prettify code
This commit is contained in:
parent
f4c7536a84
commit
8d9687f76f
2 changed files with 54 additions and 54 deletions
|
@ -12,14 +12,14 @@ static void procfs_prepare()
|
||||||
|
|
||||||
#define put_old "oldfs"
|
#define put_old "oldfs"
|
||||||
void mnt_prepare(char* rootfs, char* shared_mountpoint) {
|
void mnt_prepare(char* rootfs, char* shared_mountpoint) {
|
||||||
char* shared_folder=NULL;
|
char* shared_folder = NULL;
|
||||||
asprintf(&shared_folder,"../%s",shared_mountpoint);
|
asprintf(&shared_folder, "../%s", shared_mountpoint);
|
||||||
if (mount(rootfs,rootfs,"ext4",MS_BIND,"")) die("failed to mount %s: %m", rootfs);
|
if (mount(rootfs, rootfs, "ext4", MS_BIND,"")) die("failed to mount %s: %m", rootfs);
|
||||||
if (chdir(rootfs)) die("falied to cd:%m");
|
if (chdir(rootfs)) die("falied to cd:%m");
|
||||||
//if (mount("/sys","sys","sysfs",0,"")) die("failed to mount sysfs: %m");
|
//if (mount("/sys","sys","sysfs",0,"")) die("failed to mount sysfs: %m");
|
||||||
//if (mount("/dev","dev","udev",0,"")) die("failed to mount: %m");
|
//if (mount("/dev","dev","udev",0,"")) die("failed to mount: %m");
|
||||||
if (mkdir("shared", 0777) && errno != EEXIST) die("Failed to mkdir %s: %m\n", shared_mountpoint);
|
if (mkdir("shared", 0777) && errno != EEXIST) die("Failed to mkdir %s: %m\n", shared_mountpoint);
|
||||||
if (mount(shared_folder,"shared","ext4",MS_BIND,"")) die("failed to mount shared folder: %m");
|
if (mount(shared_folder, "shared", "ext4", MS_BIND, "")) die("failed to mount shared folder: %m");
|
||||||
if (mkdir(put_old, 0000) && errno != EEXIST) die("Failed to mkdir %s: %m\n", put_old);
|
if (mkdir(put_old, 0000) && errno != EEXIST) die("Failed to mkdir %s: %m\n", put_old);
|
||||||
if (syscall(SYS_pivot_root, ".", put_old)) die("Failed to pivot_root from %s to %s: %m\n", rootfs, put_old);
|
if (syscall(SYS_pivot_root, ".", put_old)) die("Failed to pivot_root from %s to %s: %m\n", rootfs, put_old);
|
||||||
if (chdir("/")) die("Failed to chdir to new root: %m\n");
|
if (chdir("/")) die("Failed to chdir to new root: %m\n");
|
||||||
|
@ -30,14 +30,12 @@ void mnt_prepare(char* rootfs, char* shared_mountpoint) {
|
||||||
}
|
}
|
||||||
void ro_fs(char* shared_mountpoint) {
|
void ro_fs(char* shared_mountpoint) {
|
||||||
char* shared_folder = malloc(strlen(shared_mountpoint)+4);
|
char* shared_folder = malloc(strlen(shared_mountpoint)+4);
|
||||||
strcpy(shared_folder,"../");
|
strcpy(shared_folder, "../");
|
||||||
strcat(shared_folder,shared_mountpoint);
|
strcat(shared_folder, shared_mountpoint);
|
||||||
if (mount("/","/","ext4",MS_REMOUNT | MS_RDONLY| MS_BIND,"")) die("failed to mount: %m");
|
if (mount("/", "/", "ext4", MS_REMOUNT | MS_RDONLY| MS_BIND, "")) die("failed to mount: %m");
|
||||||
if (mount(shared_mountpoint,"shared","ext4",MS_REMOUNT | MS_BIND,"")) die("failed to mount: %m");
|
if (mount(shared_mountpoint, "shared", "ext4", MS_REMOUNT | MS_BIND, "")) die("failed to mount: %m");
|
||||||
free(shared_folder);
|
free(shared_folder);
|
||||||
}
|
}
|
||||||
//#undef shared_mountpoint
|
|
||||||
//#undef shared_folder
|
|
||||||
#undef put_old
|
#undef put_old
|
||||||
|
|
||||||
void await_setup(int pipe) { // wait for signal from parent
|
void await_setup(int pipe) { // wait for signal from parent
|
||||||
|
@ -51,20 +49,20 @@ static int nsrun(void* arg) {
|
||||||
struct params *params = (struct params*) arg;
|
struct params *params = (struct params*) arg;
|
||||||
await_setup(params->fd[0]);
|
await_setup(params->fd[0]);
|
||||||
char cwd[PATH_MAX];
|
char cwd[PATH_MAX];
|
||||||
if(getcwd(cwd,sizeof(cwd))==NULL) die("getcwd error: %m");
|
if(getcwd(cwd, sizeof(cwd))==NULL) die("getcwd error: %m");
|
||||||
if(chdir(params->shared_folder)) die("failed to chdir to shared folder: %m")
|
if(chdir(params->shared_folder)) die("failed to chdir to shared folder: %m")
|
||||||
int out_fd=open("out",O_WRONLY|O_CREAT,0666);
|
int out_fd = open("out", O_WRONLY | O_CREAT, 0666);
|
||||||
if(out_fd==-1) die("unable to open output file:%m")
|
if(out_fd == -1) die("unable to open output file:%m")
|
||||||
else dup2(out_fd,STDOUT_FILENO);
|
else dup2(out_fd, STDOUT_FILENO);
|
||||||
int in_fd=open("in",O_RDONLY|O_CREAT,0666);
|
int in_fd = open("in", O_RDONLY | O_CREAT, 0666);
|
||||||
if(in_fd==-1) die("unable to open input file:%m")
|
if(in_fd == -1) die("unable to open input file:%m")
|
||||||
else dup2(in_fd,STDIN_FILENO);
|
else dup2(in_fd, STDIN_FILENO);
|
||||||
int err_fd=open("err",O_WRONLY|O_CREAT,0666);
|
int err_fd = open("err", O_WRONLY | O_CREAT, 0666);
|
||||||
if(err_fd==-1) die("unable to open error file:%m")
|
if(err_fd == -1) die("unable to open error file:%m")
|
||||||
else dup2(err_fd,STDERR_FILENO);
|
else dup2(err_fd, STDERR_FILENO);
|
||||||
if(chdir(cwd)) die("failed to chdir: %m");
|
if(chdir(cwd)) die("failed to chdir: %m");
|
||||||
mnt_prepare("minrootfs",params->shared_folder);
|
mnt_prepare("minrootfs", params->shared_folder);
|
||||||
sethostname(hostname,sizeof(hostname));
|
sethostname(hostname, sizeof(hostname));
|
||||||
ro_fs(params->shared_folder);
|
ro_fs(params->shared_folder);
|
||||||
if(setgid(1000)) die("failed to setgid:%m");
|
if(setgid(1000)) die("failed to setgid:%m");
|
||||||
if(setuid(1000)) die("failed to setuid:%m");
|
if(setuid(1000)) die("failed to setuid:%m");
|
||||||
|
@ -75,6 +73,6 @@ static int nsrun(void* arg) {
|
||||||
"PWD=/",
|
"PWD=/",
|
||||||
NULL,
|
NULL,
|
||||||
};
|
};
|
||||||
if (execve(cmd,argv,env) == -1) die("failed to exec,%m");
|
if (execve(cmd, argv, env) == -1) die("failed to exec,%m");
|
||||||
return 1;
|
return 1;// removes warning
|
||||||
}
|
}
|
||||||
|
|
|
@ -39,19 +39,18 @@ struct killparams{
|
||||||
#include "ns_exec.c"
|
#include "ns_exec.c"
|
||||||
#include "cgroup_prepare.c"
|
#include "cgroup_prepare.c"
|
||||||
|
|
||||||
//bool TL_achieve=false;
|
|
||||||
uint64_t time_start;
|
uint64_t time_start;
|
||||||
|
|
||||||
//get time in milliseconds
|
// get time in milliseconds
|
||||||
uint64_t getmstime() {
|
uint64_t getmstime() {
|
||||||
struct timeval tm;
|
struct timeval tm;
|
||||||
gettimeofday(&tm,NULL);
|
gettimeofday(&tm, NULL);
|
||||||
return (uint64_t)tm.tv_sec*1000+(uint64_t)tm.tv_usec/1000;
|
return (uint64_t) tm.tv_sec * 1000 + (uint64_t) tm.tv_usec / 1000;
|
||||||
}
|
}
|
||||||
|
|
||||||
//time limit realisation
|
// time limit realisation
|
||||||
static int killafter(void *arg) {
|
static int killafter(void *arg) {
|
||||||
//die when parent dies
|
// die when parent dies
|
||||||
if (prctl(PR_SET_PDEATHSIG, SIGKILL)) die("cannot PR_SET_PDEATHSIG for child process: %m\n");
|
if (prctl(PR_SET_PDEATHSIG, SIGKILL)) die("cannot PR_SET_PDEATHSIG for child process: %m\n");
|
||||||
struct killparams* params = (struct killparams*) arg;
|
struct killparams* params = (struct killparams*) arg;
|
||||||
struct timespec tw = {params -> time / 1000, ((params->time) % 1000+5) * 1000000};
|
struct timespec tw = {params -> time / 1000, ((params->time) % 1000+5) * 1000000};
|
||||||
|
@ -65,7 +64,7 @@ static int killafter(void *arg) {
|
||||||
static char nmstack[STACK_SIZE];
|
static char nmstack[STACK_SIZE];
|
||||||
static char killstack[STACK_SIZE];
|
static char killstack[STACK_SIZE];
|
||||||
|
|
||||||
static void parse_args(int argc, char **argv, struct params *params,struct limits *limits){
|
static void parse_args(int argc, char **argv, struct params *params, struct limits *limits){
|
||||||
if (argc < 7) {
|
if (argc < 7) {
|
||||||
puts("usage:\n starter <max processes number> <core_id> <memory_amount> <time limit in ms> <shared folder> <command, arg1,arg2,...>");
|
puts("usage:\n starter <max processes number> <core_id> <memory_amount> <time limit in ms> <shared folder> <command, arg1,arg2,...>");
|
||||||
exit(0);
|
exit(0);
|
||||||
|
@ -85,18 +84,18 @@ static void parse_args(int argc, char **argv, struct params *params,struct limit
|
||||||
params->argv = argv;
|
params->argv = argv;
|
||||||
}
|
}
|
||||||
|
|
||||||
//setup user namespace
|
// setup user namespace
|
||||||
static void prepare_userns(int pid) {
|
static void prepare_userns(int pid) {
|
||||||
char path[100];
|
char path[100];
|
||||||
char line[100];
|
char line[100];
|
||||||
|
|
||||||
int uid = 0;//root
|
int uid = 0;// root
|
||||||
int gid = 0;//root
|
int gid = 0;// root
|
||||||
int unprivileged_uid = 66534;//nobody
|
int unprivileged_uid = 66534;// nobody
|
||||||
int unprivileged_gid = 65534;//nogroup
|
int unprivileged_gid = 65534;// nogroup
|
||||||
|
|
||||||
sprintf(path, "/proc/%d/uid_map", pid);
|
sprintf(path, "/proc/%d/uid_map", pid);
|
||||||
sprintf(line, "0 %d 1\n1 %d 1000\n", uid, unprivileged_uid);//map root to uid 0,nobody to uid 1000
|
sprintf(line, "0 %d 1\n1 %d 1000\n", uid, unprivileged_uid);// map root to uid 0,nobody to unprivileged uid
|
||||||
write_file(path, line);
|
write_file(path, line);
|
||||||
|
|
||||||
sprintf(path, "/proc/%d/setgroups", pid);
|
sprintf(path, "/proc/%d/setgroups", pid);
|
||||||
|
@ -104,45 +103,48 @@ static void prepare_userns(int pid) {
|
||||||
write_file(path, line);
|
write_file(path, line);
|
||||||
|
|
||||||
sprintf(path, "/proc/%d/gid_map", pid);
|
sprintf(path, "/proc/%d/gid_map", pid);
|
||||||
sprintf(line, "0 %d 1\n1 %d 1000\n", gid, unprivileged_gid);//map root to gid 0,nogroup to gid 1000
|
sprintf(line, "0 %d 1\n1 %d 1000\n", gid, unprivileged_gid);// map root to gid 0,nogroup to unprivileged gid
|
||||||
write_file(path, line);
|
write_file(path, line);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void get_real_path(char* path) {
|
||||||
|
if (realpath (argv[0], path) == 0) die("unable to resolve real path: %m");// get absolute path to executable
|
||||||
|
for(int i = strlen(path); i > 0 && path[i] != '/';i--) path[i]=0;// cut filename to get directory name
|
||||||
|
}
|
||||||
|
|
||||||
int main(int argc,char** argv) {
|
int main(int argc,char** argv) {
|
||||||
if(setuid(0)) die("need to be run as root");
|
if(setuid(0)) die("must be run as root");
|
||||||
if(setgid(0)) die("need to be run as root");
|
if(setgid(0)) die("must be run as root");
|
||||||
//get binary folder
|
// get binary path
|
||||||
char bin_path[PATH_MAX];
|
char real_path[PATH_MAX];
|
||||||
if (realpath (argv[0], bin_path) == 0) die("unable to resolve real path: %m");//get absolute path to executable
|
get_real_path(real_path);
|
||||||
for(int i = strlen(bin_path); i > 0 && bin_path[i] != '/';i--) bin_path[i]=0;//cut filename to get directory name
|
if(chdir(real_path)) die("unable to chdir to binary path: %m");
|
||||||
if(chdir(bin_path)) die("unable to chdir to binary path: %m");
|
// set random seed
|
||||||
//set random seed
|
|
||||||
srand(time(NULL));
|
srand(time(NULL));
|
||||||
//setup parameters
|
// setup parameters
|
||||||
struct params params;
|
struct params params;
|
||||||
memset(¶ms, 0, sizeof(struct params));
|
memset(¶ms, 0, sizeof(struct params));
|
||||||
struct limits limits;
|
struct limits limits;
|
||||||
memset(&limits, 0, sizeof(struct limits));
|
memset(&limits, 0, sizeof(struct limits));
|
||||||
parse_args(argc, argv, ¶ms, &limits);
|
parse_args(argc, argv, ¶ms, &limits);
|
||||||
prepare_cgroup(&limits);
|
prepare_cgroup(&limits);
|
||||||
if (pipe(params.fd) < 0) die("can't open pipe: %m");//a pipe to report readiness
|
if (pipe(params.fd) < 0) die("can't open pipe: %m");// a pipe to report readiness
|
||||||
int clone_flags = SIGCHLD | CLONE_NEWUTS | CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWIPC | CLONE_NEWCGROUP;
|
int clone_flags = SIGCHLD | CLONE_NEWUTS | CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWIPC | CLONE_NEWCGROUP;
|
||||||
int nsrun_pid = clone(nsrun, nmstack + STACK_SIZE, clone_flags, ¶ms);//make new namespace
|
int nsrun_pid = clone(nsrun, nmstack + STACK_SIZE, clone_flags, ¶ms);// make new namespace
|
||||||
//int pipe = params.fd[1];
|
|
||||||
prepare_userns(nsrun_pid);
|
prepare_userns(nsrun_pid);
|
||||||
if (nsrun_pid < 0) die("faled to clone");
|
if (nsrun_pid < 0) die("faled to clone");
|
||||||
add_to_cgroup(nsrun_pid);
|
add_to_cgroup(nsrun_pid);
|
||||||
if (write(params.fd[1], "OK", 2) != 2) die("Failed to write to pipe: %m");//report readiness
|
if (write(params.fd[1], "OK", 2) != 2) die("Failed to write to pipe: %m");// report readiness
|
||||||
struct killparams killparams;
|
struct killparams killparams;
|
||||||
killparams.time = limits.time;
|
killparams.time = limits.time;
|
||||||
killparams.pid = nsrun_pid;
|
killparams.pid = nsrun_pid;
|
||||||
int kill_pid = clone(killafter, killstack + STACK_SIZE, SIGCHLD, &killparams);
|
int kill_pid = clone(killafter, killstack + STACK_SIZE, SIGCHLD, &killparams);
|
||||||
time_start = getmstime();
|
time_start = getmstime();
|
||||||
if (waitpid(nsrun_pid, NULL, 0) == -1) die("Failed to wait pid %d: %m\n", nsrun_pid);
|
if (waitpid(nsrun_pid, NULL, 0) == -1) die("Failed to wait pid %d: %m\n", nsrun_pid);
|
||||||
kill(kill_pid,SIGKILL);//kill killer
|
kill(kill_pid, SIGKILL);// kill killer
|
||||||
int time = getmstime()-time_start;
|
int time = getmstime() - time_start;
|
||||||
if(chdir(params.shared_folder)) die("Failed to chdir to shared folder:%m");
|
if(chdir(params.shared_folder)) die("Failed to chdir to shared folder:%m");
|
||||||
if(time>=limits.time) {
|
if(time >= limits.time) {
|
||||||
write_file("time", "-1");
|
write_file("time", "-1");
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
Loading…
Reference in a new issue