diff --git a/.cargo/config b/.cargo/config.toml similarity index 100% rename from .cargo/config rename to .cargo/config.toml diff --git a/src/error.rs b/src/error.rs deleted file mode 100644 index a5d87b6..0000000 --- a/src/error.rs +++ /dev/null @@ -1,5 +0,0 @@ -use std::io; - -pub fn io_err_other(e: E) -> io::Error { - io::Error::new(io::ErrorKind::Other, e.to_string()) -} diff --git a/src/io/cmsg.rs b/src/io/cmsg.rs index af084e3..e13cbce 100644 --- a/src/io/cmsg.rs +++ b/src/io/cmsg.rs @@ -16,7 +16,7 @@ pub fn buffer() -> Vec { let capacity = capacity::(); unsafe { let data = std::alloc::alloc(std::alloc::Layout::array::(capacity).unwrap()); - Vec::from_raw_parts(data as *mut u8, capacity, capacity) + Vec::from_raw_parts(data, capacity, capacity) } } diff --git a/src/io/seq_packet.rs b/src/io/seq_packet.rs index 14b7313..bb00930 100644 --- a/src/io/seq_packet.rs +++ b/src/io/seq_packet.rs @@ -116,7 +116,7 @@ impl SeqPacketSocket { let mut msg = AssertSendSync(libc::msghdr { msg_name: ptr::null_mut(), msg_namelen: 0, - msg_iov: iov.as_ptr() as _, + msg_iov: iov.as_mut_ptr() as _, msg_iovlen: iov.len(), msg_control: cmsg_buf.as_mut_ptr() as *mut std::ffi::c_void, msg_controllen: cmsg_buf.len(), diff --git a/src/macros.rs b/src/macros.rs index 1184eb0..8b4cc86 100644 --- a/src/macros.rs +++ b/src/macros.rs @@ -10,13 +10,13 @@ macro_rules! c_str { macro_rules! file_descriptor_type { ($type:ident) => { #[repr(transparent)] - pub struct $type(::std::os::unix::io::RawFd); + pub struct $type(::std::os::unix::io::OwnedFd); file_descriptor_impl!($type); impl ::std::os::unix::io::FromRawFd for $type { unsafe fn from_raw_fd(fd: ::std::os::unix::io::RawFd) -> Self { - Self(fd) + Self(unsafe { ::std::os::unix::io::FromRawFd::from_raw_fd(fd) }) } } }; @@ -24,33 +24,21 @@ macro_rules! file_descriptor_type { macro_rules! file_descriptor_impl { ($type:ty) => { - impl Drop for $type { - fn drop(&mut self) { - if self.0 >= 0 { - unsafe { - libc::close(self.0); - } - } - } - } - impl ::std::os::unix::io::AsFd for $type { fn as_fd(&self) -> ::std::os::unix::io::BorrowedFd<'_> { - unsafe { ::std::os::unix::io::BorrowedFd::borrow_raw(self.0) } + ::std::os::unix::io::AsFd::as_fd(&self.0) } } impl ::std::os::unix::io::AsRawFd for $type { fn as_raw_fd(&self) -> ::std::os::unix::io::RawFd { - self.0 + ::std::os::unix::io::AsRawFd::as_raw_fd(&self.0) } } impl ::std::os::unix::io::IntoRawFd for $type { - fn into_raw_fd(mut self) -> ::std::os::unix::io::RawFd { - let fd = self.0; - self.0 = -libc::EBADF; - fd + fn into_raw_fd(self) -> ::std::os::unix::io::RawFd { + ::std::os::unix::io::IntoRawFd::into_raw_fd(self.0) } } }; diff --git a/src/main.rs b/src/main.rs index efd15ef..3fa1155 100644 --- a/src/main.rs +++ b/src/main.rs @@ -15,7 +15,6 @@ mod macros; pub mod apparmor; pub mod capability; pub mod client; -pub mod error; pub mod fork; pub mod io; pub mod lxcseccomp; diff --git a/src/nsfd.rs b/src/nsfd.rs index 18f5e7d..7a587d7 100644 --- a/src/nsfd.rs +++ b/src/nsfd.rs @@ -4,7 +4,7 @@ use std::ffi::CStr; use std::io; use std::marker::PhantomData; use std::os::raw::c_int; -use std::os::unix::io::RawFd; +use std::os::unix::io::{AsRawFd, FromRawFd, RawFd}; pub mod ns_type { pub trait NsType { @@ -38,11 +38,11 @@ impl RawNsFd { let fd = c_try!(unsafe { libc::openat(fd, path.as_ptr(), libc::O_RDONLY | libc::O_CLOEXEC) }); - Ok(Self(fd)) + Ok(unsafe { Self::from_raw_fd(fd) }) } pub fn setns(&self, ns_type: c_int) -> io::Result<()> { - c_try!(unsafe { libc::setns(self.0, ns_type) }); + c_try!(unsafe { libc::setns(self.as_raw_fd(), ns_type) }); Ok(()) } } diff --git a/src/process/id_map.rs b/src/process/id_map.rs index d61d489..2f71953 100644 --- a/src/process/id_map.rs +++ b/src/process/id_map.rs @@ -26,7 +26,7 @@ impl IdMap { pub fn map_from(&self, id: u64) -> Option { for entry in self.0.iter() { if entry.ns <= id && entry.ns + entry.range > id { - return Some(id + entry.host); + return Some(entry.host + id - entry.ns); } } diff --git a/src/process/pid_fd.rs b/src/process/pid_fd.rs index 869c2b6..9dd5859 100644 --- a/src/process/pid_fd.rs +++ b/src/process/pid_fd.rs @@ -10,12 +10,11 @@ use anyhow::{bail, Error}; use libc::pid_t; use crate::capability::Capabilities; -use crate::error::io_err_other; use crate::nsfd::{ns_type, NsFd}; use super::{CGroups, IdMap, IdMapEntry, ProcStatus, Uids, UserCaps}; -pub struct PidFd(RawFd, pid_t); +pub struct PidFd(OwnedFd, pid_t); file_descriptor_impl!(PidFd); impl PidFd { @@ -27,6 +26,7 @@ impl PidFd { let path = CString::new(format!("/proc/{pid}")).unwrap(); let fd = c_try!(unsafe { libc::open(path.as_ptr(), libc::O_DIRECTORY | libc::O_CLOEXEC) }); + let fd = unsafe { OwnedFd::from_raw_fd(fd) }; Ok(Self(fd, pid)) } @@ -39,22 +39,22 @@ impl PidFd { /// fails if reading the pid from the pidfd's proc entry fails. pub unsafe fn try_from_fd(fd: OwnedFd) -> io::Result { #[allow(clippy::unnecessary_cast)] // pid_t is a type alias - let mut this = Self(fd.into_raw_fd(), -1 as pid_t); + let mut this = Self(fd, -1 as pid_t); let pid = this.read_pid()?; this.1 = pid; Ok(this) } pub fn mount_namespace(&self) -> io::Result> { - NsFd::openat(self.0, c_str!("ns/mnt")) + NsFd::openat(self.0.as_raw_fd(), c_str!("ns/mnt")) } pub fn cgroup_namespace(&self) -> io::Result> { - NsFd::openat(self.0, c_str!("ns/cgroup")) + NsFd::openat(self.0.as_raw_fd(), c_str!("ns/cgroup")) } pub fn user_namespace(&self) -> io::Result> { - NsFd::openat(self.0, c_str!("ns/user")) + NsFd::openat(self.0.as_raw_fd(), c_str!("ns/user")) } fn fd(&self, path: &CStr, flags: c_int, mode: c_int) -> io::Result { @@ -152,7 +152,7 @@ impl PidFd { })?, 16, ) - .map_err(io_err_other) + .map_err(io::Error::other) } #[inline] @@ -163,7 +163,7 @@ impl PidFd { })?, 8, ) - .map_err(io_err_other) + .map_err(io::Error::other) } let mut ids = Uids::default(); diff --git a/src/tools.rs b/src/tools.rs index d4be066..d356070 100644 --- a/src/tools.rs +++ b/src/tools.rs @@ -33,7 +33,7 @@ pub mod vec { pub unsafe fn uninitialized(len: usize) -> Vec { unsafe { let data = std::alloc::alloc(std::alloc::Layout::array::(len).unwrap()); - Vec::from_raw_parts(data as *mut u8, len, len) + Vec::from_raw_parts(data, len, len) } } }