2 Copyright (c) 2001-2006, Gerrit Pape
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions are met:
8 1. Redistributions of source code must retain the above copyright notice,
9 this list of conditions and the following disclaimer.
10 2. Redistributions in binary form must reproduce the above copyright
11 notice, this list of conditions and the following disclaimer in the
12 documentation and/or other materials provided with the distribution.
13 3. The name of the author may not be used to endorse or promote products
14 derived from this software without specific prior written permission.
16 THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17 WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19 EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22 OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23 WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24 OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25 ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 /* Busyboxed by Denys Vlasenko <vda.linux@googlemail.com> */
29 /* Dependencies on runit_lib.c removed */
31 //usage:#define chpst_trivial_usage
32 //usage: "[-vP012] [-u USER[:GRP]] [-U USER[:GRP]] [-e DIR]\n"
33 //usage: " [-/ DIR] [-n NICE] [-m BYTES] [-d BYTES] [-o N]\n"
34 //usage: " [-p N] [-f BYTES] [-c BYTES] PROG ARGS"
35 //usage:#define chpst_full_usage "\n\n"
36 //usage: "Change the process state, run PROG\n"
38 //usage: "\n -u USER[:GRP] Set uid and gid"
39 //usage: "\n -U USER[:GRP] Set $UID and $GID in environment"
40 //usage: "\n -e DIR Set environment variables as specified by files"
41 //usage: "\n in DIR: file=1st_line_of_file"
42 //usage: "\n -/ DIR Chroot to DIR"
43 //usage: "\n -n NICE Add NICE to nice value"
44 //usage: "\n -m BYTES Same as -d BYTES -s BYTES -l BYTES"
45 //usage: "\n -d BYTES Limit data segment"
46 //usage: "\n -o N Limit number of open files per process"
47 //usage: "\n -p N Limit number of processes per uid"
48 //usage: "\n -f BYTES Limit output file sizes"
49 //usage: "\n -c BYTES Limit core file size"
50 //usage: "\n -v Verbose"
51 //usage: "\n -P Create new process group"
52 //usage: "\n -0 Close stdin"
53 //usage: "\n -1 Close stdout"
54 //usage: "\n -2 Close stderr"
56 //usage:#define envdir_trivial_usage
57 //usage: "DIR PROG ARGS"
58 //usage:#define envdir_full_usage "\n\n"
59 //usage: "Set various environment variables as specified by files\n"
60 //usage: "in the directory DIR, run PROG"
62 //usage:#define envuidgid_trivial_usage
63 //usage: "USER PROG ARGS"
64 //usage:#define envuidgid_full_usage "\n\n"
65 //usage: "Set $UID to USER's uid and $GID to USER's gid, run PROG"
67 //usage:#define setuidgid_trivial_usage
68 //usage: "USER PROG ARGS"
69 //usage:#define setuidgid_full_usage "\n\n"
70 //usage: "Set uid and gid to USER's uid and gid, drop supplementary group ids,\n"
73 //usage:#define softlimit_trivial_usage
74 //usage: "[-a BYTES] [-m BYTES] [-d BYTES] [-s BYTES] [-l BYTES]\n"
75 //usage: " [-f BYTES] [-c BYTES] [-r BYTES] [-o N] [-p N] [-t N]\n"
77 //usage:#define softlimit_full_usage "\n\n"
78 //usage: "Set soft resource limits, then run PROG\n"
80 //usage: "\n -a BYTES Limit total size of all segments"
81 //usage: "\n -m BYTES Same as -d BYTES -s BYTES -l BYTES -a BYTES"
82 //usage: "\n -d BYTES Limit data segment"
83 //usage: "\n -s BYTES Limit stack segment"
84 //usage: "\n -l BYTES Limit locked memory size"
85 //usage: "\n -o N Limit number of open files per process"
86 //usage: "\n -p N Limit number of processes per uid"
87 //usage: "\nOptions controlling file sizes:"
88 //usage: "\n -f BYTES Limit output file sizes"
89 //usage: "\n -c BYTES Limit core file size"
90 //usage: "\nEfficiency opts:"
91 //usage: "\n -r BYTES Limit resident set size"
92 //usage: "\n -t N Limit CPU time, process receives"
93 //usage: "\n a SIGXCPU after N seconds"
98 Five applets here: chpst, envdir, envuidgid, setuidgid, softlimit.
100 Only softlimit and chpst are taking options:
103 -o N Limit number of open files per process
104 -p N Limit number of processes per uid
105 -m BYTES Same as -d BYTES -s BYTES -l BYTES [-a BYTES]
106 -d BYTES Limit data segment
107 -f BYTES Limit output file sizes
108 -c BYTES Limit core file size
110 -a BYTES Limit total size of all segments
111 -s BYTES Limit stack segment
112 -l BYTES Limit locked memory size
113 -r BYTES Limit resident set size
116 -u USER[:GRP] Set uid and gid
117 -U USER[:GRP] Set $UID and $GID in environment
118 -e DIR Set environment variables as specified by files in DIR
120 -n NICE Add NICE to nice value
122 -P Create new process group
123 -0 -1 -2 Close fd 0,1,2
125 Even though we accept all these options for both softlimit and chpst,
126 they are not to be advertised on their help texts.
127 We have enough problems with feature creep in other people's
128 software, don't want to add our own.
130 envdir, envuidgid, setuidgid take no options, but they reuse code which
131 handles -e, -U and -u.
135 OPT_a = (1 << 0) * ENABLE_SOFTLIMIT,
136 OPT_c = (1 << 1) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
137 OPT_d = (1 << 2) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
138 OPT_f = (1 << 3) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
139 OPT_l = (1 << 4) * ENABLE_SOFTLIMIT,
140 OPT_m = (1 << 5) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
141 OPT_o = (1 << 6) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
142 OPT_p = (1 << 7) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
143 OPT_r = (1 << 8) * ENABLE_SOFTLIMIT,
144 OPT_s = (1 << 9) * ENABLE_SOFTLIMIT,
145 OPT_t = (1 << 10) * ENABLE_SOFTLIMIT,
146 OPT_u = (1 << 11) * (ENABLE_CHPST || ENABLE_SETUIDGID),
147 OPT_U = (1 << 12) * (ENABLE_CHPST || ENABLE_ENVUIDGID),
148 OPT_e = (1 << 13) * (ENABLE_CHPST || ENABLE_ENVDIR),
149 OPT_root = (1 << 14) * ENABLE_CHPST,
150 OPT_n = (1 << 15) * ENABLE_CHPST,
151 OPT_v = (1 << 16) * ENABLE_CHPST,
152 OPT_P = (1 << 17) * ENABLE_CHPST,
153 OPT_0 = (1 << 18) * ENABLE_CHPST,
154 OPT_1 = (1 << 19) * ENABLE_CHPST,
155 OPT_2 = (1 << 20) * ENABLE_CHPST,
158 /* TODO: use recursive_action? */
159 static NOINLINE void edir(const char *directory_name)
166 wdir = xopen(".", O_RDONLY | O_NDELAY);
167 xchdir(directory_name);
178 bb_perror_msg_and_die("readdir %s",
182 if (d->d_name[0] == '.')
184 fd = open(d->d_name, O_RDONLY | O_NDELAY);
186 if ((errno == EISDIR) && directory_name) {
187 if (option_mask32 & OPT_v)
188 bb_perror_msg("warning: %s/%s is a directory",
189 directory_name, d->d_name);
192 bb_perror_msg_and_die("open %s/%s",
193 directory_name, d->d_name);
195 size = full_read(fd, buf, sizeof(buf)-1);
198 bb_perror_msg_and_die("read %s/%s",
199 directory_name, d->d_name);
205 tail = strchr(buf, '\n');
206 /* skip trailing whitespace */
210 if (tail < buf || !isspace(*tail))
213 xsetenv(d->d_name, buf);
216 if (fchdir(wdir) == -1)
217 bb_perror_msg_and_die("fchdir");
221 static void limit(int what, long l)
225 /* Never fails under Linux (except if you pass it bad arguments) */
227 if ((l < 0) || (l > r.rlim_max))
228 r.rlim_cur = r.rlim_max;
231 if (setrlimit(what, &r) == -1)
232 bb_perror_msg_and_die("setrlimit");
235 int chpst_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
236 int chpst_main(int argc UNUSED_PARAM, char **argv)
238 struct bb_uidgid_t ugid;
239 char *set_user = set_user; /* for compiler */
240 char *env_user = env_user;
241 char *env_dir = env_dir;
257 if ((ENABLE_CHPST && applet_name[0] == 'c')
258 || (ENABLE_SOFTLIMIT && applet_name[1] == 'o')
260 // FIXME: can we live with int-sized limits?
261 // can we live with 40000 days?
262 // if yes -> getopt converts strings to numbers for us
263 opt_complementary = "-1:a+:c+:d+:f+:l+:m+:o+:p+:r+:s+:t+";
264 opt = getopt32(argv, "+a:c:d:f:l:m:o:p:r:s:t:u:U:e:"
265 IF_CHPST("/:n:vP012"),
266 &limita, &limitc, &limitd, &limitf, &limitl,
267 &limitm, &limito, &limitp, &limitr, &limits, &limitt,
268 &set_user, &env_user, &env_dir
269 IF_CHPST(, &root, &nicestr));
271 if (opt & OPT_m) { // -m means -asld
272 limita = limits = limitl = limitd = limitm;
273 opt |= (OPT_s | OPT_l | OPT_a | OPT_d);
276 option_mask32 = opt = 0;
283 if (ENABLE_ENVDIR && applet_name[3] == 'd') {
289 if (ENABLE_SETUIDGID && applet_name[1] == 'e') {
295 if (ENABLE_ENVUIDGID && applet_name[0] == 'e' && applet_name[3] == 'u') {
300 // we must have PROG [ARGS]
307 limit(RLIMIT_DATA, limitd);
310 bb_error_msg("system does not support RLIMIT_%s",
316 limit(RLIMIT_STACK, limits);
319 bb_error_msg("system does not support RLIMIT_%s",
324 #ifdef RLIMIT_MEMLOCK
325 limit(RLIMIT_MEMLOCK, limitl);
328 bb_error_msg("system does not support RLIMIT_%s",
334 limit(RLIMIT_VMEM, limita);
337 limit(RLIMIT_AS, limita);
340 bb_error_msg("system does not support RLIMIT_%s",
347 limit(RLIMIT_NOFILE, limito);
350 limit(RLIMIT_OFILE, limito);
353 bb_error_msg("system does not support RLIMIT_%s",
360 limit(RLIMIT_NPROC, limitp);
363 bb_error_msg("system does not support RLIMIT_%s",
369 limit(RLIMIT_FSIZE, limitf);
372 bb_error_msg("system does not support RLIMIT_%s",
378 limit(RLIMIT_CORE, limitc);
381 bb_error_msg("system does not support RLIMIT_%s",
387 limit(RLIMIT_RSS, limitr);
390 bb_error_msg("system does not support RLIMIT_%s",
396 limit(RLIMIT_CPU, limitt);
399 bb_error_msg("system does not support RLIMIT_%s",
410 // FIXME: chrooted jail must have /etc/passwd if we move this after chroot!
411 // OTOH chroot fails for non-roots!
412 // SOLUTION: cache uid/gid before chroot, apply uid/gid after
414 xget_uidgid(&ugid, env_user);
415 xsetenv("GID", utoa(ugid.gid));
416 xsetenv("UID", utoa(ugid.uid));
420 xget_uidgid(&ugid, set_user);
423 if (opt & OPT_root) {
429 if (setgroups(1, &ugid.gid) == -1)
430 bb_perror_msg_and_die("setgroups");
437 if (nice(xatoi(nicestr)) == -1)
438 bb_perror_msg_and_die("nice");
444 close(STDOUT_FILENO);
446 close(STDERR_FILENO);
448 BB_EXECVP_or_die(argv);