Gitiles
Code Review Sign In
gerrit.nordix.org / codeaurora / busybox / 22542eca18e5807b72ddc78999f5101e33f17a53 / . / runit / chpst.c
blob: 3ecb85cba1d2b04d300828d7231c92a4e5fd8737 [file] [log] [blame]
Denis Vlasenko9bff26c2006-10-20 19:40:44 +0000[diff] [blame]1/*
2Copyright (c) 2001-2006, Gerrit Pape
3All rights reserved.
4
5Redistribution and use in source and binary forms, with or without
6modification, are permitted provided that the following conditions are met:
7
8 1. Redistributions of source code must retain the above copyright notice,
9 this list of conditions and the following disclaimer.
10 2. Redistributions in binary form must reproduce the above copyright
11 notice, this list of conditions and the following disclaimer in the
12 documentation and/or other materials provided with the distribution.
13 3. The name of the author may not be used to endorse or promote products
14 derived from this software without specific prior written permission.
15
Denys Vlasenko95f79532017-08-02 14:26:33 +0200[diff] [blame]16THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
Denis Vlasenko9bff26c2006-10-20 19:40:44 +0000[diff] [blame]17WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26*/
27
Denis Vlasenkod18f52b2008-03-02 12:53:15 +0000[diff] [blame]28/* Busyboxed by Denys Vlasenko <vda.linux@googlemail.com> */
Denys Vlasenko0863e1a2015-10-19 00:41:28 +0200[diff] [blame]29
30//config:config CHPST
Denys Vlasenko4eed2c62017-07-18 22:01:24 +0200[diff] [blame]31//config: bool "chpst (8.7 kb)"
Denys Vlasenko0863e1a2015-10-19 00:41:28 +0200[diff] [blame]32//config: default y
33//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200[diff] [blame]34//config: chpst changes the process state according to the given options, and
35//config: execs specified program.
Denys Vlasenko0863e1a2015-10-19 00:41:28 +0200[diff] [blame]36//config:
37//config:config SETUIDGID
Denys Vlasenko4eed2c62017-07-18 22:01:24 +0200[diff] [blame]38//config: bool "setuidgid (4.2 kb)"
Denys Vlasenko0863e1a2015-10-19 00:41:28 +0200[diff] [blame]39//config: default y
40//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200[diff] [blame]41//config: Sets soft resource limits as specified by options
Denys Vlasenko0863e1a2015-10-19 00:41:28 +0200[diff] [blame]42//config:
43//config:config ENVUIDGID
Denys Vlasenko4eed2c62017-07-18 22:01:24 +0200[diff] [blame]44//config: bool "envuidgid (3.6 kb)"
Denys Vlasenko0863e1a2015-10-19 00:41:28 +0200[diff] [blame]45//config: default y
46//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200[diff] [blame]47//config: Sets $UID to account's uid and $GID to account's gid
Denys Vlasenko0863e1a2015-10-19 00:41:28 +0200[diff] [blame]48//config:
49//config:config ENVDIR
Denys Vlasenko4eed2c62017-07-18 22:01:24 +0200[diff] [blame]50//config: bool "envdir (2.5 kb)"
Denys Vlasenko0863e1a2015-10-19 00:41:28 +0200[diff] [blame]51//config: default y
52//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200[diff] [blame]53//config: Sets various environment variables as specified by files
54//config: in the given directory
Denys Vlasenko0863e1a2015-10-19 00:41:28 +0200[diff] [blame]55//config:
56//config:config SOFTLIMIT
Denys Vlasenko4eed2c62017-07-18 22:01:24 +0200[diff] [blame]57//config: bool "softlimit (4.3 kb)"
Denys Vlasenko0863e1a2015-10-19 00:41:28 +0200[diff] [blame]58//config: default y
59//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +0200[diff] [blame]60//config: Sets soft resource limits as specified by options
Denys Vlasenko0863e1a2015-10-19 00:41:28 +0200[diff] [blame]61
Denys Vlasenko5c527dc2017-08-04 19:55:01 +0200[diff] [blame]62//applet:IF_CHPST( APPLET_NOEXEC(chpst, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, chpst))
63// APPLET_NOEXEC:name main location suid_type help
64//applet:IF_ENVDIR( APPLET_NOEXEC(envdir, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, envdir))
65//applet:IF_ENVUIDGID(APPLET_NOEXEC(envuidgid, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, envuidgid))
66//applet:IF_SETUIDGID(APPLET_NOEXEC(setuidgid, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, setuidgid))
67//applet:IF_SOFTLIMIT(APPLET_NOEXEC(softlimit, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, softlimit))
Denys Vlasenko0863e1a2015-10-19 00:41:28 +0200[diff] [blame]68
69//kbuild:lib-$(CONFIG_CHPST) += chpst.o
70//kbuild:lib-$(CONFIG_ENVDIR) += chpst.o
71//kbuild:lib-$(CONFIG_ENVUIDGID) += chpst.o
72//kbuild:lib-$(CONFIG_SETUIDGID) += chpst.o
73//kbuild:lib-$(CONFIG_SOFTLIMIT) += chpst.o
Denis Vlasenko9bff26c2006-10-20 19:40:44 +0000[diff] [blame]74
Pere Orga5bc8c002011-04-11 03:29:49 +0200[diff] [blame]75//usage:#define chpst_trivial_usage
76//usage: "[-vP012] [-u USER[:GRP]] [-U USER[:GRP]] [-e DIR]\n"
77//usage: " [-/ DIR] [-n NICE] [-m BYTES] [-d BYTES] [-o N]\n"
78//usage: " [-p N] [-f BYTES] [-c BYTES] PROG ARGS"
79//usage:#define chpst_full_usage "\n\n"
80//usage: "Change the process state, run PROG\n"
Pere Orga5bc8c002011-04-11 03:29:49 +0200[diff] [blame]81//usage: "\n -u USER[:GRP] Set uid and gid"
82//usage: "\n -U USER[:GRP] Set $UID and $GID in environment"
83//usage: "\n -e DIR Set environment variables as specified by files"
84//usage: "\n in DIR: file=1st_line_of_file"
85//usage: "\n -/ DIR Chroot to DIR"
86//usage: "\n -n NICE Add NICE to nice value"
87//usage: "\n -m BYTES Same as -d BYTES -s BYTES -l BYTES"
88//usage: "\n -d BYTES Limit data segment"
89//usage: "\n -o N Limit number of open files per process"
90//usage: "\n -p N Limit number of processes per uid"
91//usage: "\n -f BYTES Limit output file sizes"
92//usage: "\n -c BYTES Limit core file size"
93//usage: "\n -v Verbose"
94//usage: "\n -P Create new process group"
95//usage: "\n -0 Close stdin"
96//usage: "\n -1 Close stdout"
97//usage: "\n -2 Close stderr"
98//usage:
99//usage:#define envdir_trivial_usage
100//usage: "DIR PROG ARGS"
101//usage:#define envdir_full_usage "\n\n"
102//usage: "Set various environment variables as specified by files\n"
103//usage: "in the directory DIR, run PROG"
104//usage:
105//usage:#define envuidgid_trivial_usage
106//usage: "USER PROG ARGS"
107//usage:#define envuidgid_full_usage "\n\n"
108//usage: "Set $UID to USER's uid and $GID to USER's gid, run PROG"
109//usage:
110//usage:#define setuidgid_trivial_usage
111//usage: "USER PROG ARGS"
112//usage:#define setuidgid_full_usage "\n\n"
113//usage: "Set uid and gid to USER's uid and gid, drop supplementary group ids,\n"
114//usage: "run PROG"
115//usage:
116//usage:#define softlimit_trivial_usage
117//usage: "[-a BYTES] [-m BYTES] [-d BYTES] [-s BYTES] [-l BYTES]\n"
118//usage: " [-f BYTES] [-c BYTES] [-r BYTES] [-o N] [-p N] [-t N]\n"
119//usage: " PROG ARGS"
120//usage:#define softlimit_full_usage "\n\n"
121//usage: "Set soft resource limits, then run PROG\n"
Pere Orga5bc8c002011-04-11 03:29:49 +0200[diff] [blame]122//usage: "\n -a BYTES Limit total size of all segments"
123//usage: "\n -m BYTES Same as -d BYTES -s BYTES -l BYTES -a BYTES"
124//usage: "\n -d BYTES Limit data segment"
125//usage: "\n -s BYTES Limit stack segment"
126//usage: "\n -l BYTES Limit locked memory size"
127//usage: "\n -o N Limit number of open files per process"
128//usage: "\n -p N Limit number of processes per uid"
129//usage: "\nOptions controlling file sizes:"
130//usage: "\n -f BYTES Limit output file sizes"
131//usage: "\n -c BYTES Limit core file size"
132//usage: "\nEfficiency opts:"
133//usage: "\n -r BYTES Limit resident set size"
134//usage: "\n -t N Limit CPU time, process receives"
135//usage: "\n a SIGXCPU after N seconds"
136
Denis Vlasenkob6adbf12007-05-26 19:00:18 +0000[diff] [blame]137#include "libbb.h"
Mike Frysingerc5fe9f72012-07-05 23:19:09 -0400[diff] [blame]138#include <sys/resource.h> /* getrlimit */
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]139
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]140/*
141Five applets here: chpst, envdir, envuidgid, setuidgid, softlimit.
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]142
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]143Only softlimit and chpst are taking options:
144
145# common
146-o N Limit number of open files per process
147-p N Limit number of processes per uid
148-m BYTES Same as -d BYTES -s BYTES -l BYTES [-a BYTES]
149-d BYTES Limit data segment
150-f BYTES Limit output file sizes
151-c BYTES Limit core file size
152# softlimit
153-a BYTES Limit total size of all segments
154-s BYTES Limit stack segment
155-l BYTES Limit locked memory size
156-r BYTES Limit resident set size
157-t N Limit CPU time
158# chpst
159-u USER[:GRP] Set uid and gid
160-U USER[:GRP] Set $UID and $GID in environment
161-e DIR Set environment variables as specified by files in DIR
162-/ DIR Chroot to DIR
163-n NICE Add NICE to nice value
164-v Verbose
165-P Create new process group
166-0 -1 -2 Close fd 0,1,2
167
168Even though we accept all these options for both softlimit and chpst,
169they are not to be advertised on their help texts.
170We have enough problems with feature creep in other people's
171software, don't want to add our own.
172
173envdir, envuidgid, setuidgid take no options, but they reuse code which
174handles -e, -U and -u.
175*/
176
177enum {
178 OPT_a = (1 << 0) * ENABLE_SOFTLIMIT,
179 OPT_c = (1 << 1) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
180 OPT_d = (1 << 2) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
181 OPT_f = (1 << 3) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
182 OPT_l = (1 << 4) * ENABLE_SOFTLIMIT,
183 OPT_m = (1 << 5) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
184 OPT_o = (1 << 6) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
185 OPT_p = (1 << 7) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
186 OPT_r = (1 << 8) * ENABLE_SOFTLIMIT,
187 OPT_s = (1 << 9) * ENABLE_SOFTLIMIT,
188 OPT_t = (1 << 10) * ENABLE_SOFTLIMIT,
189 OPT_u = (1 << 11) * (ENABLE_CHPST || ENABLE_SETUIDGID),
190 OPT_U = (1 << 12) * (ENABLE_CHPST || ENABLE_ENVUIDGID),
191 OPT_e = (1 << 13) * (ENABLE_CHPST || ENABLE_ENVDIR),
192 OPT_root = (1 << 14) * ENABLE_CHPST,
193 OPT_n = (1 << 15) * ENABLE_CHPST,
194 OPT_v = (1 << 16) * ENABLE_CHPST,
195 OPT_P = (1 << 17) * ENABLE_CHPST,
196 OPT_0 = (1 << 18) * ENABLE_CHPST,
197 OPT_1 = (1 << 19) * ENABLE_CHPST,
198 OPT_2 = (1 << 20) * ENABLE_CHPST,
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000[diff] [blame]199};
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]200
Bernhard Reutner-Fischerca254492009-10-26 23:27:07 +0100[diff] [blame]201/* TODO: use recursive_action? */
Denys Vlasenkoadf922e2009-10-08 14:35:37 +0200[diff] [blame]202static NOINLINE void edir(const char *directory_name)
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]203{
204 int wdir;
205 DIR *dir;
206 struct dirent *d;
207 int fd;
208
209 wdir = xopen(".", O_RDONLY | O_NDELAY);
210 xchdir(directory_name);
Bernhard Reutner-Fischerca254492009-10-26 23:27:07 +0100[diff] [blame]211 dir = xopendir(".");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]212 for (;;) {
Denys Vlasenko695fa512010-01-06 18:16:39 +0100[diff] [blame]213 char buf[256];
Denis Vlasenko9895dfd2008-04-01 16:13:14 +0000[diff] [blame]214 char *tail;
215 int size;
216
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]217 errno = 0;
218 d = readdir(dir);
219 if (!d) {
Denis Vlasenko83ea6432006-11-16 02:27:24 +0000[diff] [blame]220 if (errno)
221 bb_perror_msg_and_die("readdir %s",
222 directory_name);
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]223 break;
224 }
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000[diff] [blame]225 if (d->d_name[0] == '.')
226 continue;
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]227 fd = open(d->d_name, O_RDONLY | O_NDELAY);
228 if (fd < 0) {
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]229 if ((errno == EISDIR) && directory_name) {
230 if (option_mask32 & OPT_v)
Denis Vlasenko83ea6432006-11-16 02:27:24 +0000[diff] [blame]231 bb_perror_msg("warning: %s/%s is a directory",
Denys Vlasenkoe4dcba12010-10-28 18:57:19 +0200[diff] [blame]232 directory_name, d->d_name);
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]233 continue;
Denys Vlasenkoe4dcba12010-10-28 18:57:19 +0200[diff] [blame]234 }
235 bb_perror_msg_and_die("open %s/%s",
Denis Vlasenko83ea6432006-11-16 02:27:24 +0000[diff] [blame]236 directory_name, d->d_name);
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]237 }
Denis Vlasenko9895dfd2008-04-01 16:13:14 +0000[diff] [blame]238 size = full_read(fd, buf, sizeof(buf)-1);
239 close(fd);
240 if (size < 0)
241 bb_perror_msg_and_die("read %s/%s",
242 directory_name, d->d_name);
243 if (size == 0) {
244 unsetenv(d->d_name);
245 continue;
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]246 }
Denis Vlasenko9895dfd2008-04-01 16:13:14 +0000[diff] [blame]247 buf[size] = '\n';
248 tail = strchr(buf, '\n');
249 /* skip trailing whitespace */
250 while (1) {
251 *tail = '\0';
252 tail--;
253 if (tail < buf || !isspace(*tail))
254 break;
255 }
256 xsetenv(d->d_name, buf);
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]257 }
258 closedir(dir);
Denys Vlasenkoc4199f22016-04-01 22:12:44 +0200[diff] [blame]259 xfchdir(wdir);
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]260 close(wdir);
261}
262
263static void limit(int what, long l)
264{
265 struct rlimit r;
266
Denis Vlasenko4e6d5112008-03-12 22:14:34 +0000[diff] [blame]267 /* Never fails under Linux (except if you pass it bad arguments) */
268 getrlimit(what, &r);
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]269 if ((l < 0) || (l > r.rlim_max))
270 r.rlim_cur = r.rlim_max;
271 else
272 r.rlim_cur = l;
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000[diff] [blame]273 if (setrlimit(what, &r) == -1)
274 bb_perror_msg_and_die("setrlimit");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]275}
276
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]277int chpst_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
278int chpst_main(int argc UNUSED_PARAM, char **argv)
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]279{
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]280 struct bb_uidgid_t ugid;
Denis Vlasenkoec73d302008-08-05 17:43:29 +0000[diff] [blame]281 char *set_user = set_user; /* for compiler */
Denis Vlasenkoec73d302008-08-05 17:43:29 +0000[diff] [blame]282 char *env_dir = env_dir;
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]283 char *root;
284 char *nicestr;
285 unsigned limita;
286 unsigned limitc;
287 unsigned limitd;
288 unsigned limitf;
289 unsigned limitl;
290 unsigned limitm;
291 unsigned limito;
292 unsigned limitp;
293 unsigned limitr;
294 unsigned limits;
295 unsigned limitt;
296 unsigned opt;
297
298 if ((ENABLE_CHPST && applet_name[0] == 'c')
299 || (ENABLE_SOFTLIMIT && applet_name[1] == 'o')
300 ) {
301 // FIXME: can we live with int-sized limits?
302 // can we live with 40000 days?
303 // if yes -> getopt converts strings to numbers for us
Denys Vlasenko22542ec2017-08-08 21:55:02 +0200[diff] [blame^]304 opt = getopt32(argv, "^+"
305 "a:+c:+d:+f:+l:+m:+o:+p:+r:+s:+t:+u:U:e:"
306 IF_CHPST("/:n:vP012")
307 "\0" "-1",
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]308 &limita, &limitc, &limitd, &limitf, &limitl,
309 &limitm, &limito, &limitp, &limitr, &limits, &limitt,
Denys Vlasenko1a7256a2013-11-29 16:39:28 +0100[diff] [blame]310 &set_user, &set_user, &env_dir
Denis Vlasenko5e34ff22009-04-21 11:09:40 +0000[diff] [blame]311 IF_CHPST(, &root, &nicestr));
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]312 argv += optind;
313 if (opt & OPT_m) { // -m means -asld
314 limita = limits = limitl = limitd = limitm;
315 opt |= (OPT_s | OPT_l | OPT_a | OPT_d);
316 }
317 } else {
318 option_mask32 = opt = 0;
319 argv++;
Denis Vlasenkob9c262b2008-08-20 22:19:27 +0000[diff] [blame]320 if (!*argv)
321 bb_show_usage();
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]322 }
323
324 // envdir?
325 if (ENABLE_ENVDIR && applet_name[3] == 'd') {
326 env_dir = *argv++;
327 opt |= OPT_e;
328 }
329
330 // setuidgid?
Denis Vlasenkob9c262b2008-08-20 22:19:27 +0000[diff] [blame]331 if (ENABLE_SETUIDGID && applet_name[1] == 'e') {
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]332 set_user = *argv++;
333 opt |= OPT_u;
334 }
335
336 // envuidgid?
Denis Vlasenko69ed3092008-08-15 21:03:17 +0000[diff] [blame]337 if (ENABLE_ENVUIDGID && applet_name[0] == 'e' && applet_name[3] == 'u') {
Denys Vlasenko1a7256a2013-11-29 16:39:28 +0100[diff] [blame]338 set_user = *argv++;
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]339 opt |= OPT_U;
340 }
341
342 // we must have PROG [ARGS]
343 if (!*argv)
344 bb_show_usage();
345
346 // set limits
347 if (opt & OPT_d) {
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]348#ifdef RLIMIT_DATA
349 limit(RLIMIT_DATA, limitd);
350#else
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]351 if (opt & OPT_v)
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000[diff] [blame]352 bb_error_msg("system does not support RLIMIT_%s",
353 "DATA");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]354#endif
355 }
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]356 if (opt & OPT_s) {
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]357#ifdef RLIMIT_STACK
358 limit(RLIMIT_STACK, limits);
359#else
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]360 if (opt & OPT_v)
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000[diff] [blame]361 bb_error_msg("system does not support RLIMIT_%s",
362 "STACK");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]363#endif
364 }
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]365 if (opt & OPT_l) {
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]366#ifdef RLIMIT_MEMLOCK
367 limit(RLIMIT_MEMLOCK, limitl);
368#else
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]369 if (opt & OPT_v)
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000[diff] [blame]370 bb_error_msg("system does not support RLIMIT_%s",
371 "MEMLOCK");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]372#endif
373 }
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]374 if (opt & OPT_a) {
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]375#ifdef RLIMIT_VMEM
376 limit(RLIMIT_VMEM, limita);
377#else
378#ifdef RLIMIT_AS
379 limit(RLIMIT_AS, limita);
380#else
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]381 if (opt & OPT_v)
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000[diff] [blame]382 bb_error_msg("system does not support RLIMIT_%s",
383 "VMEM");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]384#endif
385#endif
386 }
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]387 if (opt & OPT_o) {
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]388#ifdef RLIMIT_NOFILE
389 limit(RLIMIT_NOFILE, limito);
390#else
391#ifdef RLIMIT_OFILE
392 limit(RLIMIT_OFILE, limito);
393#else
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]394 if (opt & OPT_v)
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000[diff] [blame]395 bb_error_msg("system does not support RLIMIT_%s",
396 "NOFILE");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]397#endif
398#endif
399 }
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]400 if (opt & OPT_p) {
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]401#ifdef RLIMIT_NPROC
402 limit(RLIMIT_NPROC, limitp);
403#else
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]404 if (opt & OPT_v)
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000[diff] [blame]405 bb_error_msg("system does not support RLIMIT_%s",
406 "NPROC");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]407#endif
408 }
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]409 if (opt & OPT_f) {
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]410#ifdef RLIMIT_FSIZE
411 limit(RLIMIT_FSIZE, limitf);
412#else
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]413 if (opt & OPT_v)
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000[diff] [blame]414 bb_error_msg("system does not support RLIMIT_%s",
415 "FSIZE");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]416#endif
417 }
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]418 if (opt & OPT_c) {
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]419#ifdef RLIMIT_CORE
420 limit(RLIMIT_CORE, limitc);
421#else
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]422 if (opt & OPT_v)
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000[diff] [blame]423 bb_error_msg("system does not support RLIMIT_%s",
424 "CORE");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]425#endif
426 }
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]427 if (opt & OPT_r) {
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]428#ifdef RLIMIT_RSS
429 limit(RLIMIT_RSS, limitr);
430#else
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]431 if (opt & OPT_v)
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000[diff] [blame]432 bb_error_msg("system does not support RLIMIT_%s",
433 "RSS");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]434#endif
435 }
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]436 if (opt & OPT_t) {
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]437#ifdef RLIMIT_CPU
438 limit(RLIMIT_CPU, limitt);
439#else
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]440 if (opt & OPT_v)
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000[diff] [blame]441 bb_error_msg("system does not support RLIMIT_%s",
442 "CPU");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]443#endif
444 }
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]445
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]446 if (opt & OPT_P)
447 setsid();
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]448
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]449 if (opt & OPT_e)
450 edir(env_dir);
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000[diff] [blame]451
Denys Vlasenkoc74a79f2011-09-16 11:54:13 +0200[diff] [blame]452 if (opt & (OPT_u|OPT_U))
Denys Vlasenkod18ef6c2011-09-16 11:52:43 +0200[diff] [blame]453 xget_uidgid(&ugid, set_user);
Denys Vlasenkod18ef6c2011-09-16 11:52:43 +0200[diff] [blame]454
Denys Vlasenkoc74a79f2011-09-16 11:54:13 +0200[diff] [blame]455 // chrooted jail must have /etc/passwd if we move this after chroot.
456 // OTOH chroot fails for non-roots.
457 // Solution: cache uid/gid before chroot, apply uid/gid after.
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]458 if (opt & OPT_U) {
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]459 xsetenv("GID", utoa(ugid.gid));
460 xsetenv("UID", utoa(ugid.uid));
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]461 }
Denis Vlasenkof7996f32007-01-11 17:20:00 +0000[diff] [blame]462
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]463 if (opt & OPT_root) {
Denys Vlasenko0687a5b2012-03-08 00:28:24 +0100[diff] [blame]464 xchroot(root);
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]465 }
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]466
Denys Vlasenko01880422017-03-13 22:32:05 +0100[diff] [blame]467 /* nice should be done before xsetuid */
468 if (opt & OPT_n) {
469 errno = 0;
470 if (nice(xatoi(nicestr)) == -1)
471 bb_perror_msg_and_die("nice");
472 }
473
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]474 if (opt & OPT_u) {
475 if (setgroups(1, &ugid.gid) == -1)
476 bb_perror_msg_and_die("setgroups");
477 xsetgid(ugid.gid);
478 xsetuid(ugid.uid);
479 }
480
Denis Vlasenkob3571492008-07-30 21:23:26 +0000[diff] [blame]481 if (opt & OPT_0)
482 close(STDIN_FILENO);
483 if (opt & OPT_1)
484 close(STDOUT_FILENO);
485 if (opt & OPT_2)
486 close(STDERR_FILENO);
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]487
Pascal Bellard21e8e8d2010-07-04 00:57:03 +0200[diff] [blame]488 BB_EXECVP_or_die(argv);
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000[diff] [blame]489}