feat: separate launcher config, library functions
This commit is contained in:
parent
14873703e5
commit
d9655d6425
@ -18,7 +18,7 @@ set(VERSION_SCRIPT ${PROJECT_SOURCE_DIR}/version_script.txt)
|
||||
include_directories(${CMAKE_CURRENT_SOURCE_DIR}/libseccomp/include)
|
||||
|
||||
# Targets
|
||||
add_library(woj_sandbox SHARED ${PROJECT_SOURCE_DIR}/library.c ${SRC_FILES})
|
||||
add_library(woj_sandbox SHARED ${PROJECT_SOURCE_DIR}/library.c ${PROJECT_SOURCE_DIR}/inject.c ${SRC_FILES})
|
||||
add_executable(woj_launcher ${PROJECT_SOURCE_DIR}/launcher.c)
|
||||
add_executable(woj_test ${PROJECT_SOURCE_DIR}/test.c)
|
||||
|
||||
|
3
inject.c
Normal file
3
inject.c
Normal file
@ -0,0 +1,3 @@
|
||||
#include "library.h"
|
||||
|
||||
static __attribute__((constructor)) void inject(void) { setup_all(); }
|
50
launcher.c
50
launcher.c
@ -1,4 +1,6 @@
|
||||
#include "launcher.h"
|
||||
#include "err.h"
|
||||
#include "library.h"
|
||||
#include "resource.h"
|
||||
#include "sandbox.h"
|
||||
#include "utils/log.h"
|
||||
@ -13,21 +15,7 @@
|
||||
#include <time.h>
|
||||
#include <unistd.h>
|
||||
|
||||
enum ConfigIndex {
|
||||
memory_limit = 0,
|
||||
nproc_limit,
|
||||
time_limit,
|
||||
sandbox_path,
|
||||
sandbox_template,
|
||||
sandbox_action,
|
||||
file_input,
|
||||
file_output,
|
||||
file_info,
|
||||
program,
|
||||
CONFIG_INDEX_MAX
|
||||
};
|
||||
|
||||
char *config[CONFIG_INDEX_MAX];
|
||||
char *config[is_valid + 1];
|
||||
|
||||
void print_help(char *self) {
|
||||
LOG_WARN("Usage:");
|
||||
@ -48,39 +36,41 @@ void print_help(char *self) {
|
||||
|
||||
void parse(int argc, char *argv[]) {
|
||||
static struct option options[] = {
|
||||
[memory_limit] = {"memory_limit", required_argument, NULL, 0},
|
||||
[nproc_limit] = {"nproc_limit", required_argument, NULL, 0},
|
||||
[time_limit] = {"time_limit", required_argument, NULL, 0},
|
||||
[sandbox_path] = {"sandbox_path", required_argument, NULL, 0},
|
||||
[sandbox_template] = {"sandbox_template", required_argument, NULL, 0},
|
||||
[sandbox_action] = {"sandbox_action", required_argument, NULL, 0},
|
||||
[file_input] = {"file_input", required_argument, NULL, 0},
|
||||
[file_output] = {"file_output", required_argument, NULL, 0},
|
||||
[file_info] = {"file_info", required_argument, NULL, 0},
|
||||
[program] = {"program", required_argument, NULL, 0},
|
||||
[CONFIG_INDEX_MAX] = {"help", no_argument, NULL, 0},
|
||||
[CONFIG_INDEX_MAX + 1] = {NULL, 0, NULL, 0}
|
||||
[memory_limit] = {"memory_limit", required_argument, NULL, 0},
|
||||
[nproc_limit] = {"nproc_limit", required_argument, NULL, 0},
|
||||
[time_limit] = {"time_limit", required_argument, NULL, 0},
|
||||
[sandbox_path] = {"sandbox_path", required_argument, NULL, 0},
|
||||
[sandbox_template] = {"sandbox_template", required_argument, NULL, 0},
|
||||
[sandbox_action] = {"sandbox_action", required_argument, NULL, 0},
|
||||
[file_input] = {"file_input", required_argument, NULL, 0},
|
||||
[file_output] = {"file_output", required_argument, NULL, 0},
|
||||
[file_info] = {"file_info", required_argument, NULL, 0},
|
||||
[program] = {"program", required_argument, NULL, 0},
|
||||
[is_valid] = {"help", no_argument, NULL, 0},
|
||||
[is_valid + 1] = {NULL, 0, NULL, 0}
|
||||
};
|
||||
|
||||
int c, idx = 0;
|
||||
while ((c = getopt_long_only(argc, argv, "", options, &idx)) != -1) {
|
||||
if (c != 0) break;
|
||||
|
||||
if (idx < CONFIG_INDEX_MAX)
|
||||
if (idx < is_valid)
|
||||
config[idx] = optarg;
|
||||
else if (idx == CONFIG_INDEX_MAX) {
|
||||
else if (idx == is_valid) {
|
||||
print_help(argv[0]);
|
||||
exit(0);
|
||||
}
|
||||
}
|
||||
|
||||
for (int i = 0; i < CONFIG_INDEX_MAX; i++) {
|
||||
for (int i = 0; i < is_valid; i++) {
|
||||
if (!config[i]) {
|
||||
print_help(argv[0]);
|
||||
LOG_ERR("Missing arguments");
|
||||
exit(ERR_ARGUMENTS);
|
||||
}
|
||||
}
|
||||
|
||||
config[is_valid] = (char *)1;
|
||||
}
|
||||
|
||||
void launch_child() {
|
||||
|
20
launcher.h
Normal file
20
launcher.h
Normal file
@ -0,0 +1,20 @@
|
||||
#ifndef WOJ_SANDBOX_LAUNCHER_H
|
||||
#define WOJ_SANDBOX_LAUNCHER_H
|
||||
|
||||
enum ConfigIndex {
|
||||
memory_limit = 0,
|
||||
nproc_limit,
|
||||
time_limit,
|
||||
sandbox_path,
|
||||
sandbox_template,
|
||||
sandbox_action,
|
||||
file_input,
|
||||
file_output,
|
||||
file_info,
|
||||
program,
|
||||
is_valid
|
||||
};
|
||||
|
||||
char *config[is_valid + 1] __attribute__((weak));
|
||||
|
||||
#endif // WOJ_SANDBOX_LAUNCHER_H
|
@ -1,3 +1,4 @@
|
||||
#include "launcher.h"
|
||||
#include "resource.h"
|
||||
#include "rules/lang.h"
|
||||
#include "sandbox.h"
|
||||
@ -6,7 +7,7 @@
|
||||
#include <fcntl.h>
|
||||
#include <unistd.h>
|
||||
|
||||
static __attribute__((constructor)) void inject(void) {
|
||||
void setup_all(void) {
|
||||
char comm[64];
|
||||
int fd = open("/proc/self/comm", O_RDONLY);
|
||||
ssize_t len = read(fd, comm, sizeof(comm));
|
||||
@ -16,6 +17,12 @@ static __attribute__((constructor)) void inject(void) {
|
||||
|
||||
LOG_INFO("Setting up sandbox for %s(%d)", comm, getpid());
|
||||
|
||||
if (config[is_valid]) {
|
||||
LOG_INFO("Using config from launcher");
|
||||
} else {
|
||||
LOG_INFO("Using config from environment");
|
||||
}
|
||||
|
||||
register_lang_c_cpp();
|
||||
setup_rlimit();
|
||||
setup_seccomp();
|
||||
|
Loading…
Reference in New Issue
Block a user