From d9655d64259b136d830866c794586551cdf70b71 Mon Sep 17 00:00:00 2001 From: Paul Pan Date: Wed, 27 Dec 2023 23:40:11 +0800 Subject: [PATCH] feat: separate launcher config, library functions --- CMakeLists.txt | 2 +- inject.c | 3 +++ launcher.c | 50 ++++++++++++++++++++------------------------------ launcher.h | 20 ++++++++++++++++++++ library.c | 9 ++++++++- library.h | 6 ++++++ 6 files changed, 58 insertions(+), 32 deletions(-) create mode 100644 inject.c create mode 100644 launcher.h create mode 100644 library.h diff --git a/CMakeLists.txt b/CMakeLists.txt index 76cd564..6e75a4c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -18,7 +18,7 @@ set(VERSION_SCRIPT ${PROJECT_SOURCE_DIR}/version_script.txt) include_directories(${CMAKE_CURRENT_SOURCE_DIR}/libseccomp/include) # Targets -add_library(woj_sandbox SHARED ${PROJECT_SOURCE_DIR}/library.c ${SRC_FILES}) +add_library(woj_sandbox SHARED ${PROJECT_SOURCE_DIR}/library.c ${PROJECT_SOURCE_DIR}/inject.c ${SRC_FILES}) add_executable(woj_launcher ${PROJECT_SOURCE_DIR}/launcher.c) add_executable(woj_test ${PROJECT_SOURCE_DIR}/test.c) diff --git a/inject.c b/inject.c new file mode 100644 index 0000000..043c8de --- /dev/null +++ b/inject.c @@ -0,0 +1,3 @@ +#include "library.h" + +static __attribute__((constructor)) void inject(void) { setup_all(); } diff --git a/launcher.c b/launcher.c index 130fdca..c55c594 100644 --- a/launcher.c +++ b/launcher.c @@ -1,4 +1,6 @@ +#include "launcher.h" #include "err.h" +#include "library.h" #include "resource.h" #include "sandbox.h" #include "utils/log.h" @@ -13,21 +15,7 @@ #include #include -enum ConfigIndex { - memory_limit = 0, - nproc_limit, - time_limit, - sandbox_path, - sandbox_template, - sandbox_action, - file_input, - file_output, - file_info, - program, - CONFIG_INDEX_MAX -}; - -char *config[CONFIG_INDEX_MAX]; +char *config[is_valid + 1]; void print_help(char *self) { LOG_WARN("Usage:"); @@ -48,39 +36,41 @@ void print_help(char *self) { void parse(int argc, char *argv[]) { static struct option options[] = { - [memory_limit] = {"memory_limit", required_argument, NULL, 0}, - [nproc_limit] = {"nproc_limit", required_argument, NULL, 0}, - [time_limit] = {"time_limit", required_argument, NULL, 0}, - [sandbox_path] = {"sandbox_path", required_argument, NULL, 0}, - [sandbox_template] = {"sandbox_template", required_argument, NULL, 0}, - [sandbox_action] = {"sandbox_action", required_argument, NULL, 0}, - [file_input] = {"file_input", required_argument, NULL, 0}, - [file_output] = {"file_output", required_argument, NULL, 0}, - [file_info] = {"file_info", required_argument, NULL, 0}, - [program] = {"program", required_argument, NULL, 0}, - [CONFIG_INDEX_MAX] = {"help", no_argument, NULL, 0}, - [CONFIG_INDEX_MAX + 1] = {NULL, 0, NULL, 0} + [memory_limit] = {"memory_limit", required_argument, NULL, 0}, + [nproc_limit] = {"nproc_limit", required_argument, NULL, 0}, + [time_limit] = {"time_limit", required_argument, NULL, 0}, + [sandbox_path] = {"sandbox_path", required_argument, NULL, 0}, + [sandbox_template] = {"sandbox_template", required_argument, NULL, 0}, + [sandbox_action] = {"sandbox_action", required_argument, NULL, 0}, + [file_input] = {"file_input", required_argument, NULL, 0}, + [file_output] = {"file_output", required_argument, NULL, 0}, + [file_info] = {"file_info", required_argument, NULL, 0}, + [program] = {"program", required_argument, NULL, 0}, + [is_valid] = {"help", no_argument, NULL, 0}, + [is_valid + 1] = {NULL, 0, NULL, 0} }; int c, idx = 0; while ((c = getopt_long_only(argc, argv, "", options, &idx)) != -1) { if (c != 0) break; - if (idx < CONFIG_INDEX_MAX) + if (idx < is_valid) config[idx] = optarg; - else if (idx == CONFIG_INDEX_MAX) { + else if (idx == is_valid) { print_help(argv[0]); exit(0); } } - for (int i = 0; i < CONFIG_INDEX_MAX; i++) { + for (int i = 0; i < is_valid; i++) { if (!config[i]) { print_help(argv[0]); LOG_ERR("Missing arguments"); exit(ERR_ARGUMENTS); } } + + config[is_valid] = (char *)1; } void launch_child() { diff --git a/launcher.h b/launcher.h new file mode 100644 index 0000000..d8c7c58 --- /dev/null +++ b/launcher.h @@ -0,0 +1,20 @@ +#ifndef WOJ_SANDBOX_LAUNCHER_H +#define WOJ_SANDBOX_LAUNCHER_H + +enum ConfigIndex { + memory_limit = 0, + nproc_limit, + time_limit, + sandbox_path, + sandbox_template, + sandbox_action, + file_input, + file_output, + file_info, + program, + is_valid +}; + +char *config[is_valid + 1] __attribute__((weak)); + +#endif // WOJ_SANDBOX_LAUNCHER_H diff --git a/library.c b/library.c index c3bc261..0b480f0 100644 --- a/library.c +++ b/library.c @@ -1,3 +1,4 @@ +#include "launcher.h" #include "resource.h" #include "rules/lang.h" #include "sandbox.h" @@ -6,7 +7,7 @@ #include #include -static __attribute__((constructor)) void inject(void) { +void setup_all(void) { char comm[64]; int fd = open("/proc/self/comm", O_RDONLY); ssize_t len = read(fd, comm, sizeof(comm)); @@ -16,6 +17,12 @@ static __attribute__((constructor)) void inject(void) { LOG_INFO("Setting up sandbox for %s(%d)", comm, getpid()); + if (config[is_valid]) { + LOG_INFO("Using config from launcher"); + } else { + LOG_INFO("Using config from environment"); + } + register_lang_c_cpp(); setup_rlimit(); setup_seccomp(); diff --git a/library.h b/library.h new file mode 100644 index 0000000..13680ef --- /dev/null +++ b/library.h @@ -0,0 +1,6 @@ +#ifndef WOJ_SANDBOX_LIBRARY_H +#define WOJ_SANDBOX_LIBRARY_H + +void setup_all(void) __attribute__((weak)); + +#endif // WOJ_SANDBOX_LIBRARY_H