2022-10-02 16:06:27 +08:00
|
|
|
#include "resource.h"
|
2022-10-02 14:09:25 +08:00
|
|
|
#include "sandbox.h"
|
|
|
|
|
#include "utils/log.h"
|
|
|
|
|
|
2022-10-09 12:44:09 +08:00
|
|
|
#include <fcntl.h>
|
2023-12-28 00:58:15 +08:00
|
|
|
#include <stdlib.h>
|
2022-10-09 12:44:09 +08:00
|
|
|
#include <unistd.h>
|
|
|
|
|
|
2023-12-28 00:58:15 +08:00
|
|
|
char *config[CFG_IS_VALID + 1] __attribute__((weak));
|
|
|
|
|
|
2023-12-27 23:40:11 +08:00
|
|
|
void setup_all(void) {
|
2022-10-20 15:44:03 +08:00
|
|
|
char comm[64];
|
|
|
|
|
int fd = open("/proc/self/comm", O_RDONLY);
|
|
|
|
|
ssize_t len = read(fd, comm, sizeof(comm));
|
|
|
|
|
len = len > 0 ? len - 1 : 0;
|
|
|
|
|
comm[len] = '\0';
|
2022-10-09 12:44:09 +08:00
|
|
|
close(fd);
|
|
|
|
|
|
|
|
|
|
LOG_INFO("Setting up sandbox for %s(%d)", comm, getpid());
|
|
|
|
|
|
2023-12-28 00:58:15 +08:00
|
|
|
if (config[CFG_IS_VALID]) {
|
2023-12-27 23:40:11 +08:00
|
|
|
LOG_INFO("Using config from launcher");
|
|
|
|
|
} else {
|
|
|
|
|
LOG_INFO("Using config from environment");
|
2023-12-28 00:58:15 +08:00
|
|
|
|
|
|
|
|
config[CFG_MEMORY_LIMIT] = getenv(LIMIT_MEMORY);
|
|
|
|
|
config[CFG_NPROC_LIMIT] = getenv(LIMIT_NPROC);
|
|
|
|
|
config[CFG_TIME_LIMIT] = getenv(LIMIT_TIME);
|
|
|
|
|
|
|
|
|
|
config[CFG_SANDBOX_TEMPLATE] = getenv(SANDBOX_TEMPLATE);
|
|
|
|
|
config[CFG_SANDBOX_ACTION] = getenv(SANDBOX_ACTION);
|
|
|
|
|
config[CFG_PROGRAM] = getenv(SANDBOX_EXE_PATH);
|
2023-12-27 23:40:11 +08:00
|
|
|
}
|
|
|
|
|
|
2023-12-28 00:58:15 +08:00
|
|
|
setup_rlimit(config);
|
|
|
|
|
setup_seccomp(config);
|
2022-10-02 14:09:25 +08:00
|
|
|
}
|
