBCRUN_PUBLIC char *libcrun_get_state_directory (const char *state_root, const char *id); LIBCRUN_PUBLIC int libcrun_container_delete_status (const char *state_root, const char *id, libcrun_error_t *err); -LIBCRUN_PUBLIC int libcrun_get_containers_list (libcrun_container_list_t **ret, const char *state_root, libcrun_error_t *err); +LIBCRUN_PUBLIC int libcrun_get_containers_list (libcrun_container_list_t **ret, const char *state_root, + libcrun_error_t *err); int libcrun_status_check_directories (const char *state_root, const char *id, libcrun_error_t *err); int libcrun_status_create_exec_fifo (const char *state_root, const char *id, libcrun_error_t *err); diff --git a/src/libcrun/terminal.c b/src/libcrun/terminal.c index 09d412a164..6fc46129c4 100644 --- a/src/libcrun/terminal.c +++ b/src/libcrun/terminal.c @@ -36,7 +36,6 @@ struct terminal_status_s struct termios termios; }; - int libcrun_new_terminal (char **pty, libcrun_error_t *err) { @@ -135,7 +134,7 @@ libcrun_setup_terminal_ptmx (int fd, void **current_status, libcrun_error_t *err void cleanup_terminalp (void *p) { - struct terminal_status_s **s = (struct terminal_status_s **) p; + struct terminal_status_s **s = ( struct terminal_status_s ** ) p; if (*s) { tcsetattr ((*s)->fd, TCSANOW, &(*s)->termios); @@ -146,7 +145,7 @@ cleanup_terminalp (void *p) int libcrun_terminal_setup_size (int fd, unsigned short rows, unsigned short cols, libcrun_error_t *err) { - struct winsize ws = {.ws_row = rows, .ws_col = cols}; + struct winsize ws = { .ws_row = rows, .ws_col = cols }; int ret; if (ws.ws_row == 0 || ws.ws_col == 0) diff --git a/src/libcrun/terminal.h b/src/libcrun/terminal.h index 233500aac0..27da55403c 100644 --- a/src/libcrun/terminal.h +++ b/src/libcrun/terminal.h @@ -16,14 +16,14 @@ * along with crun. If not, see . */ #ifndef TERMINAL_H -# define TERMINAL_H -# include +#define TERMINAL_H +#include -# include "container.h" -# include +#include "container.h" +#include void cleanup_terminalp (void *p); -#define cleanup_terminal __attribute__((cleanup (cleanup_terminalp))) +#define cleanup_terminal __attribute__ ((cleanup (cleanup_terminalp))) int libcrun_new_terminal (char **pty, libcrun_error_t *err); diff --git a/src/libcrun/utils.c b/src/libcrun/utils.c index a7966652bb..dc4e119874 100644 --- a/src/libcrun/utils.c +++ b/src/libcrun/utils.c @@ -42,29 +42,27 @@ #include #ifndef RESOLVE_IN_ROOT -# define RESOLVE_IN_ROOT 0x10 +# define RESOLVE_IN_ROOT 0x10 #endif #ifndef __NR_openat2 -# define __NR_openat2 437 +# define __NR_openat2 437 #endif static int syscall_openat2 (int dirfd, const char *path, uint64_t flags, uint64_t mode, uint64_t resolve) { struct openat2_open_how - { - uint64_t flags; - uint64_t mode; - uint64_t resolve; - } - how = - { - .flags = flags, - .mode = mode, - .resolve = resolve, - }; + { + uint64_t flags; + uint64_t mode; + uint64_t resolve; + } how = { + .flags = flags, + .mode = mode, + .resolve = resolve, + }; - return (int) syscall (__NR_openat2, dirfd, path, &how, sizeof (how), 0); + return ( int ) syscall (__NR_openat2, dirfd, path, &how, sizeof (how), 0); } int @@ -159,7 +157,7 @@ get_file_type_fd (int fd, mode_t *mode) *mode = stx.stx_mode; return ret; - fallback: +fallback: #endif ret = fstat (fd, &st); *mode = st.st_mode; @@ -186,7 +184,7 @@ get_file_type_at (int dirfd, mode_t *mode, bool nofollow, const char *path) *mode = stx.stx_mode; return ret; - fallback: +fallback: #endif ret = fstatat (dirfd, path, &st, nofollow ? AT_SYMLINK_NOFOLLOW : 0); *mode = st.st_mode; @@ -300,7 +298,7 @@ check_fd_under_path (const char *rootfs, size_t rootfslen, int fd, const char *f if (UNLIKELY (ret < 0)) return crun_make_error (err, errno, "readlink `%s`", fdname); - if (((size_t) ret) <= rootfslen || memcmp (link, rootfs, rootfslen) != 0) + if ((( size_t ) ret) <= rootfslen || memcmp (link, rootfs, rootfslen) != 0) return crun_make_error (err, 0, "target `%s` not under the directory `%s`", fdname, rootfs); return 0; @@ -320,8 +318,8 @@ close_and_replace (int *oldfd, int newfd) char *chroot_realpath (const char *chroot, const char *path, char resolved_path[]); int -safe_openat (int dirfd, const char *rootfs, size_t rootfs_len, const char *path, int flags, - int mode, libcrun_error_t *err) +safe_openat (int dirfd, const char *rootfs, size_t rootfs_len, const char *path, int flags, int mode, + libcrun_error_t *err) { int ret; cleanup_close int fd = -1; @@ -343,7 +341,7 @@ safe_openat (int dirfd, const char *rootfs, size_t rootfs_len, const char *path, return ret; } - fallback: +fallback: path_in_chroot = chroot_realpath (rootfs, path, buffer); if (path_in_chroot == NULL) return crun_make_error (err, errno, "cannot resolve `%s` under rootfs", path); @@ -363,13 +361,13 @@ safe_openat (int dirfd, const char *rootfs, size_t rootfs_len, const char *path, return ret; ret = fd; - fd = - 1; + fd = -1; return ret; } static int -crun_safe_ensure_at (bool dir, int dirfd, const char *dirpath, size_t dirpath_len, const char *path, - int mode, libcrun_error_t *err) +crun_safe_ensure_at (bool dir, int dirfd, const char *dirpath, size_t dirpath_len, const char *path, int mode, + libcrun_error_t *err) { cleanup_close int wd_cleanup = -1; cleanup_free char *npath = NULL; @@ -406,7 +404,7 @@ crun_safe_ensure_at (bool dir, int dirfd, const char *dirpath, size_t dirpath_le if (strcmp (cur, "..") == 0) return crun_make_error (err, 0, "invalid path `%s`", path); - if (!last_component || dir) + if (! last_component || dir) ret = mkdirat (cwd, cur, mode); else { @@ -515,7 +513,7 @@ get_file_size (int fd, off_t *size) return ret; - fallback: +fallback: #endif ret = fstat (fd, &st); *size = st.st_size; @@ -634,7 +632,8 @@ add_selinux_mount_label (char **retlabel, const char *data, const char *label, l } static int -write_file_and_check_fs_type (const char *file, const char *data, size_t len, unsigned int type, const char *type_name, libcrun_error_t *err) +write_file_and_check_fs_type (const char *file, const char *data, size_t len, unsigned int type, const char *type_name, + libcrun_error_t *err) { int ret; struct statfs sfs; @@ -669,7 +668,8 @@ set_selinux_exec_label (const char *label, libcrun_error_t *err) if (ret) { - ret = write_file_and_check_fs_type ("/proc/thread-self/attr/exec", label, strlen (label), PROC_SUPER_MAGIC, "procfs", err); + ret = write_file_and_check_fs_type ("/proc/thread-self/attr/exec", label, strlen (label), PROC_SUPER_MAGIC, + "procfs", err); if (UNLIKELY (ret < 0)) return ret; } @@ -698,7 +698,8 @@ set_apparmor_profile (const char *profile, libcrun_error_t *err) xasprintf (&buf, "exec %s", profile); - ret = write_file_and_check_fs_type ("/proc/thread-self/attr/exec", buf, strlen (buf), PROC_SUPER_MAGIC, "procfs", err); + ret = write_file_and_check_fs_type ("/proc/thread-self/attr/exec", buf, strlen (buf), PROC_SUPER_MAGIC, "procfs", + err); if (UNLIKELY (ret < 0)) return ret; } @@ -723,7 +724,7 @@ read_all_fd (int fd, const char *description, char **out, size_t *len, libcrun_e allocated = 4096; buf = xmalloc (allocated + 1); nread = 0; - while ((size && nread < (size_t) size) || size == 0) + while ((size && nread < ( size_t ) size) || size == 0) { ret = TEMP_FAILURE_RETRY (read (fd, buf + nread, allocated - nread)); if (UNLIKELY (ret < 0)) @@ -781,7 +782,7 @@ open_unix_domain_client_socket (const char *path, int dgram, libcrun_error_t *er return crun_make_error (err, 0, "invalid path %s specified", path); strcpy (addr.sun_path, path); addr.sun_family = AF_UNIX; - ret = connect (fd, (struct sockaddr *) &addr, sizeof (addr)); + ret = connect (fd, ( struct sockaddr * ) &addr, sizeof (addr)); if (UNLIKELY (ret < 0)) return crun_make_error (err, errno, "connect socket to `%s`", path); @@ -804,11 +805,11 @@ open_unix_domain_socket (const char *path, int dgram, libcrun_error_t *err) return crun_make_error (err, 0, "invalid path %s specified", path); strcpy (addr.sun_path, path); addr.sun_family = AF_UNIX; - ret = bind (fd, (struct sockaddr *) &addr, sizeof (addr)); + ret = bind (fd, ( struct sockaddr * ) &addr, sizeof (addr)); if (UNLIKELY (ret < 0)) return crun_make_error (err, errno, "bind socket to `%s`", path); - if (!dgram) + if (! dgram) { ret = listen (fd, 1); if (UNLIKELY (ret < 0)) @@ -847,7 +848,7 @@ send_fd_to_socket (int server, int fd, libcrun_error_t *err) cmsg->cmsg_type = SCM_RIGHTS; cmsg->cmsg_len = CMSG_LEN (sizeof (int)); - *((int *) CMSG_DATA (cmsg)) = fd; + *(( int * ) CMSG_DATA (cmsg)) = fd; ret = TEMP_FAILURE_RETRY (sendmsg (server, &msg, 0)); if (UNLIKELY (ret < 0)) @@ -966,7 +967,7 @@ copy_from_fd_to_fd (int src, int dst, int consume, libcrun_error_t *err) fallback: #endif -# define BUFFER_SIZE 4096 +#define BUFFER_SIZE 4096 buffer = xmalloc (BUFFER_SIZE); nread = TEMP_FAILURE_RETRY (read (src, buffer, BUFFER_SIZE)); @@ -989,7 +990,6 @@ copy_from_fd_to_fd (int src, int dst, int consume, libcrun_error_t *err) while (consume && nread); return 0; - } int @@ -1014,58 +1014,65 @@ run_process (char **args, libcrun_error_t *err) #ifndef HAVE_FGETPWENT_R static unsigned -atou(char **s) +atou (char **s) { unsigned x; for (x = 0; **s - '0' < 10; ++*s) - x = 10 * x + (**s-'0'); + x = 10 * x + (**s - '0'); return x; } int -fgetpwent_r(FILE *f, struct passwd *pw, char *line, size_t size, struct passwd **res) +fgetpwent_r (FILE *f, struct passwd *pw, char *line, size_t size, struct passwd **res) { char *s; int rv = 0; for (;;) { - line[size-1] = '\xff'; - if ( (fgets(line, size, f) == NULL) || ferror(f) || line[size-1] != '\xff' ) { - rv = (line[size-1] != '\xff') ? ERANGE : ENOENT; - line = 0; - pw = 0; - break; - } - line[strcspn(line, "\n")] = 0; + line[size - 1] = '\xff'; + if ((fgets (line, size, f) == NULL) || ferror (f) || line[size - 1] != '\xff') + { + rv = (line[size - 1] != '\xff') ? ERANGE : ENOENT; + line = 0; + pw = 0; + break; + } + line[strcspn (line, "\n")] = 0; - s = line; - pw->pw_name = s++; - if (!(s = strchr(s, ':'))) - continue; + s = line; + pw->pw_name = s++; + if (! (s = strchr (s, ':'))) + continue; - *s++ = 0; pw->pw_passwd = s; - if (!(s = strchr(s, ':'))) - continue; + *s++ = 0; + pw->pw_passwd = s; + if (! (s = strchr (s, ':'))) + continue; - *s++ = 0; pw->pw_uid = atou(&s); - if (*s != ':') - continue; + *s++ = 0; + pw->pw_uid = atou (&s); + if (*s != ':') + continue; - *s++ = 0; pw->pw_gid = atou(&s); - if (*s != ':') - continue; + *s++ = 0; + pw->pw_gid = atou (&s); + if (*s != ':') + continue; - *s++ = 0; pw->pw_gecos = s; - if (!(s = strchr(s, ':'))) - continue; + *s++ = 0; + pw->pw_gecos = s; + if (! (s = strchr (s, ':'))) + continue; - *s++ = 0; pw->pw_dir = s; - if (!(s = strchr(s, ':'))) - continue; + *s++ = 0; + pw->pw_dir = s; + if (! (s = strchr (s, ':'))) + continue; - *s++ = 0; pw->pw_shell = s; - break; - } + *s++ = 0; + pw->pw_shell = s; + break; + } *res = pw; if (rv) errno = rv; @@ -1193,7 +1200,7 @@ getsubidrange (uid_t id, int is_uid, uint32_t *from, uint32_t *len) } } -#define MIN(x,y) ((x)<(y)?(x):(y)) +#define MIN(x, y) ((x) < (y) ? (x) : (y)) size_t format_default_id_mapping (char **ret, uid_t container_id, uid_t host_id, int is_uid) @@ -1232,16 +1239,8 @@ format_default_id_mapping (char **ret, uid_t container_id, uid_t host_id, int is /* will leave SIGCHLD blocked if TIMEOUT is used. */ int -run_process_with_stdin_timeout_envp (char *path, - char **args, - const char *cwd, - int timeout, - char **envp, - char *stdin, - size_t stdin_len, - int out_fd, - int err_fd, - libcrun_error_t *err) +run_process_with_stdin_timeout_envp (char *path, char **args, const char *cwd, int timeout, char **envp, char *stdin, + size_t stdin_len, int out_fd, int err_fd, libcrun_error_t *err) { int stdin_pipe[2]; pid_t pid; @@ -1300,12 +1299,12 @@ run_process_with_stdin_timeout_envp (char *path, if (ret < 0 && errno == EAGAIN) goto timeout; } - timeout: + timeout: kill (pid, SIGKILL); return crun_make_error (err, 0, "timeout expired for `%s`", path); } - read_waitpid: + read_waitpid: r = TEMP_FAILURE_RETRY (waitpid (pid, &status, 0)); if (r < 0) return crun_make_error (err, errno, "waitpid"); @@ -1316,7 +1315,7 @@ run_process_with_stdin_timeout_envp (char *path, } else { - char *tmp_args[] = {path, NULL}; + char *tmp_args[] = { path, NULL }; int dev_null_fd = -1; if (out_fd < 0 || err_fd < 0) @@ -1429,15 +1428,15 @@ set_blocking_fd (int fd, int blocking, libcrun_error_t *err) int parse_json_file (yajl_val *out, const char *jsondata, struct parser_context *ctx arg_unused, libcrun_error_t *err) { - char errbuf[1024]; + char errbuf[1024]; - *err = NULL; + *err = NULL; - *out = yajl_tree_parse (jsondata, errbuf, sizeof (errbuf)); - if (*out == NULL) - return crun_make_error (err, 0, "cannot parse the data: `%s`", errbuf); + *out = yajl_tree_parse (jsondata, errbuf, sizeof (errbuf)); + if (*out == NULL) + return crun_make_error (err, 0, "cannot parse the data: `%s`", errbuf); - return 0; + return 0; } int @@ -1550,7 +1549,7 @@ safe_read_xattr (char **ret, int sfd, const char *srcname, const char *name, siz ssize_t current_size; ssize_t s; - current_size = (ssize_t) initial_size; + current_size = ( ssize_t ) initial_size; buffer = xmalloc (current_size + 1); while (1) @@ -1594,7 +1593,6 @@ copy_xattr (int sfd, int dfd, const char *srcname, const char *destname, libcrun return crun_make_error (err, errno, "get xattr list for `%s`", srcname); } - if (xattr_len == 0) return 0; @@ -1628,8 +1626,8 @@ copy_xattr (int sfd, int dfd, const char *srcname, const char *destname, libcrun #endif -static -int copy_rec_stat_file_at (int dfd, const char *path, mode_t *mode, off_t *size, dev_t *rdev, uid_t *uid, gid_t *gid) +static int +copy_rec_stat_file_at (int dfd, const char *path, mode_t *mode, off_t *size, dev_t *rdev, uid_t *uid, gid_t *gid) { struct stat st; int ret; @@ -1637,7 +1635,8 @@ int copy_rec_stat_file_at (int dfd, const char *path, mode_t *mode, off_t *size, #ifdef HAVE_STATX struct statx stx; - ret = statx (dfd, path, AT_SYMLINK_NOFOLLOW | AT_STATX_DONT_SYNC, STATX_TYPE | STATX_MODE | STATX_SIZE | STATX_UID | STATX_GID, &stx); + ret = statx (dfd, path, AT_SYMLINK_NOFOLLOW | AT_STATX_DONT_SYNC, + STATX_TYPE | STATX_MODE | STATX_SIZE | STATX_UID | STATX_GID, &stx); if (UNLIKELY (ret < 0)) { if (errno == ENOSYS || errno == EINVAL) @@ -1654,7 +1653,7 @@ int copy_rec_stat_file_at (int dfd, const char *path, mode_t *mode, off_t *size, return ret; - fallback: +fallback: #endif ret = fstatat (dfd, path, &st, AT_SYMLINK_NOFOLLOW); @@ -1695,8 +1694,7 @@ copy_recursive_fd_to_fd (int srcdirfd, int dfd, const char *srcname, const char uid_t uid; gid_t gid; - if (strcmp (de->d_name, ".") == 0 || - strcmp (de->d_name, "..") == 0) + if (strcmp (de->d_name, ".") == 0 || strcmp (de->d_name, "..") == 0) continue; ret = copy_rec_stat_file_at (dirfd (dsrcfd), de->d_name, &mode, &st_size, &rdev, &uid, &gid); @@ -1719,7 +1717,7 @@ copy_recursive_fd_to_fd (int srcdirfd, int dfd, const char *srcname, const char return ret; #ifdef HAVE_FGETXATTR - ret = (int) copy_xattr (srcfd, destfd, de->d_name, de->d_name, err); + ret = ( int ) copy_xattr (srcfd, destfd, de->d_name, de->d_name, err); if (UNLIKELY (ret < 0)) return ret; #endif @@ -1742,7 +1740,7 @@ copy_recursive_fd_to_fd (int srcdirfd, int dfd, const char *srcname, const char return crun_make_error (err, errno, "open directory `%s/%s`", srcname, de->d_name); #ifdef HAVE_FGETXATTR - ret = (int) copy_xattr (srcfd, destfd, de->d_name, de->d_name, err); + ret = ( int ) copy_xattr (srcfd, destfd, de->d_name, de->d_name, err); if (UNLIKELY (ret < 0)) return ret; #endif @@ -1788,11 +1786,11 @@ copy_recursive_fd_to_fd (int srcdirfd, int dfd, const char *srcname, const char if (UNLIKELY (ret < 0)) return crun_make_error (err, errno, "chown `%s/%s`", destname, de->d_name); - /* - * ALLPERMS is not defined by POSIX - */ + /* + * ALLPERMS is not defined by POSIX + */ #ifndef ALLPERMS -# define ALLPERMS (S_ISUID|S_ISGID|S_ISVTX|S_IRWXU|S_IRWXG|S_IRWXO) +# define ALLPERMS (S_ISUID | S_ISGID | S_ISVTX | S_IRWXU | S_IRWXG | S_IRWXO) #endif ret = fchmodat (destdirfd, de->d_name, mode & ALLPERMS, AT_SYMLINK_NOFOLLOW); diff --git a/src/libcrun/utils.h b/src/libcrun/utils.h index 9aa50fa792..703e276b85 100644 --- a/src/libcrun/utils.h +++ b/src/libcrun/utils.h @@ -16,37 +16,39 @@ * along with crun. If not, see . */ #ifndef UTILS_H -# define UTILS_H - -# include -# include -# include -# include -# include -# include "error.h" -# include -# include -# include -# include "container.h" - -# ifndef TEMP_FAILURE_RETRY -# define TEMP_FAILURE_RETRY(expression) \ - (__extension__ \ - ({ long int __result; \ - do __result = (long int) (expression); \ - while (__result < 0 && errno == EINTR); \ - __result; })) -# endif - -# define cleanup_file __attribute__((cleanup (cleanup_filep))) -# define cleanup_free __attribute__((cleanup (cleanup_freep))) -# define cleanup_close __attribute__((cleanup (cleanup_closep))) -# define cleanup_close_vec __attribute__((cleanup (cleanup_close_vecp))) -# define cleanup_dir __attribute__((cleanup (cleanup_dirp))) -# define arg_unused __attribute__((unused)) - -# define LIKELY(x) __builtin_expect((x),1) -# define UNLIKELY(x) __builtin_expect((x),0) +#define UTILS_H + +#include +#include +#include +#include +#include +#include "error.h" +#include +#include +#include +#include "container.h" + +#ifndef TEMP_FAILURE_RETRY +# define TEMP_FAILURE_RETRY(expression) \ + (__extension__({ \ + long int __result; \ + do \ + __result = ( long int ) (expression); \ + while (__result < 0 && errno == EINTR); \ + __result; \ + })) +#endif + +#define cleanup_file __attribute__ ((cleanup (cleanup_filep))) +#define cleanup_free __attribute__ ((cleanup (cleanup_freep))) +#define cleanup_close __attribute__ ((cleanup (cleanup_closep))) +#define cleanup_close_vec __attribute__ ((cleanup (cleanup_close_vecp))) +#define cleanup_dir __attribute__ ((cleanup (cleanup_dirp))) +#define arg_unused __attribute__ ((unused)) + +#define LIKELY(x) __builtin_expect ((x), 1) +#define UNLIKELY(x) __builtin_expect ((x), 0) static inline void * xmalloc (size_t size) @@ -78,7 +80,7 @@ xrealloc (void *ptr, size_t size) static inline void cleanup_freep (void *p) { - void **pp = (void **) p; + void **pp = ( void ** ) p; free (*pp); } @@ -87,7 +89,7 @@ cleanup_filep (FILE **f) { FILE *file = *f; if (file) - (void) fclose (file); + ( void ) fclose (file); } static inline void @@ -159,9 +161,11 @@ int crun_ensure_directory_at (int dirfd, const char *path, int mode, bool nofoll int crun_ensure_file_at (int dirfd, const char *path, int mode, bool nofollow, libcrun_error_t *err); -int crun_safe_ensure_directory_at (int dirfd, const char *dirpath, size_t dirpath_len, const char *path, int mode, libcrun_error_t *err); +int crun_safe_ensure_directory_at (int dirfd, const char *dirpath, size_t dirpath_len, const char *path, int mode, + libcrun_error_t *err); -int crun_safe_ensure_file_at (int dirfd, const char *dirpath, size_t dirpath_len, const char *path, int mode, libcrun_error_t *err); +int crun_safe_ensure_file_at (int dirfd, const char *dirpath, size_t dirpath_len, const char *path, int mode, + libcrun_error_t *err); int crun_dir_p (const char *path, bool nofollow, libcrun_error_t *err); @@ -205,7 +209,8 @@ int run_process (char **args, libcrun_error_t *err); size_t format_default_id_mapping (char **ret, uid_t container_id, uid_t host_id, int is_uid); -int run_process_with_stdin_timeout_envp (char *path, char **args, const char *cwd, int timeout, char **envp, char *stdin, size_t stdin_len, int out_fd, int err_fd, libcrun_error_t *err); +int run_process_with_stdin_timeout_envp (char *path, char **args, const char *cwd, int timeout, char **envp, + char *stdin, size_t stdin_len, int out_fd, int err_fd, libcrun_error_t *err); int close_fds_ge_than (int n, libcrun_error_t *err); @@ -235,7 +240,8 @@ int get_file_type (mode_t *mode, bool nofollow, const char *path); int get_file_type_fd (int fd, mode_t *mode); -int safe_openat (int dirfd, const char *rootfs, size_t rootfs_len, const char *path, int flags, int mode, libcrun_error_t *err); +int safe_openat (int dirfd, const char *rootfs, size_t rootfs_len, const char *path, int flags, int mode, + libcrun_error_t *err); ssize_t safe_write (int fd, const void *buf, ssize_t count); diff --git a/src/list.c b/src/list.c index 3db55de87f..79837cdd80 100644 --- a/src/list.c +++ b/src/list.c @@ -31,18 +31,18 @@ #include "libcrun/utils.h" #include "libcrun/status.h" -#define YAJL_STR(x) ((const unsigned char *) (x)) +#define YAJL_STR(x) (( const unsigned char * ) (x)) static char doc[] = "OCI runtime"; enum - { - OPTION_CONSOLE_SOCKET = 1000, - OPTION_PID_FILE, - OPTION_NO_SUBREAPER, - OPTION_NO_NEW_KEYRING, - OPTION_PRESERVE_FDS - }; +{ + OPTION_CONSOLE_SOCKET = 1000, + OPTION_PID_FILE, + OPTION_NO_SUBREAPER, + OPTION_NO_NEW_KEYRING, + OPTION_PRESERVE_FDS +}; struct list_options_s { @@ -51,19 +51,19 @@ struct list_options_s }; enum - { - LIST_TABLE = 100, - LIST_JSON, - }; +{ + LIST_TABLE = 100, + LIST_JSON, +}; static struct list_options_s list_options; -static struct argp_option options[] = - { - {"quiet", 'q', 0, 0, "show only IDs", 0}, - {"format", 'f', "FORMAT", 0, "select one of: table or json (default: \"table\")", 0}, - { 0, } - }; +static struct argp_option options[] + = { { "quiet", 'q', 0, 0, "show only IDs", 0 }, + { "format", 'f', "FORMAT", 0, "select one of: table or json (default: \"table\")", 0 }, + { + 0, + } }; static char args_doc[] = "list"; @@ -98,7 +98,9 @@ crun_command_list (struct crun_global_arguments *global_args, int argc, char **a { int first_arg; int ret, max_length = 4; - libcrun_context_t crun_context = {0, }; + libcrun_context_t crun_context = { + 0, + }; libcrun_container_list_t *list, *it; yajl_gen gen = NULL; size_t len; @@ -130,7 +132,7 @@ crun_command_list (struct crun_global_arguments *global_args, int argc, char **a if (gen == NULL) error (EXIT_FAILURE, 0, "yajl_gen_alloc failed"); - if (!list_options.quiet && list_options.format == LIST_TABLE) + if (! list_options.quiet && list_options.format == LIST_TABLE) printf ("%-*s%-10s%-8s %-39s\n", max_length, "NAME", "PID", "STATUS", "BUNDLE PATH"); else if (list_options.format == LIST_JSON) { @@ -156,7 +158,8 @@ crun_command_list (struct crun_global_arguments *global_args, int argc, char **a int pid = status.pid; const char *container_status = NULL; - ret = libcrun_get_container_state_string (it->name, &status, crun_context.state_root, &container_status, &running, err); + ret = libcrun_get_container_state_string (it->name, &status, crun_context.state_root, &container_status, + &running, err); if (UNLIKELY (ret < 0)) { libcrun_error_write_warning_and_release (stderr, &err); @@ -187,7 +190,6 @@ crun_command_list (struct crun_global_arguments *global_args, int argc, char **a } } - libcrun_free_container_status (&status); } if (list_options.format == LIST_JSON) @@ -198,10 +200,10 @@ crun_command_list (struct crun_global_arguments *global_args, int argc, char **a ret = libcrun_make_error (err, 0, "cannot generate json list"); goto exit; } - printf("%s",buf); + printf ("%s", buf); } - exit: +exit: if (gen) yajl_gen_free (gen); diff --git a/src/list.h b/src/list.h index cd4c481f66..00554b0271 100644 --- a/src/list.h +++ b/src/list.h @@ -16,9 +16,9 @@ * along with crun. If not, see . */ #ifndef LIST_H -# define LIST_H +#define LIST_H -# include "crun.h" +#include "crun.h" int crun_command_list (struct crun_global_arguments *global_args, int argc, char **argv, libcrun_error_t *error); diff --git a/src/pause.c b/src/pause.c index 13e84deffd..968328a00e 100644 --- a/src/pause.c +++ b/src/pause.c @@ -38,10 +38,9 @@ struct pause_options_s static struct pause_options_s pause_options; -static struct argp_option options[] = - { - {0, } - }; +static struct argp_option options[] = { { + 0, +} }; static char args_doc[] = "pause CONTAINER"; @@ -67,7 +66,9 @@ crun_command_pause (struct crun_global_arguments *global_args, int argc, char ** { int first_arg, ret; - libcrun_context_t crun_context = {0, }; + libcrun_context_t crun_context = { + 0, + }; argp_parse (&run_argp, argc, argv, ARGP_IN_ORDER, &first_arg, &pause_options); crun_assert_n_args (argc - first_arg, 1, 2); diff --git a/src/pause.h b/src/pause.h index 00cc80ac2a..138ce0a51a 100644 --- a/src/pause.h +++ b/src/pause.h @@ -16,9 +16,9 @@ * along with crun. If not, see . */ #ifndef PAUSE_H -# define PAUSE_H +#define PAUSE_H -# include "crun.h" +#include "crun.h" int crun_command_pause (struct crun_global_arguments *global_args, int argc, char **argv, libcrun_error_t *error); diff --git a/src/ps.c b/src/ps.c index 002a3d2bab..ff83162416 100644 --- a/src/ps.c +++ b/src/ps.c @@ -33,13 +33,13 @@ static char doc[] = "OCI runtime"; enum - { - OPTION_CONSOLE_SOCKET = 1000, - OPTION_PID_FILE, - OPTION_NO_SUBREAPER, - OPTION_NO_NEW_KEYRING, - OPTION_PRESERVE_FDS - }; +{ + OPTION_CONSOLE_SOCKET = 1000, + OPTION_PID_FILE, + OPTION_NO_SUBREAPER, + OPTION_NO_NEW_KEYRING, + OPTION_PRESERVE_FDS +}; struct ps_options_s { @@ -47,18 +47,17 @@ struct ps_options_s }; enum - { - PS_TABLE = 100, - PS_JSON, - }; +{ + PS_TABLE = 100, + PS_JSON, +}; static struct ps_options_s ps_options; -static struct argp_option options[] = - { - {"format", 'f', "FORMAT", 0, "select the output format", 0}, - { 0, } - }; +static struct argp_option options[] = { { "format", 'f', "FORMAT", 0, "select the output format", 0 }, + { + 0, + } }; static char args_doc[] = "ps"; @@ -90,7 +89,9 @@ crun_command_ps (struct crun_global_arguments *global_args, int argc, char **arg { int first_arg; int ret; - libcrun_context_t crun_context = {0, }; + libcrun_context_t crun_context = { + 0, + }; libcrun_container_status_t status; cleanup_free pid_t *pids = NULL; size_t i; @@ -137,6 +138,5 @@ crun_command_ps (struct crun_global_arguments *global_args, int argc, char **arg break; } - return 0; } diff --git a/src/ps.h b/src/ps.h index df2676595d..f2c90cef9c 100644 --- a/src/ps.h +++ b/src/ps.h @@ -16,9 +16,9 @@ * along with crun. If not, see . */ #ifndef PS_H -# define PS_H +#define PS_H -# include "crun.h" +#include "crun.h" int crun_command_ps (struct crun_global_arguments *global_args, int argc, char **argv, libcrun_error_t *error); diff --git a/src/restore.c b/src/restore.c index b7cec662ce..35145960b8 100644 --- a/src/restore.c +++ b/src/restore.c @@ -50,21 +50,18 @@ static libcrun_context_t crun_context; static libcrun_checkpoint_restore_t cr_options; -static struct argp_option options[] = { - {"bundle", 'b', "DIR", 0, "container bundle (default \".\")", 0}, - {"image-path", OPTION_IMAGE_PATH, "DIR", 0, - "path for saving criu image files", 0}, - {"work-path", OPTION_WORK_PATH, "DIR", 0, - "path for saving work files and logs", 0}, - {"tcp-established", OPTION_TCP_ESTABLISHED, 0, 0, - "allow open tcp connections", 0}, - {"ext-unix-sk", OPTION_EXT_UNIX_SK, 0, 0, "allow external unix sockets", 0}, - {"shell-job", OPTION_SHELL_JOB, 0, 0, "allow shell jobs", 0}, - {"detach", 'd', 0, 0, "detach from the container's process", 0}, - {"pid-file", OPTION_PID_FILE, "FILE", 0, - "where to write the PID of the container", 0}, - {0,} -}; +static struct argp_option options[] + = { { "bundle", 'b', "DIR", 0, "container bundle (default \".\")", 0 }, + { "image-path", OPTION_IMAGE_PATH, "DIR", 0, "path for saving criu image files", 0 }, + { "work-path", OPTION_WORK_PATH, "DIR", 0, "path for saving work files and logs", 0 }, + { "tcp-established", OPTION_TCP_ESTABLISHED, 0, 0, "allow open tcp connections", 0 }, + { "ext-unix-sk", OPTION_EXT_UNIX_SK, 0, 0, "allow external unix sockets", 0 }, + { "shell-job", OPTION_SHELL_JOB, 0, 0, "allow shell jobs", 0 }, + { "detach", 'd', 0, 0, "detach from the container's process", 0 }, + { "pid-file", OPTION_PID_FILE, "FILE", 0, "where to write the PID of the container", 0 }, + { + 0, + } }; static char args_doc[] = "restore CONTAINER"; @@ -115,12 +112,10 @@ parse_opt (int key, char *arg arg_unused, struct argp_state *state arg_unused) return 0; } -static struct argp run_argp = - { options, parse_opt, args_doc, doc, NULL, NULL, NULL }; +static struct argp run_argp = { options, parse_opt, args_doc, doc, NULL, NULL, NULL }; int -crun_command_restore (struct crun_global_arguments *global_args, int argc, - char **argv, libcrun_error_t *err) +crun_command_restore (struct crun_global_arguments *global_args, int argc, char **argv, libcrun_error_t *err) { cleanup_free char *bundle_cleanup = NULL; cleanup_free char *cr_path = NULL; @@ -138,20 +133,19 @@ crun_command_restore (struct crun_global_arguments *global_args, int argc, } else { - if (bundle[0] != '/') - { - bundle_cleanup = realpath (bundle, NULL); - if (bundle_cleanup == NULL) - libcrun_fail_with_error (errno, "realpath `%s` failed", bundle); - bundle = bundle_cleanup; - } - - if (chdir (bundle) < 0) - libcrun_fail_with_error (errno, "chdir `%s` failed", bundle); + if (bundle[0] != '/') + { + bundle_cleanup = realpath (bundle, NULL); + if (bundle_cleanup == NULL) + libcrun_fail_with_error (errno, "realpath `%s` failed", bundle); + bundle = bundle_cleanup; + } + + if (chdir (bundle) < 0) + libcrun_fail_with_error (errno, "chdir `%s` failed", bundle); } - ret = - init_libcrun_context (&crun_context, argv[first_arg], global_args, err); + ret = init_libcrun_context (&crun_context, argv[first_arg], global_args, err); if (UNLIKELY (ret < 0)) return ret; @@ -168,6 +162,5 @@ crun_command_restore (struct crun_global_arguments *global_args, int argc, } crun_context.bundle = bundle; - return libcrun_container_restore (&crun_context, argv[first_arg], - &cr_options, err); + return libcrun_container_restore (&crun_context, argv[first_arg], &cr_options, err); } diff --git a/src/restore.h b/src/restore.h index cd6caa3910..48d21d1eaf 100644 --- a/src/restore.h +++ b/src/restore.h @@ -20,7 +20,6 @@ #include "crun.h" -int crun_command_restore (struct crun_global_arguments *global_args, - int argc, char **argv, libcrun_error_t * error); +int crun_command_restore (struct crun_global_arguments *global_args, int argc, char **argv, libcrun_error_t *error); #endif diff --git a/src/run.c b/src/run.c index eebe242682..e86b52e886 100644 --- a/src/run.c +++ b/src/run.c @@ -31,32 +31,33 @@ static char doc[] = "OCI runtime"; enum - { - OPTION_CONSOLE_SOCKET = 1000, - OPTION_PID_FILE, - OPTION_NO_SUBREAPER, - OPTION_NO_NEW_KEYRING, - OPTION_PRESERVE_FDS, - OPTION_NO_PIVOT - }; +{ + OPTION_CONSOLE_SOCKET = 1000, + OPTION_PID_FILE, + OPTION_NO_SUBREAPER, + OPTION_NO_NEW_KEYRING, + OPTION_PRESERVE_FDS, + OPTION_NO_PIVOT +}; static const char *bundle = NULL; static libcrun_context_t crun_context; -static struct argp_option options[] = - { - {"bundle", 'b', "DIR", 0, "container bundle (default \".\")", 0}, - {"config", 'f', "FILE", 0, "override the config file name", 0}, - {"detach", 'd', 0, 0, "detach from the parent", 0}, - {"console-socket", OPTION_CONSOLE_SOCKET, "SOCKET", 0, "path to a socket that will receive the ptmx end of the tty", 0}, - {"preserve-fds", OPTION_PRESERVE_FDS, 0, 0, "pass additional FDs to the container", 0}, - {"pid-file", OPTION_PID_FILE, "FILE", 0, "where to write the PID of the container", 0}, - {"no-subreaper", OPTION_NO_SUBREAPER, 0, 0, "do not create a subreaper process", 0}, - {"no-new-keyring", OPTION_NO_NEW_KEYRING, 0, 0, "keep the same session key", 0}, - {"no-pivot", OPTION_NO_PIVOT, 0, 0, "do not use pivot_root", 0}, - { 0, } - }; +static struct argp_option options[] + = { { "bundle", 'b', "DIR", 0, "container bundle (default \".\")", 0 }, + { "config", 'f', "FILE", 0, "override the config file name", 0 }, + { "detach", 'd', 0, 0, "detach from the parent", 0 }, + { "console-socket", OPTION_CONSOLE_SOCKET, "SOCKET", 0, + "path to a socket that will receive the ptmx end of the tty", 0 }, + { "preserve-fds", OPTION_PRESERVE_FDS, 0, 0, "pass additional FDs to the container", 0 }, + { "pid-file", OPTION_PID_FILE, "FILE", 0, "where to write the PID of the container", 0 }, + { "no-subreaper", OPTION_NO_SUBREAPER, 0, 0, "do not create a subreaper process", 0 }, + { "no-new-keyring", OPTION_NO_NEW_KEYRING, 0, 0, "keep the same session key", 0 }, + { "no-pivot", OPTION_NO_PIVOT, 0, 0, "do not use pivot_root", 0 }, + { + 0, + } }; static char args_doc[] = "run [OPTION]... CONTAINER"; @@ -129,7 +130,7 @@ crun_command_run (struct crun_global_arguments *global_args, int argc, char **ar crun_assert_n_args (argc - first_arg, 1, 1); /* Make sure the config is an absolute path before changing the directory. */ - if ((strcmp("config.json", config_file) != 0)) + if ((strcmp ("config.json", config_file) != 0)) { if (config_file[0] != '/') { diff --git a/src/run.h b/src/run.h index fdcf32de37..ab0510a870 100644 --- a/src/run.h +++ b/src/run.h @@ -16,9 +16,9 @@ * along with crun. If not, see . */ #ifndef RUN_H -# define RUN_H +#define RUN_H -# include "crun.h" +#include "crun.h" int crun_command_run (struct crun_global_arguments *global_args, int argc, char **argv, libcrun_error_t *error); diff --git a/src/spec.c b/src/spec.c index 6577a988e7..d865d10bd2 100644 --- a/src/spec.c +++ b/src/spec.c @@ -36,17 +36,16 @@ struct spec_options_s }; enum - { - OPTION_ROOTLESS = 1000 - }; +{ + OPTION_ROOTLESS = 1000 +}; static struct spec_options_s spec_options; -static struct argp_option options[] = - { - {"rootless", OPTION_ROOTLESS, 0, 0, "spec for the rootless case", 0 }, - { 0, } - }; +static struct argp_option options[] = { { "rootless", OPTION_ROOTLESS, 0, 0, "spec for the rootless case", 0 }, + { + 0, + } }; static char args_doc[] = "spec"; @@ -72,7 +71,9 @@ int crun_command_spec (struct crun_global_arguments *global_args, int argc, char **argv, libcrun_error_t *err) { int first_arg; - libcrun_context_t crun_context = {0, }; + libcrun_context_t crun_context = { + 0, + }; int ret; cleanup_file FILE *f = NULL; @@ -91,7 +92,7 @@ crun_command_spec (struct crun_global_arguments *global_args, int argc, char **a if (f == NULL) return libcrun_make_error (err, 0, "cannot open config.json", err); - ret = libcrun_container_spec (!spec_options.rootless, f, err); + ret = libcrun_container_spec (! spec_options.rootless, f, err); return ret >= 0 ? 0 : ret; } diff --git a/src/spec.h b/src/spec.h index a13065e483..1c5437a04f 100644 --- a/src/spec.h +++ b/src/spec.h @@ -16,9 +16,9 @@ * along with crun. If not, see . */ #ifndef SPEC_H -# define SPEC_H +#define SPEC_H -# include "crun.h" +#include "crun.h" int crun_command_spec (struct crun_global_arguments *global_args, int argc, char **argv, libcrun_error_t *error); diff --git a/src/start.c b/src/start.c index 7d0d9b6b49..ec1839d243 100644 --- a/src/start.c +++ b/src/start.c @@ -31,18 +31,17 @@ static char doc[] = "OCI runtime"; enum - { - OPTION_CONSOLE_SOCKET = 1000, - OPTION_PID_FILE, - OPTION_NO_SUBREAPER, - OPTION_NO_NEW_KEYRING, - OPTION_PRESERVE_FDS - }; +{ + OPTION_CONSOLE_SOCKET = 1000, + OPTION_PID_FILE, + OPTION_NO_SUBREAPER, + OPTION_NO_NEW_KEYRING, + OPTION_PRESERVE_FDS +}; -static struct argp_option options[] = - { - {0, } - }; +static struct argp_option options[] = { { + 0, +} }; static char args_doc[] = "start CONTAINER"; @@ -68,7 +67,9 @@ crun_command_start (struct crun_global_arguments *global_args, int argc, char ** { int first_arg, ret; - libcrun_context_t crun_context = {0, }; + libcrun_context_t crun_context = { + 0, + }; argp_parse (&run_argp, argc, argv, ARGP_IN_ORDER, &first_arg, NULL); crun_assert_n_args (argc - first_arg, 1, 1); diff --git a/src/start.h b/src/start.h index 2fdccee954..aa10b54a0d 100644 --- a/src/start.h +++ b/src/start.h @@ -16,9 +16,9 @@ * along with crun. If not, see . */ #ifndef START_H -# define START_H +#define START_H -# include "crun.h" +#include "crun.h" int crun_command_start (struct crun_global_arguments *global_args, int argc, char **argv, libcrun_error_t *error); diff --git a/src/state.c b/src/state.c index dc01f2109b..487d91254e 100644 --- a/src/state.c +++ b/src/state.c @@ -31,13 +31,13 @@ static char doc[] = "OCI runtime"; enum - { - OPTION_CONSOLE_SOCKET = 1000, - OPTION_PID_FILE, - OPTION_NO_SUBREAPER, - OPTION_NO_NEW_KEYRING, - OPTION_PRESERVE_FDS - }; +{ + OPTION_CONSOLE_SOCKET = 1000, + OPTION_PID_FILE, + OPTION_NO_SUBREAPER, + OPTION_NO_NEW_KEYRING, + OPTION_PRESERVE_FDS +}; struct state_options_s { @@ -45,10 +45,9 @@ struct state_options_s static struct state_options_s state_options; -static struct argp_option options[] = - { - { 0, } - }; +static struct argp_option options[] = { { + 0, +} }; static char args_doc[] = "state CONTAINER"; @@ -73,7 +72,9 @@ int crun_command_state (struct crun_global_arguments *global_args, int argc, char **argv, libcrun_error_t *err) { int first_arg, ret; - libcrun_context_t crun_context = {0, }; + libcrun_context_t crun_context = { + 0, + }; argp_parse (&run_argp, argc, argv, ARGP_IN_ORDER, &first_arg, &state_options); crun_assert_n_args (argc - first_arg, 1, 1); diff --git a/src/state.h b/src/state.h index 1512f99997..431aa9ad52 100644 --- a/src/state.h +++ b/src/state.h @@ -16,9 +16,9 @@ * along with crun. If not, see . */ #ifndef STATE_H -# define STATE_H +#define STATE_H -# include "crun.h" +#include "crun.h" int crun_command_state (struct crun_global_arguments *global_args, int argc, char **argv, libcrun_error_t *error); diff --git a/src/unpause.c b/src/unpause.c index fa0a04aaa8..8753378c99 100644 --- a/src/unpause.c +++ b/src/unpause.c @@ -38,10 +38,9 @@ struct unpause_options_s static struct unpause_options_s unpause_options; -static struct argp_option options[] = - { - { 0, } - }; +static struct argp_option options[] = { { + 0, +} }; static char args_doc[] = "resume CONTAINER"; @@ -67,7 +66,9 @@ crun_command_unpause (struct crun_global_arguments *global_args, int argc, char { int first_arg, ret; - libcrun_context_t crun_context = {0, }; + libcrun_context_t crun_context = { + 0, + }; argp_parse (&run_argp, argc, argv, ARGP_IN_ORDER, &first_arg, &unpause_options); crun_assert_n_args (argc - first_arg, 1, 2); diff --git a/src/unpause.h b/src/unpause.h index 596e1adba1..04038baa16 100644 --- a/src/unpause.h +++ b/src/unpause.h @@ -16,9 +16,9 @@ * along with crun. If not, see . */ #ifndef UNPAUSE_H -# define UNPAUSE_H +#define UNPAUSE_H -# include "crun.h" +#include "crun.h" int crun_command_unpause (struct crun_global_arguments *global_args, int argc, char **argv, libcrun_error_t *error); diff --git a/src/update.c b/src/update.c index 2955103463..ec9051ef72 100644 --- a/src/update.c +++ b/src/update.c @@ -35,29 +35,29 @@ static char *resources = NULL; static libcrun_context_t crun_context; enum - { - FIRST_VALUE = 1000, +{ + FIRST_VALUE = 1000, - BLKIO_WEIGHT = FIRST_VALUE, + BLKIO_WEIGHT = FIRST_VALUE, - CPU_PERIOD, - CPU_QUOTA, - CPU_SHARE, - CPU_RT_PERIOD, - CPU_RT_RUNTIME, - CPUSET_CPUS, - CPUSET_MEMS, + CPU_PERIOD, + CPU_QUOTA, + CPU_SHARE, + CPU_RT_PERIOD, + CPU_RT_RUNTIME, + CPUSET_CPUS, + CPUSET_MEMS, - KERNEL_MEMORY, - KERNEL_MEMORY_TCP, - MEMORY, - MEMORY_RESERVATION, - MEMORY_SWAP, + KERNEL_MEMORY, + KERNEL_MEMORY_TCP, + MEMORY, + MEMORY_RESERVATION, + MEMORY_SWAP, - PIDS_LIMIT, + PIDS_LIMIT, - LAST_VALUE, - }; + LAST_VALUE, +}; struct description_s { @@ -67,28 +67,26 @@ struct description_s int numeric; }; -static const char *sections[] = {"blockIO", "cpu", "memory", "pids"}; +static const char *sections[] = { "blockIO", "cpu", "memory", "pids" }; -static struct description_s descriptors[] = { - {BLKIO_WEIGHT, 0, "weight", 1}, +static struct description_s descriptors[] = { { BLKIO_WEIGHT, 0, "weight", 1 }, - {CPU_PERIOD, 1, "period", 1}, - {CPU_QUOTA, 1, "quota", 1}, - {CPU_SHARE, 1, "share", 1}, - {CPU_RT_PERIOD, 1, "realtimePeriod", 1}, - {CPU_RT_RUNTIME, 1, "realtimeRuntime", 1}, - {CPUSET_CPUS, 1, "cpus", 0}, - {CPUSET_MEMS, 1, "mems", 0}, + { CPU_PERIOD, 1, "period", 1 }, + { CPU_QUOTA, 1, "quota", 1 }, + { CPU_SHARE, 1, "share", 1 }, + { CPU_RT_PERIOD, 1, "realtimePeriod", 1 }, + { CPU_RT_RUNTIME, 1, "realtimeRuntime", 1 }, + { CPUSET_CPUS, 1, "cpus", 0 }, + { CPUSET_MEMS, 1, "mems", 0 }, - {KERNEL_MEMORY, 2, "kernel", 1}, - {KERNEL_MEMORY_TCP, 2, "kernelTCP", 1}, - {MEMORY, 2, "limit", 1}, - {MEMORY_RESERVATION, 2, "reservation", 1}, - {MEMORY_SWAP, 2, "swap", 1}, + { KERNEL_MEMORY, 2, "kernel", 1 }, + { KERNEL_MEMORY_TCP, 2, "kernelTCP", 1 }, + { MEMORY, 2, "limit", 1 }, + { MEMORY_RESERVATION, 2, "reservation", 1 }, + { MEMORY_SWAP, 2, "swap", 1 }, - {PIDS_LIMIT, 3, "limit", 1}, - {0} -}; + { PIDS_LIMIT, 3, "limit", 1 }, + { 0 } }; static const char *values[LAST_VALUE - FIRST_VALUE]; @@ -98,34 +96,34 @@ set_value (int id, const char *value) values[id - FIRST_VALUE] = value; } -static struct argp_option options[] = - { - {"resources", 'r', "FILE", 0, "path to the file containing the resources to update", 0}, - {"blkio-weight", BLKIO_WEIGHT, "VALUE", 0, "Specifies per cgroup weight", 0}, - {"cpu-period", CPU_PERIOD, "VALUE", 0, "CPU CFS period to be used for hardcapping", 0}, - {"cpu-quota", CPU_QUOTA, "VALUE", 0, "CPU CFS hardcap limit", 0}, - {"cpu-share", CPU_SHARE, "VALUE", 0, "CPU shares", 0}, - {"cpu-rt-period", CPU_RT_PERIOD, "VALUE", 0, "CPU realtime period to be used for hardcapping", 0}, - {"cpu-rt-runtime", CPU_RT_RUNTIME, "VALUE", 0, "CPU realtime hardcap limit", 0}, - {"cpuset-cpus", CPUSET_CPUS, "VALUE", 0, "CPU(s) to use", 0}, - {"cpuset-mems", CPUSET_MEMS, "VALUE", 0, "Memory node(s) to use", 0}, - {"kernel-memory", KERNEL_MEMORY, "VALUE", 0, "Kernel memory limit", 0}, - {"kernel-memory-tcp", KERNEL_MEMORY_TCP, "VALUE", 0, "Kernel memory limit for tcp buffer", 0}, - {"memory", MEMORY, "VALUE", 0, "Memory limit", 0}, - {"memory-reservation", MEMORY_RESERVATION, "VALUE", 0, "Memory reservation or soft_limit", 0}, - {"memory-swap", MEMORY_SWAP, "VALUE", 0, "Total memory usage", 0}, - {"pids-limit", PIDS_LIMIT, "VALUE", 0, "Maximum number of pids allowed in the container", 0}, - {0,} - }; - -#define YAJL_STR(x) ((const unsigned char *) (x)) +static struct argp_option options[] + = { { "resources", 'r', "FILE", 0, "path to the file containing the resources to update", 0 }, + { "blkio-weight", BLKIO_WEIGHT, "VALUE", 0, "Specifies per cgroup weight", 0 }, + { "cpu-period", CPU_PERIOD, "VALUE", 0, "CPU CFS period to be used for hardcapping", 0 }, + { "cpu-quota", CPU_QUOTA, "VALUE", 0, "CPU CFS hardcap limit", 0 }, + { "cpu-share", CPU_SHARE, "VALUE", 0, "CPU shares", 0 }, + { "cpu-rt-period", CPU_RT_PERIOD, "VALUE", 0, "CPU realtime period to be used for hardcapping", 0 }, + { "cpu-rt-runtime", CPU_RT_RUNTIME, "VALUE", 0, "CPU realtime hardcap limit", 0 }, + { "cpuset-cpus", CPUSET_CPUS, "VALUE", 0, "CPU(s) to use", 0 }, + { "cpuset-mems", CPUSET_MEMS, "VALUE", 0, "Memory node(s) to use", 0 }, + { "kernel-memory", KERNEL_MEMORY, "VALUE", 0, "Kernel memory limit", 0 }, + { "kernel-memory-tcp", KERNEL_MEMORY_TCP, "VALUE", 0, "Kernel memory limit for tcp buffer", 0 }, + { "memory", MEMORY, "VALUE", 0, "Memory limit", 0 }, + { "memory-reservation", MEMORY_RESERVATION, "VALUE", 0, "Memory reservation or soft_limit", 0 }, + { "memory-swap", MEMORY_SWAP, "VALUE", 0, "Total memory usage", 0 }, + { "pids-limit", PIDS_LIMIT, "VALUE", 0, "Maximum number of pids allowed in the container", 0 }, + { + 0, + } }; + +#define YAJL_STR(x) (( const unsigned char * ) (x)) static const unsigned char * build_file (size_t *len) { size_t i; yajl_gen gen = NULL; - size_t n_sections = sizeof(sections) / sizeof(sections[0]); + size_t n_sections = sizeof (sections) / sizeof (sections[0]); int has_sections[n_sections]; const unsigned char *buf; @@ -136,8 +134,8 @@ build_file (size_t *len) error (EXIT_FAILURE, errno, "yajl_gen_alloc failed"); for (i = 0; i < LAST_VALUE - FIRST_VALUE; i++) - if (values[i]) - has_sections[descriptors[i].section] = 1; + if (values[i]) + has_sections[descriptors[i].section] = 1; for (i = 0; i < n_sections; i++) { @@ -153,7 +151,7 @@ build_file (size_t *len) { size_t j; - if (!has_sections[i]) + if (! has_sections[i]) continue; yajl_gen_string (gen, YAJL_STR (sections[i]), strlen (sections[i])); @@ -162,11 +160,11 @@ build_file (size_t *len) for (j = 0; j < LAST_VALUE - FIRST_VALUE; j++) { struct description_s *d = &descriptors[j]; - if(values[j] == NULL || d->section != i) + if (values[j] == NULL || d->section != i) continue; yajl_gen_string (gen, YAJL_STR (d->key), strlen (d->key)); - if (!d->numeric) + if (! d->numeric) yajl_gen_string (gen, YAJL_STR (values[j]), strlen (values[j])); else { @@ -244,7 +242,7 @@ crun_command_update (struct crun_global_arguments *global_args, int argc, char * if (resources == NULL) { - content = (char *) build_file (&len); + content = ( char * ) build_file (&len); return libcrun_container_update (&crun_context, argv[first_arg], content, len, err); } diff --git a/src/update.h b/src/update.h index 62da1bd787..73e3624360 100644 --- a/src/update.h +++ b/src/update.h @@ -16,9 +16,9 @@ * along with crun. If not, see . */ #ifndef UPDATE_H -# define UPDATE_H +#define UPDATE_H -# include "crun.h" +#include "crun.h" int crun_command_update (struct crun_global_arguments *global_args, int argc, char **argv, libcrun_error_t *err); diff --git a/tests/clang-format/Dockerfile b/tests/clang-format/Dockerfile new file mode 100644 index 0000000000..c96a4a6339 --- /dev/null +++ b/tests/clang-format/Dockerfile @@ -0,0 +1,3 @@ +FROM fedora:latest + +RUN yum install -y make clang-tools-extra 'dnf-command(builddep)' && dnf builddep -y crun