aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobert Swiecki <robert@swiecki.net>2023-09-29 18:11:40 +0200
committerRobert Swiecki <robert@swiecki.net>2023-09-29 18:11:40 +0200
commitf388cad3e0c44cbbfc18bd25acb636ef24f525e6 (patch)
treee0212dd7cf678f861fbcf7e0dfe19129c9ccf158
parentfbeac465681b9e26e4f9d59fda274b0fbe933e32 (diff)
downloadnsjail-f388cad3e0c44cbbfc18bd25acb636ef24f525e6.tar.gz
contain: use prlimit64 instead of setrlimit64 which seems to be glibc-specific, so it compiles with musl too
Diffstat
-rw-r--r--cmdline.cc2
-rw-r--r--contain.cc40
-rw-r--r--util.cc8
-rw-r--r--util.h11
4 files changed, 40 insertions, 21 deletions
diff --git a/cmdline.cc b/cmdline.cc
index 46365cf..1419412 100644
--- a/cmdline.cc
+++ b/cmdline.cc
@@ -332,7 +332,7 @@ uint64_t parseRLimit(int res, const char *optarg, unsigned long mul) {
return RLIM64_INFINITY;
}
struct rlimit64 cur;
- if (getrlimit64(res, &cur) == -1) {
+ if (util::getrlimit(res, &cur) == -1) {
PLOG_F("getrlimit(%d)", res);
}
if (strcasecmp(optarg, "def") == 0 || strcasecmp(optarg, "soft") == 0) {
diff --git a/contain.cc b/contain.cc
index bac5152..f0c8581 100644
--- a/contain.cc
+++ b/contain.cc
@@ -141,53 +141,53 @@ static bool containSetLimits(nsjconf_t* nsjconf) {
struct rlimit64 rl;
rl.rlim_cur = rl.rlim_max = nsjconf->rl_as;
- if (setrlimit64(RLIMIT_AS, &rl) == -1) {
- PLOG_E("setrlimit64(0, RLIMIT_AS, %" PRIu64 ")", nsjconf->rl_as);
+ if (util::setrlimit(RLIMIT_AS, rl) == -1) {
+ PLOG_E("util::setrlimit(0, RLIMIT_AS, %" PRIu64 ")", nsjconf->rl_as);
return false;
}
rl.rlim_cur = rl.rlim_max = nsjconf->rl_core;
- if (setrlimit64(RLIMIT_CORE, &rl) == -1) {
- PLOG_E("setrlimit64(0, RLIMIT_CORE, %" PRIu64 ")", nsjconf->rl_core);
+ if (util::setrlimit(RLIMIT_CORE, rl) == -1) {
+ PLOG_E("util::setrlimit(0, RLIMIT_CORE, %" PRIu64 ")", nsjconf->rl_core);
return false;
}
rl.rlim_cur = rl.rlim_max = nsjconf->rl_cpu;
- if (setrlimit64(RLIMIT_CPU, &rl) == -1) {
- PLOG_E("setrlimit64(0, RLIMIT_CPU, %" PRIu64 ")", nsjconf->rl_cpu);
+ if (util::setrlimit(RLIMIT_CPU, rl) == -1) {
+ PLOG_E("util::setrlimit(0, RLIMIT_CPU, %" PRIu64 ")", nsjconf->rl_cpu);
return false;
}
rl.rlim_cur = rl.rlim_max = nsjconf->rl_fsize;
- if (setrlimit64(RLIMIT_FSIZE, &rl) == -1) {
- PLOG_E("setrlimit64(0, RLIMIT_FSIZE, %" PRIu64 ")", nsjconf->rl_fsize);
+ if (util::setrlimit(RLIMIT_FSIZE, rl) == -1) {
+ PLOG_E("util::setrlimit(0, RLIMIT_FSIZE, %" PRIu64 ")", nsjconf->rl_fsize);
return false;
}
rl.rlim_cur = rl.rlim_max = nsjconf->rl_nofile;
- if (setrlimit64(RLIMIT_NOFILE, &rl) == -1) {
- PLOG_E("setrlimit64(0, RLIMIT_NOFILE, %" PRIu64 ")", nsjconf->rl_nofile);
+ if (util::setrlimit(RLIMIT_NOFILE, rl) == -1) {
+ PLOG_E("util::setrlimit(0, RLIMIT_NOFILE, %" PRIu64 ")", nsjconf->rl_nofile);
return false;
}
rl.rlim_cur = rl.rlim_max = nsjconf->rl_nproc;
- if (setrlimit64(RLIMIT_NPROC, &rl) == -1) {
- PLOG_E("setrlimit64(0, RLIMIT_NPROC, %" PRIu64 ")", nsjconf->rl_nproc);
+ if (util::setrlimit(RLIMIT_NPROC, rl) == -1) {
+ PLOG_E("util::setrlimit(0, RLIMIT_NPROC, %" PRIu64 ")", nsjconf->rl_nproc);
return false;
}
rl.rlim_cur = rl.rlim_max = nsjconf->rl_stack;
- if (setrlimit64(RLIMIT_STACK, &rl) == -1) {
- PLOG_E("setrlimit64(0, RLIMIT_STACK, %" PRIu64 ")", nsjconf->rl_stack);
+ if (util::setrlimit(RLIMIT_STACK, rl) == -1) {
+ PLOG_E("util::setrlimit(0, RLIMIT_STACK, %" PRIu64 ")", nsjconf->rl_stack);
return false;
}
rl.rlim_cur = rl.rlim_max = nsjconf->rl_mlock;
- if (setrlimit64(RLIMIT_MEMLOCK, &rl) == -1) {
- PLOG_E("setrlimit64(0, RLIMIT_MEMLOCK, %" PRIu64 ")", nsjconf->rl_mlock);
+ if (util::setrlimit(RLIMIT_MEMLOCK, rl) == -1) {
+ PLOG_E("util::setrlimit(0, RLIMIT_MEMLOCK, %" PRIu64 ")", nsjconf->rl_mlock);
return false;
}
rl.rlim_cur = rl.rlim_max = nsjconf->rl_rtpr;
- if (setrlimit64(RLIMIT_RTPRIO, &rl) == -1) {
- PLOG_E("setrlimit64(0, RLIMIT_RTPRIO, %" PRIu64 ")", nsjconf->rl_rtpr);
+ if (util::setrlimit(RLIMIT_RTPRIO, rl) == -1) {
+ PLOG_E("util::setrlimit(0, RLIMIT_RTPRIO, %" PRIu64 ")", nsjconf->rl_rtpr);
return false;
}
rl.rlim_cur = rl.rlim_max = nsjconf->rl_msgq;
- if (setrlimit64(RLIMIT_MSGQUEUE, &rl) == -1) {
- PLOG_E("setrlimit64(0, RLIMIT_MSGQUEUE , %" PRIu64 ")", nsjconf->rl_msgq);
+ if (util::setrlimit(RLIMIT_MSGQUEUE, rl) == -1) {
+ PLOG_E("util::setrlimit(0, RLIMIT_MSGQUEUE , %" PRIu64 ")", nsjconf->rl_msgq);
return false;
}
return true;
diff --git a/util.cc b/util.cc
index c05cb50..7f9d1fc 100644
--- a/util.cc
+++ b/util.cc
@@ -337,4 +337,12 @@ long syscall(long sysno, uintptr_t a0, uintptr_t a1, uintptr_t a2, uintptr_t a3,
return ::syscall(sysno, a0, a1, a2, a3, a4, a5);
}
+long setrlimit(int res, const struct rlimit64& newlim) {
+ return util::syscall(__NR_prlimit64, 0, res, (uintptr_t)&newlim, (uintptr_t) nullptr);
+}
+
+long getrlimit(int res, struct rlimit64* curlim) {
+ return util::syscall(__NR_prlimit64, 0, res, (uintptr_t) nullptr, (uintptr_t)curlim);
+}
+
} // namespace util
diff --git a/util.h b/util.h
index b0f401a..d2ebd16 100644
--- a/util.h
+++ b/util.h
@@ -26,6 +26,7 @@
#include <stdbool.h>
#include <stdint.h>
#include <stdlib.h>
+#include <sys/resource.h>
#include <string>
#include <vector>
@@ -41,6 +42,14 @@
#define QC(x) (util::StrQuote(x).c_str())
+#if !defined(RLIM64_INFINITY)
+#define RLIM64_INFINITY (~0ULL)
+struct rlimit64 {
+ uint64_t rlim_cur;
+ uint64_t rlim_max;
+};
+#endif /* !defined(RLIM64_INFINITY) */
+
namespace util {
ssize_t readFromFd(int fd, void* buf, size_t len);
@@ -60,6 +69,8 @@ const std::string timeToStr(time_t t);
std::vector<std::string> strSplit(const std::string str, char delim);
long syscall(long sysno, uintptr_t a0 = 0, uintptr_t a1 = 0, uintptr_t a2 = 0, uintptr_t a3 = 0,
uintptr_t a4 = 0, uintptr_t a5 = 0);
+long setrlimit(int res, const struct rlimit64& newlim);
+long getrlimit(int res, struct rlimit64* curlim);
} // namespace util
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-31 02:54:47 +0000