feat: separate launcher config, library functions
This commit is contained in:
parent
14873703e5
commit
d9655d6425
@ -18,7 +18,7 @@ set(VERSION_SCRIPT ${PROJECT_SOURCE_DIR}/version_script.txt)
|
|||||||
include_directories(${CMAKE_CURRENT_SOURCE_DIR}/libseccomp/include)
|
include_directories(${CMAKE_CURRENT_SOURCE_DIR}/libseccomp/include)
|
||||||
|
|
||||||
# Targets
|
# Targets
|
||||||
add_library(woj_sandbox SHARED ${PROJECT_SOURCE_DIR}/library.c ${SRC_FILES})
|
add_library(woj_sandbox SHARED ${PROJECT_SOURCE_DIR}/library.c ${PROJECT_SOURCE_DIR}/inject.c ${SRC_FILES})
|
||||||
add_executable(woj_launcher ${PROJECT_SOURCE_DIR}/launcher.c)
|
add_executable(woj_launcher ${PROJECT_SOURCE_DIR}/launcher.c)
|
||||||
add_executable(woj_test ${PROJECT_SOURCE_DIR}/test.c)
|
add_executable(woj_test ${PROJECT_SOURCE_DIR}/test.c)
|
||||||
|
|
||||||
|
3
inject.c
Normal file
3
inject.c
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
#include "library.h"
|
||||||
|
|
||||||
|
static __attribute__((constructor)) void inject(void) { setup_all(); }
|
50
launcher.c
50
launcher.c
@ -1,4 +1,6 @@
|
|||||||
|
#include "launcher.h"
|
||||||
#include "err.h"
|
#include "err.h"
|
||||||
|
#include "library.h"
|
||||||
#include "resource.h"
|
#include "resource.h"
|
||||||
#include "sandbox.h"
|
#include "sandbox.h"
|
||||||
#include "utils/log.h"
|
#include "utils/log.h"
|
||||||
@ -13,21 +15,7 @@
|
|||||||
#include <time.h>
|
#include <time.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
enum ConfigIndex {
|
char *config[is_valid + 1];
|
||||||
memory_limit = 0,
|
|
||||||
nproc_limit,
|
|
||||||
time_limit,
|
|
||||||
sandbox_path,
|
|
||||||
sandbox_template,
|
|
||||||
sandbox_action,
|
|
||||||
file_input,
|
|
||||||
file_output,
|
|
||||||
file_info,
|
|
||||||
program,
|
|
||||||
CONFIG_INDEX_MAX
|
|
||||||
};
|
|
||||||
|
|
||||||
char *config[CONFIG_INDEX_MAX];
|
|
||||||
|
|
||||||
void print_help(char *self) {
|
void print_help(char *self) {
|
||||||
LOG_WARN("Usage:");
|
LOG_WARN("Usage:");
|
||||||
@ -48,39 +36,41 @@ void print_help(char *self) {
|
|||||||
|
|
||||||
void parse(int argc, char *argv[]) {
|
void parse(int argc, char *argv[]) {
|
||||||
static struct option options[] = {
|
static struct option options[] = {
|
||||||
[memory_limit] = {"memory_limit", required_argument, NULL, 0},
|
[memory_limit] = {"memory_limit", required_argument, NULL, 0},
|
||||||
[nproc_limit] = {"nproc_limit", required_argument, NULL, 0},
|
[nproc_limit] = {"nproc_limit", required_argument, NULL, 0},
|
||||||
[time_limit] = {"time_limit", required_argument, NULL, 0},
|
[time_limit] = {"time_limit", required_argument, NULL, 0},
|
||||||
[sandbox_path] = {"sandbox_path", required_argument, NULL, 0},
|
[sandbox_path] = {"sandbox_path", required_argument, NULL, 0},
|
||||||
[sandbox_template] = {"sandbox_template", required_argument, NULL, 0},
|
[sandbox_template] = {"sandbox_template", required_argument, NULL, 0},
|
||||||
[sandbox_action] = {"sandbox_action", required_argument, NULL, 0},
|
[sandbox_action] = {"sandbox_action", required_argument, NULL, 0},
|
||||||
[file_input] = {"file_input", required_argument, NULL, 0},
|
[file_input] = {"file_input", required_argument, NULL, 0},
|
||||||
[file_output] = {"file_output", required_argument, NULL, 0},
|
[file_output] = {"file_output", required_argument, NULL, 0},
|
||||||
[file_info] = {"file_info", required_argument, NULL, 0},
|
[file_info] = {"file_info", required_argument, NULL, 0},
|
||||||
[program] = {"program", required_argument, NULL, 0},
|
[program] = {"program", required_argument, NULL, 0},
|
||||||
[CONFIG_INDEX_MAX] = {"help", no_argument, NULL, 0},
|
[is_valid] = {"help", no_argument, NULL, 0},
|
||||||
[CONFIG_INDEX_MAX + 1] = {NULL, 0, NULL, 0}
|
[is_valid + 1] = {NULL, 0, NULL, 0}
|
||||||
};
|
};
|
||||||
|
|
||||||
int c, idx = 0;
|
int c, idx = 0;
|
||||||
while ((c = getopt_long_only(argc, argv, "", options, &idx)) != -1) {
|
while ((c = getopt_long_only(argc, argv, "", options, &idx)) != -1) {
|
||||||
if (c != 0) break;
|
if (c != 0) break;
|
||||||
|
|
||||||
if (idx < CONFIG_INDEX_MAX)
|
if (idx < is_valid)
|
||||||
config[idx] = optarg;
|
config[idx] = optarg;
|
||||||
else if (idx == CONFIG_INDEX_MAX) {
|
else if (idx == is_valid) {
|
||||||
print_help(argv[0]);
|
print_help(argv[0]);
|
||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
for (int i = 0; i < CONFIG_INDEX_MAX; i++) {
|
for (int i = 0; i < is_valid; i++) {
|
||||||
if (!config[i]) {
|
if (!config[i]) {
|
||||||
print_help(argv[0]);
|
print_help(argv[0]);
|
||||||
LOG_ERR("Missing arguments");
|
LOG_ERR("Missing arguments");
|
||||||
exit(ERR_ARGUMENTS);
|
exit(ERR_ARGUMENTS);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
config[is_valid] = (char *)1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void launch_child() {
|
void launch_child() {
|
||||||
|
20
launcher.h
Normal file
20
launcher.h
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
#ifndef WOJ_SANDBOX_LAUNCHER_H
|
||||||
|
#define WOJ_SANDBOX_LAUNCHER_H
|
||||||
|
|
||||||
|
enum ConfigIndex {
|
||||||
|
memory_limit = 0,
|
||||||
|
nproc_limit,
|
||||||
|
time_limit,
|
||||||
|
sandbox_path,
|
||||||
|
sandbox_template,
|
||||||
|
sandbox_action,
|
||||||
|
file_input,
|
||||||
|
file_output,
|
||||||
|
file_info,
|
||||||
|
program,
|
||||||
|
is_valid
|
||||||
|
};
|
||||||
|
|
||||||
|
char *config[is_valid + 1] __attribute__((weak));
|
||||||
|
|
||||||
|
#endif // WOJ_SANDBOX_LAUNCHER_H
|
@ -1,3 +1,4 @@
|
|||||||
|
#include "launcher.h"
|
||||||
#include "resource.h"
|
#include "resource.h"
|
||||||
#include "rules/lang.h"
|
#include "rules/lang.h"
|
||||||
#include "sandbox.h"
|
#include "sandbox.h"
|
||||||
@ -6,7 +7,7 @@
|
|||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
static __attribute__((constructor)) void inject(void) {
|
void setup_all(void) {
|
||||||
char comm[64];
|
char comm[64];
|
||||||
int fd = open("/proc/self/comm", O_RDONLY);
|
int fd = open("/proc/self/comm", O_RDONLY);
|
||||||
ssize_t len = read(fd, comm, sizeof(comm));
|
ssize_t len = read(fd, comm, sizeof(comm));
|
||||||
@ -16,6 +17,12 @@ static __attribute__((constructor)) void inject(void) {
|
|||||||
|
|
||||||
LOG_INFO("Setting up sandbox for %s(%d)", comm, getpid());
|
LOG_INFO("Setting up sandbox for %s(%d)", comm, getpid());
|
||||||
|
|
||||||
|
if (config[is_valid]) {
|
||||||
|
LOG_INFO("Using config from launcher");
|
||||||
|
} else {
|
||||||
|
LOG_INFO("Using config from environment");
|
||||||
|
}
|
||||||
|
|
||||||
register_lang_c_cpp();
|
register_lang_c_cpp();
|
||||||
setup_rlimit();
|
setup_rlimit();
|
||||||
setup_seccomp();
|
setup_seccomp();
|
||||||
|
Loading…
Reference in New Issue
Block a user