diff options
author | Robert Swiecki <robert@swiecki.net> | 2023-09-29 18:11:40 +0200 |
---|---|---|
committer | Robert Swiecki <robert@swiecki.net> | 2023-09-29 18:11:40 +0200 |
commit | f388cad3e0c44cbbfc18bd25acb636ef24f525e6 (patch) | |
tree | e0212dd7cf678f861fbcf7e0dfe19129c9ccf158 | |
parent | fbeac465681b9e26e4f9d59fda274b0fbe933e32 (diff) | |
download | nsjail-f388cad3e0c44cbbfc18bd25acb636ef24f525e6.tar.gz |
contain: use prlimit64 instead of setrlimit64 which seems to be glibc-specific, so it compiles with musl too
-rw-r--r-- | cmdline.cc | 2 | ||||
-rw-r--r-- | contain.cc | 40 | ||||
-rw-r--r-- | util.cc | 8 | ||||
-rw-r--r-- | util.h | 11 |
4 files changed, 40 insertions, 21 deletions
@@ -332,7 +332,7 @@ uint64_t parseRLimit(int res, const char *optarg, unsigned long mul) { return RLIM64_INFINITY; } struct rlimit64 cur; - if (getrlimit64(res, &cur) == -1) { + if (util::getrlimit(res, &cur) == -1) { PLOG_F("getrlimit(%d)", res); } if (strcasecmp(optarg, "def") == 0 || strcasecmp(optarg, "soft") == 0) { @@ -141,53 +141,53 @@ static bool containSetLimits(nsjconf_t* nsjconf) { struct rlimit64 rl; rl.rlim_cur = rl.rlim_max = nsjconf->rl_as; - if (setrlimit64(RLIMIT_AS, &rl) == -1) { - PLOG_E("setrlimit64(0, RLIMIT_AS, %" PRIu64 ")", nsjconf->rl_as); + if (util::setrlimit(RLIMIT_AS, rl) == -1) { + PLOG_E("util::setrlimit(0, RLIMIT_AS, %" PRIu64 ")", nsjconf->rl_as); return false; } rl.rlim_cur = rl.rlim_max = nsjconf->rl_core; - if (setrlimit64(RLIMIT_CORE, &rl) == -1) { - PLOG_E("setrlimit64(0, RLIMIT_CORE, %" PRIu64 ")", nsjconf->rl_core); + if (util::setrlimit(RLIMIT_CORE, rl) == -1) { + PLOG_E("util::setrlimit(0, RLIMIT_CORE, %" PRIu64 ")", nsjconf->rl_core); return false; } rl.rlim_cur = rl.rlim_max = nsjconf->rl_cpu; - if (setrlimit64(RLIMIT_CPU, &rl) == -1) { - PLOG_E("setrlimit64(0, RLIMIT_CPU, %" PRIu64 ")", nsjconf->rl_cpu); + if (util::setrlimit(RLIMIT_CPU, rl) == -1) { + PLOG_E("util::setrlimit(0, RLIMIT_CPU, %" PRIu64 ")", nsjconf->rl_cpu); return false; } rl.rlim_cur = rl.rlim_max = nsjconf->rl_fsize; - if (setrlimit64(RLIMIT_FSIZE, &rl) == -1) { - PLOG_E("setrlimit64(0, RLIMIT_FSIZE, %" PRIu64 ")", nsjconf->rl_fsize); + if (util::setrlimit(RLIMIT_FSIZE, rl) == -1) { + PLOG_E("util::setrlimit(0, RLIMIT_FSIZE, %" PRIu64 ")", nsjconf->rl_fsize); return false; } rl.rlim_cur = rl.rlim_max = nsjconf->rl_nofile; - if (setrlimit64(RLIMIT_NOFILE, &rl) == -1) { - PLOG_E("setrlimit64(0, RLIMIT_NOFILE, %" PRIu64 ")", nsjconf->rl_nofile); + if (util::setrlimit(RLIMIT_NOFILE, rl) == -1) { + PLOG_E("util::setrlimit(0, RLIMIT_NOFILE, %" PRIu64 ")", nsjconf->rl_nofile); return false; } rl.rlim_cur = rl.rlim_max = nsjconf->rl_nproc; - if (setrlimit64(RLIMIT_NPROC, &rl) == -1) { - PLOG_E("setrlimit64(0, RLIMIT_NPROC, %" PRIu64 ")", nsjconf->rl_nproc); + if (util::setrlimit(RLIMIT_NPROC, rl) == -1) { + PLOG_E("util::setrlimit(0, RLIMIT_NPROC, %" PRIu64 ")", nsjconf->rl_nproc); return false; } rl.rlim_cur = rl.rlim_max = nsjconf->rl_stack; - if (setrlimit64(RLIMIT_STACK, &rl) == -1) { - PLOG_E("setrlimit64(0, RLIMIT_STACK, %" PRIu64 ")", nsjconf->rl_stack); + if (util::setrlimit(RLIMIT_STACK, rl) == -1) { + PLOG_E("util::setrlimit(0, RLIMIT_STACK, %" PRIu64 ")", nsjconf->rl_stack); return false; } rl.rlim_cur = rl.rlim_max = nsjconf->rl_mlock; - if (setrlimit64(RLIMIT_MEMLOCK, &rl) == -1) { - PLOG_E("setrlimit64(0, RLIMIT_MEMLOCK, %" PRIu64 ")", nsjconf->rl_mlock); + if (util::setrlimit(RLIMIT_MEMLOCK, rl) == -1) { + PLOG_E("util::setrlimit(0, RLIMIT_MEMLOCK, %" PRIu64 ")", nsjconf->rl_mlock); return false; } rl.rlim_cur = rl.rlim_max = nsjconf->rl_rtpr; - if (setrlimit64(RLIMIT_RTPRIO, &rl) == -1) { - PLOG_E("setrlimit64(0, RLIMIT_RTPRIO, %" PRIu64 ")", nsjconf->rl_rtpr); + if (util::setrlimit(RLIMIT_RTPRIO, rl) == -1) { + PLOG_E("util::setrlimit(0, RLIMIT_RTPRIO, %" PRIu64 ")", nsjconf->rl_rtpr); return false; } rl.rlim_cur = rl.rlim_max = nsjconf->rl_msgq; - if (setrlimit64(RLIMIT_MSGQUEUE, &rl) == -1) { - PLOG_E("setrlimit64(0, RLIMIT_MSGQUEUE , %" PRIu64 ")", nsjconf->rl_msgq); + if (util::setrlimit(RLIMIT_MSGQUEUE, rl) == -1) { + PLOG_E("util::setrlimit(0, RLIMIT_MSGQUEUE , %" PRIu64 ")", nsjconf->rl_msgq); return false; } return true; @@ -337,4 +337,12 @@ long syscall(long sysno, uintptr_t a0, uintptr_t a1, uintptr_t a2, uintptr_t a3, return ::syscall(sysno, a0, a1, a2, a3, a4, a5); } +long setrlimit(int res, const struct rlimit64& newlim) { + return util::syscall(__NR_prlimit64, 0, res, (uintptr_t)&newlim, (uintptr_t) nullptr); +} + +long getrlimit(int res, struct rlimit64* curlim) { + return util::syscall(__NR_prlimit64, 0, res, (uintptr_t) nullptr, (uintptr_t)curlim); +} + } // namespace util @@ -26,6 +26,7 @@ #include <stdbool.h> #include <stdint.h> #include <stdlib.h> +#include <sys/resource.h> #include <string> #include <vector> @@ -41,6 +42,14 @@ #define QC(x) (util::StrQuote(x).c_str()) +#if !defined(RLIM64_INFINITY) +#define RLIM64_INFINITY (~0ULL) +struct rlimit64 { + uint64_t rlim_cur; + uint64_t rlim_max; +}; +#endif /* !defined(RLIM64_INFINITY) */ + namespace util { ssize_t readFromFd(int fd, void* buf, size_t len); @@ -60,6 +69,8 @@ const std::string timeToStr(time_t t); std::vector<std::string> strSplit(const std::string str, char delim); long syscall(long sysno, uintptr_t a0 = 0, uintptr_t a1 = 0, uintptr_t a2 = 0, uintptr_t a3 = 0, uintptr_t a4 = 0, uintptr_t a5 = 0); +long setrlimit(int res, const struct rlimit64& newlim); +long getrlimit(int res, struct rlimit64* curlim); } // namespace util |