github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-04-30 04:34:27 +00:00
Code Issues Projects Releases Wiki Activity

agent/rustjail: Clean up some static definitions with vec! macro

Browse Source 
DEFAULT_ALLOWED_DEVICES and DEFAULT_DEVICES are essentially global
constant lists.  They're implemented as a lazy_static! initialized Vec
values.

The code to initialize them creates an empty Vec then pushes values
onto it.  We can simplify this a bit by using the vec! macro.  This
might be slightly more efficient, and it definitely stops recent
clippy versions (e.g. 1.51) from complaining about it.

fixes #1611

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This commit is contained in:
David Gibson 2021-04-16 16:26:28 +10:00
parent eaec5a6c06
commit 3c4485ece3
2 changed files with 106 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
src/agent/rustjail/src/cgroups/fs/mod.rs
View File

@ -489,63 +489,61 @@ lazy_static! {
}; };
pub static ref DEFAULT_ALLOWED_DEVICES: Vec<LinuxDeviceCgroup> = { pub static ref DEFAULT_ALLOWED_DEVICES: Vec<LinuxDeviceCgroup> = {
let mut v = Vec::new(); vec![
// all mknod to all char devices
LinuxDeviceCgroup {
allow: true,
r#type: "c".to_string(),
major: Some(WILDCARD),
minor: Some(WILDCARD),
access: "m".to_string(),
},
// all mknod to all char devices // all mknod to all block devices
v.push(LinuxDeviceCgroup { LinuxDeviceCgroup {
allow: true, allow: true,
r#type: "c".to_string(), r#type: "b".to_string(),
major: Some(WILDCARD), major: Some(WILDCARD),
minor: Some(WILDCARD), minor: Some(WILDCARD),
access: "m".to_string(), access: "m".to_string(),
}); },
// all mknod to all block devices // all read/write/mknod to char device /dev/console
v.push(LinuxDeviceCgroup { LinuxDeviceCgroup {
allow: true, allow: true,
r#type: "b".to_string(), r#type: "c".to_string(),
major: Some(WILDCARD), major: Some(5),
minor: Some(WILDCARD), minor: Some(1),
access: "m".to_string(), access: "rwm".to_string(),
}); },
// all read/write/mknod to char device /dev/console // all read/write/mknod to char device /dev/pts/<N>
v.push(LinuxDeviceCgroup { LinuxDeviceCgroup {
allow: true, allow: true,
r#type: "c".to_string(), r#type: "c".to_string(),
major: Some(5), major: Some(136),
minor: Some(1), minor: Some(WILDCARD),
access: "rwm".to_string(), access: "rwm".to_string(),
}); },
// all read/write/mknod to char device /dev/pts/<N> // all read/write/mknod to char device /dev/ptmx
v.push(LinuxDeviceCgroup { LinuxDeviceCgroup {
allow: true, allow: true,
r#type: "c".to_string(), r#type: "c".to_string(),
major: Some(136), major: Some(5),
minor: Some(WILDCARD), minor: Some(2),
access: "rwm".to_string(), access: "rwm".to_string(),
}); },
// all read/write/mknod to char device /dev/ptmx // all read/write/mknod to char device /dev/net/tun
v.push(LinuxDeviceCgroup { LinuxDeviceCgroup {
allow: true, allow: true,
r#type: "c".to_string(), r#type: "c".to_string(),
major: Some(5), major: Some(10),
minor: Some(2), minor: Some(200),
access: "rwm".to_string(), access: "rwm".to_string(),
}); },
]
// all read/write/mknod to char device /dev/net/tun
v.push(LinuxDeviceCgroup {
allow: true,
r#type: "c".to_string(),
major: Some(10),
minor: Some(200),
access: "rwm".to_string(),
});
v
}; };
} }

112
src/agent/rustjail/src/container.rs
View File

@ -132,62 +132,62 @@ lazy_static! {
}; };
pub static ref DEFAULT_DEVICES: Vec<LinuxDevice> = { pub static ref DEFAULT_DEVICES: Vec<LinuxDevice> = {
let mut v = Vec::new(); vec![
v.push(LinuxDevice { LinuxDevice {
path: "/dev/null".to_string(), path: "/dev/null".to_string(),
r#type: "c".to_string(), r#type: "c".to_string(),
major: 1, major: 1,
minor: 3, minor: 3,
file_mode: Some(0o666), file_mode: Some(0o666),
uid: Some(0xffffffff), uid: Some(0xffffffff),
gid: Some(0xffffffff), gid: Some(0xffffffff),
}); },
v.push(LinuxDevice { LinuxDevice {
path: "/dev/zero".to_string(), path: "/dev/zero".to_string(),
r#type: "c".to_string(), r#type: "c".to_string(),
major: 1, major: 1,
minor: 5, minor: 5,
file_mode: Some(0o666), file_mode: Some(0o666),
uid: Some(0xffffffff), uid: Some(0xffffffff),
gid: Some(0xffffffff), gid: Some(0xffffffff),
}); },
v.push(LinuxDevice { LinuxDevice {
path: "/dev/full".to_string(), path: "/dev/full".to_string(),
r#type: String::from("c"), r#type: String::from("c"),
major: 1, major: 1,
minor: 7, minor: 7,
file_mode: Some(0o666), file_mode: Some(0o666),
uid: Some(0xffffffff), uid: Some(0xffffffff),
gid: Some(0xffffffff), gid: Some(0xffffffff),
}); },
v.push(LinuxDevice { LinuxDevice {
path: "/dev/tty".to_string(), path: "/dev/tty".to_string(),
r#type: "c".to_string(), r#type: "c".to_string(),
major: 5, major: 5,
minor: 0, minor: 0,
file_mode: Some(0o666), file_mode: Some(0o666),
uid: Some(0xffffffff), uid: Some(0xffffffff),
gid: Some(0xffffffff), gid: Some(0xffffffff),
}); },
v.push(LinuxDevice { LinuxDevice {
path: "/dev/urandom".to_string(), path: "/dev/urandom".to_string(),
r#type: "c".to_string(), r#type: "c".to_string(),
major: 1, major: 1,
minor: 9, minor: 9,
file_mode: Some(0o666), file_mode: Some(0o666),
uid: Some(0xffffffff), uid: Some(0xffffffff),
gid: Some(0xffffffff), gid: Some(0xffffffff),
}); },
v.push(LinuxDevice { LinuxDevice {
path: "/dev/random".to_string(), path: "/dev/random".to_string(),
r#type: "c".to_string(), r#type: "c".to_string(),
major: 1, major: 1,
minor: 8, minor: 8,
file_mode: Some(0o666), file_mode: Some(0o666),
uid: Some(0xffffffff), uid: Some(0xffffffff),
gid: Some(0xffffffff), gid: Some(0xffffffff),
}); },
v ]
}; };
} }