feat: allow to set uid/gid
This commit is contained in:
parent
2765fe0b3d
commit
0118ee2062
@ -14,6 +14,7 @@ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fmacro-prefix-map=${CMAKE_SOURCE_DIR}=.")
|
||||
file(GLOB SRC_FILES
|
||||
${PROJECT_SOURCE_DIR}/resource.c
|
||||
${PROJECT_SOURCE_DIR}/sandbox.c
|
||||
${PROJECT_SOURCE_DIR}/user.c
|
||||
${PROJECT_SOURCE_DIR}/rules/*.c
|
||||
${PROJECT_SOURCE_DIR}/utils/*.c)
|
||||
set(VERSION_SCRIPT ${PROJECT_SOURCE_DIR}/version_script.txt)
|
||||
|
@ -24,6 +24,8 @@ void print_help(char *self) {
|
||||
LOG_WARN(" --time_limit time limit in ms");
|
||||
LOG_WARN(" --sandbox_template sandbox template");
|
||||
LOG_WARN(" --sandbox_action sandbox action");
|
||||
LOG_WARN(" --uid user id");
|
||||
LOG_WARN(" --gid group id");
|
||||
LOG_WARN(" --file_input path to input file");
|
||||
LOG_WARN(" --file_output path to output file");
|
||||
LOG_WARN(" --file_info path to info file");
|
||||
@ -38,6 +40,8 @@ void parse(int argc, char *argv[]) {
|
||||
[CFG_TIME_LIMIT] = {"time_limit", required_argument, NULL, 0},
|
||||
[CFG_SANDBOX_TEMPLATE] = {"sandbox_template", required_argument, NULL, 0},
|
||||
[CFG_SANDBOX_ACTION] = {"sandbox_action", required_argument, NULL, 0},
|
||||
[CFG_UID] = {"uid", optional_argument, NULL, 0},
|
||||
[CFG_GID] = {"gid", optional_argument, NULL, 0},
|
||||
[CFG_FILE_INPUT] = {"file_input", required_argument, NULL, 0},
|
||||
[CFG_FILE_OUTPUT] = {"file_output", required_argument, NULL, 0},
|
||||
[CFG_FILE_INFO] = {"file_info", required_argument, NULL, 0},
|
||||
@ -59,7 +63,7 @@ void parse(int argc, char *argv[]) {
|
||||
}
|
||||
|
||||
for (int i = 0; i < CFG_IS_VALID; i++) {
|
||||
if (!config[i]) {
|
||||
if (!config[i] && options[i].has_arg == required_argument) {
|
||||
print_help(argv[0]);
|
||||
LOG_ERR("Missing arguments");
|
||||
exit(ERR_ARGUMENTS);
|
||||
|
@ -7,6 +7,8 @@ enum ConfigIndex {
|
||||
CFG_TIME_LIMIT,
|
||||
CFG_SANDBOX_TEMPLATE,
|
||||
CFG_SANDBOX_ACTION,
|
||||
CFG_UID,
|
||||
CFG_GID,
|
||||
CFG_FILE_INPUT,
|
||||
CFG_FILE_OUTPUT,
|
||||
CFG_FILE_INFO,
|
||||
|
@ -1,5 +1,6 @@
|
||||
#include "resource.h"
|
||||
#include "sandbox.h"
|
||||
#include "user.h"
|
||||
#include "utils/log.h"
|
||||
|
||||
#include <fcntl.h>
|
||||
@ -30,8 +31,12 @@ void setup_all(void) {
|
||||
config[CFG_SANDBOX_TEMPLATE] = getenv(SANDBOX_TEMPLATE);
|
||||
config[CFG_SANDBOX_ACTION] = getenv(SANDBOX_ACTION);
|
||||
config[CFG_PROGRAM] = getenv(SANDBOX_EXE_PATH);
|
||||
|
||||
config[CFG_UID] = getenv(USER_UID);
|
||||
config[CFG_GID] = getenv(USER_GID);
|
||||
}
|
||||
|
||||
setup_user(config);
|
||||
setup_rlimit(config);
|
||||
setup_seccomp(config);
|
||||
}
|
||||
|
13
user.c
Normal file
13
user.c
Normal file
@ -0,0 +1,13 @@
|
||||
#include "user.h"
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
|
||||
void setup_user(char *config[CFG_IS_VALID + 1]) {
|
||||
long uid = -1, gid = -1;
|
||||
|
||||
if (config[CFG_UID]) uid = strtol(config[CFG_UID], NULL, 10);
|
||||
if (config[CFG_GID]) gid = strtol(config[CFG_GID], NULL, 10);
|
||||
|
||||
if (uid != -1) setuid(uid);
|
||||
if (gid != -1) setgid(gid);
|
||||
}
|
Loading…
Reference in New Issue
Block a user