131 lines
3.6 KiB
C
131 lines
3.6 KiB
C
#define _GNU_SOURCE
|
|
#include <sys/wait.h>
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
#include <unistd.h>
|
|
#include <string.h>
|
|
#include <errno.h>
|
|
#include <sched.h>
|
|
#include <sys/syscall.h>
|
|
#include <linux/sched.h>
|
|
#include <stdarg.h>
|
|
#include <time.h>
|
|
#include <limits.h>
|
|
#include <signal.h>
|
|
|
|
#include "util.h"
|
|
|
|
struct params {
|
|
char* shared_folder;
|
|
int fd[2];
|
|
int out_fd;
|
|
char **argv;
|
|
};
|
|
|
|
struct limits {
|
|
size_t memory;
|
|
int core;
|
|
int time;
|
|
};
|
|
|
|
struct killparams{
|
|
int time;
|
|
int pid;
|
|
};
|
|
|
|
#define READ_SIZE 100
|
|
char read_buf[READ_SIZE+1];
|
|
|
|
#include "ns_exec.c"
|
|
#include "cgroup_prepare.c"
|
|
|
|
static int killafter(void *arg) {
|
|
//die when parent dies
|
|
if (prctl(PR_SET_PDEATHSIG, SIGKILL)) die("cannot PR_SET_PDEATHSIG for child process: %m\n");
|
|
struct killparams* params = (struct killparams*) arg;
|
|
struct timespec tw={params->time/1000,((params->time)%1000)*1000000};
|
|
struct timespec tr;
|
|
nanosleep(&tw,&tr);
|
|
kill(params->pid,SIGKILL);
|
|
}
|
|
|
|
//const size_t STACK_SIZE=1000000;
|
|
#define STACK_SIZE 1000000
|
|
static char nmstack[STACK_SIZE];
|
|
static char killstack[STACK_SIZE];
|
|
|
|
static void parse_args(int argc, char **argv, struct params *params,struct limits *limits){
|
|
if (argc < 6) {
|
|
puts("usage:\n starter <core_id> <memory_amount> <time limit in ms> <shared folder> <command, arg1,arg2,...>");
|
|
exit(0);
|
|
}
|
|
argc--;argv++;
|
|
limits->core=atoi(argv[0]);
|
|
argc--;argv++;
|
|
limits->memory=atoi(argv[0]);
|
|
argc--;argv++;
|
|
limits->time=atoi(argv[0]);
|
|
argc--;argv++;
|
|
params->shared_folder=argv[0];
|
|
argc--;argv++;
|
|
|
|
params->argv = argv;
|
|
}
|
|
|
|
static void prepare_userns(int pid) {
|
|
char path[100];
|
|
char line[100];
|
|
|
|
int uid = 0;
|
|
int gid = 0;
|
|
int unprivileged_uid=66534;
|
|
int unprivileged_gid=65534;
|
|
|
|
sprintf(path, "/proc/%d/uid_map", pid);
|
|
sprintf(line, "0 %d 1\n1 %d 1000\n", uid, unprivileged_uid);
|
|
write_file(path, line);
|
|
|
|
sprintf(path, "/proc/%d/setgroups", pid);
|
|
sprintf(line, "deny");
|
|
write_file(path, line);
|
|
|
|
sprintf(path, "/proc/%d/gid_map", pid);
|
|
sprintf(line, "0 %d 1\n1 %d 1000\n", gid, unprivileged_gid);
|
|
write_file(path, line);
|
|
}
|
|
|
|
int main(int argc,char** argv) {
|
|
if(setuid(0)) die("need to be run as root");
|
|
if(setgid(0)) die("need to be run as root");
|
|
//getting binary folder
|
|
char bin_path[PATH_MAX];
|
|
if (realpath (argv[0], bin_path) == 0) die("unable to resolve real path: %m");
|
|
for(int i = strlen(bin_path);i>0 && bin_path[i]!='/';i--) bin_path[i]=0;
|
|
if(chdir(bin_path)) die("unable to chdir to binary path: %m");
|
|
//setting random seed
|
|
srand(time(NULL));
|
|
struct params params;
|
|
memset(¶ms, 0, sizeof(struct params));
|
|
struct limits limits;
|
|
memset(&limits, 0, sizeof(struct limits));
|
|
parse_args(argc, argv, ¶ms, &limits);
|
|
prepare_cgroup(&limits);
|
|
if (pipe(params.fd) < 0) die("can't open pipe: %m");
|
|
int clone_flags = SIGCHLD | CLONE_NEWUTS | CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWIPC | CLONE_NEWCGROUP/* | CLONE_NEWTIME*/;
|
|
int nsrun_pid=clone(nsrun,nmstack+STACK_SIZE,clone_flags,¶ms);
|
|
int pipe=params.fd[1];
|
|
//sleep(1);
|
|
prepare_userns(nsrun_pid);
|
|
if (nsrun_pid<0) {die("faled to clone");}
|
|
add_to_cgroup(nsrun_pid);
|
|
//dup2(STDOUT_FILENO,params.out[0]);
|
|
if (write(pipe, "OK", 2) != 2) die("Failed to write to pipe: %m");//report readiness
|
|
struct killparams killparams;
|
|
killparams.time=limits.time;
|
|
killparams.pid=nsrun_pid;
|
|
clone(killafter,killstack+STACK_SIZE,SIGCHLD,&killparams);
|
|
if (waitpid(nsrun_pid, NULL, 0) == -1) die("Failed to wait pid %d: %m\n", nsrun_pid);
|
|
remove_cgroup();
|
|
return 0;
|
|
}
|