blob: c2641ce8ac9696ec8a78028c28905adefc0034eb [file] [log] [blame]
Denis Vlasenko9bff26c2006-10-20 19:40:44 +00001/*
2Copyright (c) 2001-2006, Gerrit Pape
3All rights reserved.
4
5Redistribution and use in source and binary forms, with or without
6modification, are permitted provided that the following conditions are met:
7
8 1. Redistributions of source code must retain the above copyright notice,
9 this list of conditions and the following disclaimer.
10 2. Redistributions in binary form must reproduce the above copyright
11 notice, this list of conditions and the following disclaimer in the
12 documentation and/or other materials provided with the distribution.
13 3. The name of the author may not be used to endorse or promote products
14 derived from this software without specific prior written permission.
15
Denys Vlasenko95f79532017-08-02 14:26:33 +020016THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
Denis Vlasenko9bff26c2006-10-20 19:40:44 +000017WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26*/
27
Denis Vlasenkod18f52b2008-03-02 12:53:15 +000028/* Busyboxed by Denys Vlasenko <vda.linux@googlemail.com> */
Denys Vlasenko0863e1a2015-10-19 00:41:28 +020029
30//config:config CHPST
Denys Vlasenko4eed2c62017-07-18 22:01:24 +020031//config: bool "chpst (8.7 kb)"
Denys Vlasenko0863e1a2015-10-19 00:41:28 +020032//config: default y
33//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +020034//config: chpst changes the process state according to the given options, and
35//config: execs specified program.
Denys Vlasenko0863e1a2015-10-19 00:41:28 +020036//config:
37//config:config SETUIDGID
Denys Vlasenko4eed2c62017-07-18 22:01:24 +020038//config: bool "setuidgid (4.2 kb)"
Denys Vlasenko0863e1a2015-10-19 00:41:28 +020039//config: default y
40//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +020041//config: Sets soft resource limits as specified by options
Denys Vlasenko0863e1a2015-10-19 00:41:28 +020042//config:
43//config:config ENVUIDGID
Denys Vlasenko4eed2c62017-07-18 22:01:24 +020044//config: bool "envuidgid (3.6 kb)"
Denys Vlasenko0863e1a2015-10-19 00:41:28 +020045//config: default y
46//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +020047//config: Sets $UID to account's uid and $GID to account's gid
Denys Vlasenko0863e1a2015-10-19 00:41:28 +020048//config:
49//config:config ENVDIR
Denys Vlasenko4eed2c62017-07-18 22:01:24 +020050//config: bool "envdir (2.5 kb)"
Denys Vlasenko0863e1a2015-10-19 00:41:28 +020051//config: default y
52//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +020053//config: Sets various environment variables as specified by files
54//config: in the given directory
Denys Vlasenko0863e1a2015-10-19 00:41:28 +020055//config:
56//config:config SOFTLIMIT
Denys Vlasenko4eed2c62017-07-18 22:01:24 +020057//config: bool "softlimit (4.3 kb)"
Denys Vlasenko0863e1a2015-10-19 00:41:28 +020058//config: default y
59//config: help
Denys Vlasenko72089cf2017-07-21 09:50:55 +020060//config: Sets soft resource limits as specified by options
Denys Vlasenko0863e1a2015-10-19 00:41:28 +020061
Denys Vlasenko5c527dc2017-08-04 19:55:01 +020062//applet:IF_CHPST( APPLET_NOEXEC(chpst, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, chpst))
63// APPLET_NOEXEC:name main location suid_type help
64//applet:IF_ENVDIR( APPLET_NOEXEC(envdir, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, envdir))
65//applet:IF_ENVUIDGID(APPLET_NOEXEC(envuidgid, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, envuidgid))
66//applet:IF_SETUIDGID(APPLET_NOEXEC(setuidgid, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, setuidgid))
67//applet:IF_SOFTLIMIT(APPLET_NOEXEC(softlimit, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, softlimit))
Denys Vlasenko0863e1a2015-10-19 00:41:28 +020068
69//kbuild:lib-$(CONFIG_CHPST) += chpst.o
70//kbuild:lib-$(CONFIG_ENVDIR) += chpst.o
71//kbuild:lib-$(CONFIG_ENVUIDGID) += chpst.o
72//kbuild:lib-$(CONFIG_SETUIDGID) += chpst.o
73//kbuild:lib-$(CONFIG_SOFTLIMIT) += chpst.o
Denis Vlasenko9bff26c2006-10-20 19:40:44 +000074
Pere Orga5bc8c002011-04-11 03:29:49 +020075//usage:#define chpst_trivial_usage
76//usage: "[-vP012] [-u USER[:GRP]] [-U USER[:GRP]] [-e DIR]\n"
77//usage: " [-/ DIR] [-n NICE] [-m BYTES] [-d BYTES] [-o N]\n"
78//usage: " [-p N] [-f BYTES] [-c BYTES] PROG ARGS"
79//usage:#define chpst_full_usage "\n\n"
80//usage: "Change the process state, run PROG\n"
Pere Orga5bc8c002011-04-11 03:29:49 +020081//usage: "\n -u USER[:GRP] Set uid and gid"
82//usage: "\n -U USER[:GRP] Set $UID and $GID in environment"
83//usage: "\n -e DIR Set environment variables as specified by files"
84//usage: "\n in DIR: file=1st_line_of_file"
85//usage: "\n -/ DIR Chroot to DIR"
86//usage: "\n -n NICE Add NICE to nice value"
87//usage: "\n -m BYTES Same as -d BYTES -s BYTES -l BYTES"
88//usage: "\n -d BYTES Limit data segment"
89//usage: "\n -o N Limit number of open files per process"
90//usage: "\n -p N Limit number of processes per uid"
91//usage: "\n -f BYTES Limit output file sizes"
92//usage: "\n -c BYTES Limit core file size"
93//usage: "\n -v Verbose"
94//usage: "\n -P Create new process group"
95//usage: "\n -0 Close stdin"
96//usage: "\n -1 Close stdout"
97//usage: "\n -2 Close stderr"
98//usage:
99//usage:#define envdir_trivial_usage
100//usage: "DIR PROG ARGS"
101//usage:#define envdir_full_usage "\n\n"
102//usage: "Set various environment variables as specified by files\n"
103//usage: "in the directory DIR, run PROG"
104//usage:
105//usage:#define envuidgid_trivial_usage
106//usage: "USER PROG ARGS"
107//usage:#define envuidgid_full_usage "\n\n"
108//usage: "Set $UID to USER's uid and $GID to USER's gid, run PROG"
109//usage:
110//usage:#define setuidgid_trivial_usage
111//usage: "USER PROG ARGS"
112//usage:#define setuidgid_full_usage "\n\n"
113//usage: "Set uid and gid to USER's uid and gid, drop supplementary group ids,\n"
114//usage: "run PROG"
115//usage:
116//usage:#define softlimit_trivial_usage
117//usage: "[-a BYTES] [-m BYTES] [-d BYTES] [-s BYTES] [-l BYTES]\n"
118//usage: " [-f BYTES] [-c BYTES] [-r BYTES] [-o N] [-p N] [-t N]\n"
119//usage: " PROG ARGS"
120//usage:#define softlimit_full_usage "\n\n"
121//usage: "Set soft resource limits, then run PROG\n"
Pere Orga5bc8c002011-04-11 03:29:49 +0200122//usage: "\n -a BYTES Limit total size of all segments"
123//usage: "\n -m BYTES Same as -d BYTES -s BYTES -l BYTES -a BYTES"
124//usage: "\n -d BYTES Limit data segment"
125//usage: "\n -s BYTES Limit stack segment"
126//usage: "\n -l BYTES Limit locked memory size"
127//usage: "\n -o N Limit number of open files per process"
128//usage: "\n -p N Limit number of processes per uid"
129//usage: "\nOptions controlling file sizes:"
130//usage: "\n -f BYTES Limit output file sizes"
131//usage: "\n -c BYTES Limit core file size"
132//usage: "\nEfficiency opts:"
133//usage: "\n -r BYTES Limit resident set size"
134//usage: "\n -t N Limit CPU time, process receives"
135//usage: "\n a SIGXCPU after N seconds"
136
Denis Vlasenkob6adbf12007-05-26 19:00:18 +0000137#include "libbb.h"
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000138
Denis Vlasenkob3571492008-07-30 21:23:26 +0000139/*
140Five applets here: chpst, envdir, envuidgid, setuidgid, softlimit.
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000141
Denis Vlasenkob3571492008-07-30 21:23:26 +0000142Only softlimit and chpst are taking options:
143
144# common
145-o N Limit number of open files per process
146-p N Limit number of processes per uid
147-m BYTES Same as -d BYTES -s BYTES -l BYTES [-a BYTES]
148-d BYTES Limit data segment
149-f BYTES Limit output file sizes
150-c BYTES Limit core file size
151# softlimit
152-a BYTES Limit total size of all segments
153-s BYTES Limit stack segment
154-l BYTES Limit locked memory size
155-r BYTES Limit resident set size
156-t N Limit CPU time
157# chpst
158-u USER[:GRP] Set uid and gid
159-U USER[:GRP] Set $UID and $GID in environment
160-e DIR Set environment variables as specified by files in DIR
161-/ DIR Chroot to DIR
162-n NICE Add NICE to nice value
163-v Verbose
164-P Create new process group
165-0 -1 -2 Close fd 0,1,2
166
167Even though we accept all these options for both softlimit and chpst,
168they are not to be advertised on their help texts.
169We have enough problems with feature creep in other people's
170software, don't want to add our own.
171
172envdir, envuidgid, setuidgid take no options, but they reuse code which
173handles -e, -U and -u.
174*/
175
176enum {
177 OPT_a = (1 << 0) * ENABLE_SOFTLIMIT,
178 OPT_c = (1 << 1) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
179 OPT_d = (1 << 2) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
180 OPT_f = (1 << 3) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
181 OPT_l = (1 << 4) * ENABLE_SOFTLIMIT,
182 OPT_m = (1 << 5) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
183 OPT_o = (1 << 6) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
184 OPT_p = (1 << 7) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
185 OPT_r = (1 << 8) * ENABLE_SOFTLIMIT,
186 OPT_s = (1 << 9) * ENABLE_SOFTLIMIT,
187 OPT_t = (1 << 10) * ENABLE_SOFTLIMIT,
188 OPT_u = (1 << 11) * (ENABLE_CHPST || ENABLE_SETUIDGID),
189 OPT_U = (1 << 12) * (ENABLE_CHPST || ENABLE_ENVUIDGID),
190 OPT_e = (1 << 13) * (ENABLE_CHPST || ENABLE_ENVDIR),
191 OPT_root = (1 << 14) * ENABLE_CHPST,
192 OPT_n = (1 << 15) * ENABLE_CHPST,
193 OPT_v = (1 << 16) * ENABLE_CHPST,
194 OPT_P = (1 << 17) * ENABLE_CHPST,
195 OPT_0 = (1 << 18) * ENABLE_CHPST,
196 OPT_1 = (1 << 19) * ENABLE_CHPST,
197 OPT_2 = (1 << 20) * ENABLE_CHPST,
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000198};
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000199
Bernhard Reutner-Fischerca254492009-10-26 23:27:07 +0100200/* TODO: use recursive_action? */
Denys Vlasenkoadf922e2009-10-08 14:35:37 +0200201static NOINLINE void edir(const char *directory_name)
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000202{
203 int wdir;
204 DIR *dir;
205 struct dirent *d;
206 int fd;
207
208 wdir = xopen(".", O_RDONLY | O_NDELAY);
209 xchdir(directory_name);
Bernhard Reutner-Fischerca254492009-10-26 23:27:07 +0100210 dir = xopendir(".");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000211 for (;;) {
Denys Vlasenko695fa512010-01-06 18:16:39 +0100212 char buf[256];
Denis Vlasenko9895dfd2008-04-01 16:13:14 +0000213 char *tail;
214 int size;
215
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000216 errno = 0;
217 d = readdir(dir);
218 if (!d) {
Denis Vlasenko83ea6432006-11-16 02:27:24 +0000219 if (errno)
220 bb_perror_msg_and_die("readdir %s",
221 directory_name);
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000222 break;
223 }
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000224 if (d->d_name[0] == '.')
225 continue;
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000226 fd = open(d->d_name, O_RDONLY | O_NDELAY);
227 if (fd < 0) {
Denis Vlasenkob3571492008-07-30 21:23:26 +0000228 if ((errno == EISDIR) && directory_name) {
229 if (option_mask32 & OPT_v)
Denis Vlasenko83ea6432006-11-16 02:27:24 +0000230 bb_perror_msg("warning: %s/%s is a directory",
Denys Vlasenkoe4dcba12010-10-28 18:57:19 +0200231 directory_name, d->d_name);
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000232 continue;
Denys Vlasenkoe4dcba12010-10-28 18:57:19 +0200233 }
234 bb_perror_msg_and_die("open %s/%s",
Denis Vlasenko83ea6432006-11-16 02:27:24 +0000235 directory_name, d->d_name);
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000236 }
Denis Vlasenko9895dfd2008-04-01 16:13:14 +0000237 size = full_read(fd, buf, sizeof(buf)-1);
238 close(fd);
239 if (size < 0)
240 bb_perror_msg_and_die("read %s/%s",
241 directory_name, d->d_name);
242 if (size == 0) {
243 unsetenv(d->d_name);
244 continue;
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000245 }
Denis Vlasenko9895dfd2008-04-01 16:13:14 +0000246 buf[size] = '\n';
247 tail = strchr(buf, '\n');
248 /* skip trailing whitespace */
249 while (1) {
250 *tail = '\0';
251 tail--;
252 if (tail < buf || !isspace(*tail))
253 break;
254 }
255 xsetenv(d->d_name, buf);
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000256 }
257 closedir(dir);
Denys Vlasenkoc4199f22016-04-01 22:12:44 +0200258 xfchdir(wdir);
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000259 close(wdir);
260}
261
262static void limit(int what, long l)
263{
264 struct rlimit r;
265
Denis Vlasenko4e6d5112008-03-12 22:14:34 +0000266 /* Never fails under Linux (except if you pass it bad arguments) */
267 getrlimit(what, &r);
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000268 if ((l < 0) || (l > r.rlim_max))
269 r.rlim_cur = r.rlim_max;
270 else
271 r.rlim_cur = l;
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000272 if (setrlimit(what, &r) == -1)
273 bb_perror_msg_and_die("setrlimit");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000274}
275
Denis Vlasenkob3571492008-07-30 21:23:26 +0000276int chpst_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
277int chpst_main(int argc UNUSED_PARAM, char **argv)
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000278{
Denis Vlasenkob3571492008-07-30 21:23:26 +0000279 struct bb_uidgid_t ugid;
Denis Vlasenkoec73d302008-08-05 17:43:29 +0000280 char *set_user = set_user; /* for compiler */
Denis Vlasenkoec73d302008-08-05 17:43:29 +0000281 char *env_dir = env_dir;
Denis Vlasenkob3571492008-07-30 21:23:26 +0000282 char *root;
283 char *nicestr;
284 unsigned limita;
285 unsigned limitc;
286 unsigned limitd;
287 unsigned limitf;
288 unsigned limitl;
289 unsigned limitm;
290 unsigned limito;
291 unsigned limitp;
292 unsigned limitr;
293 unsigned limits;
294 unsigned limitt;
295 unsigned opt;
296
297 if ((ENABLE_CHPST && applet_name[0] == 'c')
298 || (ENABLE_SOFTLIMIT && applet_name[1] == 'o')
299 ) {
300 // FIXME: can we live with int-sized limits?
301 // can we live with 40000 days?
302 // if yes -> getopt converts strings to numbers for us
Denys Vlasenko22542ec2017-08-08 21:55:02 +0200303 opt = getopt32(argv, "^+"
304 "a:+c:+d:+f:+l:+m:+o:+p:+r:+s:+t:+u:U:e:"
305 IF_CHPST("/:n:vP012")
306 "\0" "-1",
Denis Vlasenkob3571492008-07-30 21:23:26 +0000307 &limita, &limitc, &limitd, &limitf, &limitl,
308 &limitm, &limito, &limitp, &limitr, &limits, &limitt,
Denys Vlasenko1a7256a2013-11-29 16:39:28 +0100309 &set_user, &set_user, &env_dir
Denis Vlasenko5e34ff22009-04-21 11:09:40 +0000310 IF_CHPST(, &root, &nicestr));
Denis Vlasenkob3571492008-07-30 21:23:26 +0000311 argv += optind;
312 if (opt & OPT_m) { // -m means -asld
313 limita = limits = limitl = limitd = limitm;
314 opt |= (OPT_s | OPT_l | OPT_a | OPT_d);
315 }
316 } else {
317 option_mask32 = opt = 0;
318 argv++;
Denis Vlasenkob9c262b2008-08-20 22:19:27 +0000319 if (!*argv)
320 bb_show_usage();
Denis Vlasenkob3571492008-07-30 21:23:26 +0000321 }
322
323 // envdir?
324 if (ENABLE_ENVDIR && applet_name[3] == 'd') {
325 env_dir = *argv++;
326 opt |= OPT_e;
327 }
328
329 // setuidgid?
Denis Vlasenkob9c262b2008-08-20 22:19:27 +0000330 if (ENABLE_SETUIDGID && applet_name[1] == 'e') {
Denis Vlasenkob3571492008-07-30 21:23:26 +0000331 set_user = *argv++;
332 opt |= OPT_u;
333 }
334
335 // envuidgid?
Denis Vlasenko69ed3092008-08-15 21:03:17 +0000336 if (ENABLE_ENVUIDGID && applet_name[0] == 'e' && applet_name[3] == 'u') {
Denys Vlasenko1a7256a2013-11-29 16:39:28 +0100337 set_user = *argv++;
Denis Vlasenkob3571492008-07-30 21:23:26 +0000338 opt |= OPT_U;
339 }
340
341 // we must have PROG [ARGS]
342 if (!*argv)
343 bb_show_usage();
344
345 // set limits
346 if (opt & OPT_d) {
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000347#ifdef RLIMIT_DATA
348 limit(RLIMIT_DATA, limitd);
349#else
Denis Vlasenkob3571492008-07-30 21:23:26 +0000350 if (opt & OPT_v)
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000351 bb_error_msg("system does not support RLIMIT_%s",
352 "DATA");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000353#endif
354 }
Denis Vlasenkob3571492008-07-30 21:23:26 +0000355 if (opt & OPT_s) {
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000356#ifdef RLIMIT_STACK
357 limit(RLIMIT_STACK, limits);
358#else
Denis Vlasenkob3571492008-07-30 21:23:26 +0000359 if (opt & OPT_v)
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000360 bb_error_msg("system does not support RLIMIT_%s",
361 "STACK");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000362#endif
363 }
Denis Vlasenkob3571492008-07-30 21:23:26 +0000364 if (opt & OPT_l) {
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000365#ifdef RLIMIT_MEMLOCK
366 limit(RLIMIT_MEMLOCK, limitl);
367#else
Denis Vlasenkob3571492008-07-30 21:23:26 +0000368 if (opt & OPT_v)
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000369 bb_error_msg("system does not support RLIMIT_%s",
370 "MEMLOCK");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000371#endif
372 }
Denis Vlasenkob3571492008-07-30 21:23:26 +0000373 if (opt & OPT_a) {
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000374#ifdef RLIMIT_VMEM
375 limit(RLIMIT_VMEM, limita);
376#else
377#ifdef RLIMIT_AS
378 limit(RLIMIT_AS, limita);
379#else
Denis Vlasenkob3571492008-07-30 21:23:26 +0000380 if (opt & OPT_v)
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000381 bb_error_msg("system does not support RLIMIT_%s",
382 "VMEM");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000383#endif
384#endif
385 }
Denis Vlasenkob3571492008-07-30 21:23:26 +0000386 if (opt & OPT_o) {
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000387#ifdef RLIMIT_NOFILE
388 limit(RLIMIT_NOFILE, limito);
389#else
390#ifdef RLIMIT_OFILE
391 limit(RLIMIT_OFILE, limito);
392#else
Denis Vlasenkob3571492008-07-30 21:23:26 +0000393 if (opt & OPT_v)
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000394 bb_error_msg("system does not support RLIMIT_%s",
395 "NOFILE");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000396#endif
397#endif
398 }
Denis Vlasenkob3571492008-07-30 21:23:26 +0000399 if (opt & OPT_p) {
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000400#ifdef RLIMIT_NPROC
401 limit(RLIMIT_NPROC, limitp);
402#else
Denis Vlasenkob3571492008-07-30 21:23:26 +0000403 if (opt & OPT_v)
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000404 bb_error_msg("system does not support RLIMIT_%s",
405 "NPROC");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000406#endif
407 }
Denis Vlasenkob3571492008-07-30 21:23:26 +0000408 if (opt & OPT_f) {
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000409#ifdef RLIMIT_FSIZE
410 limit(RLIMIT_FSIZE, limitf);
411#else
Denis Vlasenkob3571492008-07-30 21:23:26 +0000412 if (opt & OPT_v)
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000413 bb_error_msg("system does not support RLIMIT_%s",
414 "FSIZE");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000415#endif
416 }
Denis Vlasenkob3571492008-07-30 21:23:26 +0000417 if (opt & OPT_c) {
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000418#ifdef RLIMIT_CORE
419 limit(RLIMIT_CORE, limitc);
420#else
Denis Vlasenkob3571492008-07-30 21:23:26 +0000421 if (opt & OPT_v)
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000422 bb_error_msg("system does not support RLIMIT_%s",
423 "CORE");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000424#endif
425 }
Denis Vlasenkob3571492008-07-30 21:23:26 +0000426 if (opt & OPT_r) {
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000427#ifdef RLIMIT_RSS
428 limit(RLIMIT_RSS, limitr);
429#else
Denis Vlasenkob3571492008-07-30 21:23:26 +0000430 if (opt & OPT_v)
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000431 bb_error_msg("system does not support RLIMIT_%s",
432 "RSS");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000433#endif
434 }
Denis Vlasenkob3571492008-07-30 21:23:26 +0000435 if (opt & OPT_t) {
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000436#ifdef RLIMIT_CPU
437 limit(RLIMIT_CPU, limitt);
438#else
Denis Vlasenkob3571492008-07-30 21:23:26 +0000439 if (opt & OPT_v)
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000440 bb_error_msg("system does not support RLIMIT_%s",
441 "CPU");
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000442#endif
443 }
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000444
Denis Vlasenkob3571492008-07-30 21:23:26 +0000445 if (opt & OPT_P)
446 setsid();
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000447
Denis Vlasenkob3571492008-07-30 21:23:26 +0000448 if (opt & OPT_e)
449 edir(env_dir);
Denis Vlasenko23e3e252007-10-05 21:23:49 +0000450
Denys Vlasenkoc74a79f2011-09-16 11:54:13 +0200451 if (opt & (OPT_u|OPT_U))
Denys Vlasenkod18ef6c2011-09-16 11:52:43 +0200452 xget_uidgid(&ugid, set_user);
Denys Vlasenkod18ef6c2011-09-16 11:52:43 +0200453
Denys Vlasenkoc74a79f2011-09-16 11:54:13 +0200454 // chrooted jail must have /etc/passwd if we move this after chroot.
455 // OTOH chroot fails for non-roots.
456 // Solution: cache uid/gid before chroot, apply uid/gid after.
Denis Vlasenkob3571492008-07-30 21:23:26 +0000457 if (opt & OPT_U) {
Denis Vlasenkob3571492008-07-30 21:23:26 +0000458 xsetenv("GID", utoa(ugid.gid));
459 xsetenv("UID", utoa(ugid.uid));
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000460 }
Denis Vlasenkof7996f32007-01-11 17:20:00 +0000461
Denis Vlasenkob3571492008-07-30 21:23:26 +0000462 if (opt & OPT_root) {
Denys Vlasenko0687a5b2012-03-08 00:28:24 +0100463 xchroot(root);
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000464 }
Denis Vlasenkob3571492008-07-30 21:23:26 +0000465
Denys Vlasenko01880422017-03-13 22:32:05 +0100466 /* nice should be done before xsetuid */
467 if (opt & OPT_n) {
468 errno = 0;
469 if (nice(xatoi(nicestr)) == -1)
470 bb_perror_msg_and_die("nice");
471 }
472
Denis Vlasenkob3571492008-07-30 21:23:26 +0000473 if (opt & OPT_u) {
474 if (setgroups(1, &ugid.gid) == -1)
475 bb_perror_msg_and_die("setgroups");
476 xsetgid(ugid.gid);
477 xsetuid(ugid.uid);
478 }
479
Denis Vlasenkob3571492008-07-30 21:23:26 +0000480 if (opt & OPT_0)
481 close(STDIN_FILENO);
482 if (opt & OPT_1)
483 close(STDOUT_FILENO);
484 if (opt & OPT_2)
485 close(STDERR_FILENO);
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000486
Pascal Bellard21e8e8d2010-07-04 00:57:03 +0200487 BB_EXECVP_or_die(argv);
Denis Vlasenkof0a97fb2006-10-03 17:52:24 +0000488}