1 | /*
|
---|
2 | Copyright (c) 2001-2006, Gerrit Pape
|
---|
3 | All rights reserved.
|
---|
4 |
|
---|
5 | Redistribution and use in source and binary forms, with or without
|
---|
6 | modification, are permitted provided that the following conditions are met:
|
---|
7 |
|
---|
8 | 1. Redistributions of source code must retain the above copyright notice,
|
---|
9 | this list of conditions and the following disclaimer.
|
---|
10 | 2. Redistributions in binary form must reproduce the above copyright
|
---|
11 | notice, this list of conditions and the following disclaimer in the
|
---|
12 | documentation and/or other materials provided with the distribution.
|
---|
13 | 3. The name of the author may not be used to endorse or promote products
|
---|
14 | derived from this software without specific prior written permission.
|
---|
15 |
|
---|
16 | THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
---|
17 | WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
---|
18 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
---|
19 | EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
---|
20 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
---|
21 | PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
---|
22 | OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
---|
23 | WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
---|
24 | OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
---|
25 | ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
---|
26 | */
|
---|
27 |
|
---|
28 | /* Busyboxed by Denys Vlasenko <vda.linux@googlemail.com> */
|
---|
29 |
|
---|
30 | //config:config CHPST
|
---|
31 | //config: bool "chpst"
|
---|
32 | //config: default y
|
---|
33 | //config: help
|
---|
34 | //config: chpst changes the process state according to the given options, and
|
---|
35 | //config: execs specified program.
|
---|
36 | //config:
|
---|
37 | //config:config SETUIDGID
|
---|
38 | //config: bool "setuidgid"
|
---|
39 | //config: default y
|
---|
40 | //config: help
|
---|
41 | //config: Sets soft resource limits as specified by options
|
---|
42 | //config:
|
---|
43 | //config:config ENVUIDGID
|
---|
44 | //config: bool "envuidgid"
|
---|
45 | //config: default y
|
---|
46 | //config: help
|
---|
47 | //config: Sets $UID to account's uid and $GID to account's gid
|
---|
48 | //config:
|
---|
49 | //config:config ENVDIR
|
---|
50 | //config: bool "envdir"
|
---|
51 | //config: default y
|
---|
52 | //config: help
|
---|
53 | //config: Sets various environment variables as specified by files
|
---|
54 | //config: in the given directory
|
---|
55 | //config:
|
---|
56 | //config:config SOFTLIMIT
|
---|
57 | //config: bool "softlimit"
|
---|
58 | //config: default y
|
---|
59 | //config: help
|
---|
60 | //config: Sets soft resource limits as specified by options
|
---|
61 |
|
---|
62 | //applet:IF_CHPST(APPLET(chpst, BB_DIR_USR_BIN, BB_SUID_DROP))
|
---|
63 | //applet:IF_ENVDIR(APPLET_ODDNAME(envdir, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, envdir))
|
---|
64 | //applet:IF_ENVUIDGID(APPLET_ODDNAME(envuidgid, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, envuidgid))
|
---|
65 | //applet:IF_SETUIDGID(APPLET_ODDNAME(setuidgid, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, setuidgid))
|
---|
66 | //applet:IF_SOFTLIMIT(APPLET_ODDNAME(softlimit, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, softlimit))
|
---|
67 |
|
---|
68 | //kbuild:lib-$(CONFIG_CHPST) += chpst.o
|
---|
69 | //kbuild:lib-$(CONFIG_ENVDIR) += chpst.o
|
---|
70 | //kbuild:lib-$(CONFIG_ENVUIDGID) += chpst.o
|
---|
71 | //kbuild:lib-$(CONFIG_SETUIDGID) += chpst.o
|
---|
72 | //kbuild:lib-$(CONFIG_SOFTLIMIT) += chpst.o
|
---|
73 |
|
---|
74 | //usage:#define chpst_trivial_usage
|
---|
75 | //usage: "[-vP012] [-u USER[:GRP]] [-U USER[:GRP]] [-e DIR]\n"
|
---|
76 | //usage: " [-/ DIR] [-n NICE] [-m BYTES] [-d BYTES] [-o N]\n"
|
---|
77 | //usage: " [-p N] [-f BYTES] [-c BYTES] PROG ARGS"
|
---|
78 | //usage:#define chpst_full_usage "\n\n"
|
---|
79 | //usage: "Change the process state, run PROG\n"
|
---|
80 | //usage: "\n -u USER[:GRP] Set uid and gid"
|
---|
81 | //usage: "\n -U USER[:GRP] Set $UID and $GID in environment"
|
---|
82 | //usage: "\n -e DIR Set environment variables as specified by files"
|
---|
83 | //usage: "\n in DIR: file=1st_line_of_file"
|
---|
84 | //usage: "\n -/ DIR Chroot to DIR"
|
---|
85 | //usage: "\n -n NICE Add NICE to nice value"
|
---|
86 | //usage: "\n -m BYTES Same as -d BYTES -s BYTES -l BYTES"
|
---|
87 | //usage: "\n -d BYTES Limit data segment"
|
---|
88 | //usage: "\n -o N Limit number of open files per process"
|
---|
89 | //usage: "\n -p N Limit number of processes per uid"
|
---|
90 | //usage: "\n -f BYTES Limit output file sizes"
|
---|
91 | //usage: "\n -c BYTES Limit core file size"
|
---|
92 | //usage: "\n -v Verbose"
|
---|
93 | //usage: "\n -P Create new process group"
|
---|
94 | //usage: "\n -0 Close stdin"
|
---|
95 | //usage: "\n -1 Close stdout"
|
---|
96 | //usage: "\n -2 Close stderr"
|
---|
97 | //usage:
|
---|
98 | //usage:#define envdir_trivial_usage
|
---|
99 | //usage: "DIR PROG ARGS"
|
---|
100 | //usage:#define envdir_full_usage "\n\n"
|
---|
101 | //usage: "Set various environment variables as specified by files\n"
|
---|
102 | //usage: "in the directory DIR, run PROG"
|
---|
103 | //usage:
|
---|
104 | //usage:#define envuidgid_trivial_usage
|
---|
105 | //usage: "USER PROG ARGS"
|
---|
106 | //usage:#define envuidgid_full_usage "\n\n"
|
---|
107 | //usage: "Set $UID to USER's uid and $GID to USER's gid, run PROG"
|
---|
108 | //usage:
|
---|
109 | //usage:#define setuidgid_trivial_usage
|
---|
110 | //usage: "USER PROG ARGS"
|
---|
111 | //usage:#define setuidgid_full_usage "\n\n"
|
---|
112 | //usage: "Set uid and gid to USER's uid and gid, drop supplementary group ids,\n"
|
---|
113 | //usage: "run PROG"
|
---|
114 | //usage:
|
---|
115 | //usage:#define softlimit_trivial_usage
|
---|
116 | //usage: "[-a BYTES] [-m BYTES] [-d BYTES] [-s BYTES] [-l BYTES]\n"
|
---|
117 | //usage: " [-f BYTES] [-c BYTES] [-r BYTES] [-o N] [-p N] [-t N]\n"
|
---|
118 | //usage: " PROG ARGS"
|
---|
119 | //usage:#define softlimit_full_usage "\n\n"
|
---|
120 | //usage: "Set soft resource limits, then run PROG\n"
|
---|
121 | //usage: "\n -a BYTES Limit total size of all segments"
|
---|
122 | //usage: "\n -m BYTES Same as -d BYTES -s BYTES -l BYTES -a BYTES"
|
---|
123 | //usage: "\n -d BYTES Limit data segment"
|
---|
124 | //usage: "\n -s BYTES Limit stack segment"
|
---|
125 | //usage: "\n -l BYTES Limit locked memory size"
|
---|
126 | //usage: "\n -o N Limit number of open files per process"
|
---|
127 | //usage: "\n -p N Limit number of processes per uid"
|
---|
128 | //usage: "\nOptions controlling file sizes:"
|
---|
129 | //usage: "\n -f BYTES Limit output file sizes"
|
---|
130 | //usage: "\n -c BYTES Limit core file size"
|
---|
131 | //usage: "\nEfficiency opts:"
|
---|
132 | //usage: "\n -r BYTES Limit resident set size"
|
---|
133 | //usage: "\n -t N Limit CPU time, process receives"
|
---|
134 | //usage: "\n a SIGXCPU after N seconds"
|
---|
135 |
|
---|
136 | #include "libbb.h"
|
---|
137 | #include <sys/resource.h> /* getrlimit */
|
---|
138 |
|
---|
139 | /*
|
---|
140 | Five applets here: chpst, envdir, envuidgid, setuidgid, softlimit.
|
---|
141 |
|
---|
142 | Only softlimit and chpst are taking options:
|
---|
143 |
|
---|
144 | # common
|
---|
145 | -o N Limit number of open files per process
|
---|
146 | -p N Limit number of processes per uid
|
---|
147 | -m BYTES Same as -d BYTES -s BYTES -l BYTES [-a BYTES]
|
---|
148 | -d BYTES Limit data segment
|
---|
149 | -f BYTES Limit output file sizes
|
---|
150 | -c BYTES Limit core file size
|
---|
151 | # softlimit
|
---|
152 | -a BYTES Limit total size of all segments
|
---|
153 | -s BYTES Limit stack segment
|
---|
154 | -l BYTES Limit locked memory size
|
---|
155 | -r BYTES Limit resident set size
|
---|
156 | -t N Limit CPU time
|
---|
157 | # chpst
|
---|
158 | -u USER[:GRP] Set uid and gid
|
---|
159 | -U USER[:GRP] Set $UID and $GID in environment
|
---|
160 | -e DIR Set environment variables as specified by files in DIR
|
---|
161 | -/ DIR Chroot to DIR
|
---|
162 | -n NICE Add NICE to nice value
|
---|
163 | -v Verbose
|
---|
164 | -P Create new process group
|
---|
165 | -0 -1 -2 Close fd 0,1,2
|
---|
166 |
|
---|
167 | Even though we accept all these options for both softlimit and chpst,
|
---|
168 | they are not to be advertised on their help texts.
|
---|
169 | We have enough problems with feature creep in other people's
|
---|
170 | software, don't want to add our own.
|
---|
171 |
|
---|
172 | envdir, envuidgid, setuidgid take no options, but they reuse code which
|
---|
173 | handles -e, -U and -u.
|
---|
174 | */
|
---|
175 |
|
---|
176 | enum {
|
---|
177 | OPT_a = (1 << 0) * ENABLE_SOFTLIMIT,
|
---|
178 | OPT_c = (1 << 1) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
|
---|
179 | OPT_d = (1 << 2) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
|
---|
180 | OPT_f = (1 << 3) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
|
---|
181 | OPT_l = (1 << 4) * ENABLE_SOFTLIMIT,
|
---|
182 | OPT_m = (1 << 5) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
|
---|
183 | OPT_o = (1 << 6) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
|
---|
184 | OPT_p = (1 << 7) * (ENABLE_SOFTLIMIT || ENABLE_CHPST),
|
---|
185 | OPT_r = (1 << 8) * ENABLE_SOFTLIMIT,
|
---|
186 | OPT_s = (1 << 9) * ENABLE_SOFTLIMIT,
|
---|
187 | OPT_t = (1 << 10) * ENABLE_SOFTLIMIT,
|
---|
188 | OPT_u = (1 << 11) * (ENABLE_CHPST || ENABLE_SETUIDGID),
|
---|
189 | OPT_U = (1 << 12) * (ENABLE_CHPST || ENABLE_ENVUIDGID),
|
---|
190 | OPT_e = (1 << 13) * (ENABLE_CHPST || ENABLE_ENVDIR),
|
---|
191 | OPT_root = (1 << 14) * ENABLE_CHPST,
|
---|
192 | OPT_n = (1 << 15) * ENABLE_CHPST,
|
---|
193 | OPT_v = (1 << 16) * ENABLE_CHPST,
|
---|
194 | OPT_P = (1 << 17) * ENABLE_CHPST,
|
---|
195 | OPT_0 = (1 << 18) * ENABLE_CHPST,
|
---|
196 | OPT_1 = (1 << 19) * ENABLE_CHPST,
|
---|
197 | OPT_2 = (1 << 20) * ENABLE_CHPST,
|
---|
198 | };
|
---|
199 |
|
---|
200 | /* TODO: use recursive_action? */
|
---|
201 | static NOINLINE void edir(const char *directory_name)
|
---|
202 | {
|
---|
203 | int wdir;
|
---|
204 | DIR *dir;
|
---|
205 | struct dirent *d;
|
---|
206 | int fd;
|
---|
207 |
|
---|
208 | wdir = xopen(".", O_RDONLY | O_NDELAY);
|
---|
209 | xchdir(directory_name);
|
---|
210 | dir = xopendir(".");
|
---|
211 | for (;;) {
|
---|
212 | char buf[256];
|
---|
213 | char *tail;
|
---|
214 | int size;
|
---|
215 |
|
---|
216 | errno = 0;
|
---|
217 | d = readdir(dir);
|
---|
218 | if (!d) {
|
---|
219 | if (errno)
|
---|
220 | bb_perror_msg_and_die("readdir %s",
|
---|
221 | directory_name);
|
---|
222 | break;
|
---|
223 | }
|
---|
224 | if (d->d_name[0] == '.')
|
---|
225 | continue;
|
---|
226 | fd = open(d->d_name, O_RDONLY | O_NDELAY);
|
---|
227 | if (fd < 0) {
|
---|
228 | if ((errno == EISDIR) && directory_name) {
|
---|
229 | if (option_mask32 & OPT_v)
|
---|
230 | bb_perror_msg("warning: %s/%s is a directory",
|
---|
231 | directory_name, d->d_name);
|
---|
232 | continue;
|
---|
233 | }
|
---|
234 | bb_perror_msg_and_die("open %s/%s",
|
---|
235 | directory_name, d->d_name);
|
---|
236 | }
|
---|
237 | size = full_read(fd, buf, sizeof(buf)-1);
|
---|
238 | close(fd);
|
---|
239 | if (size < 0)
|
---|
240 | bb_perror_msg_and_die("read %s/%s",
|
---|
241 | directory_name, d->d_name);
|
---|
242 | if (size == 0) {
|
---|
243 | unsetenv(d->d_name);
|
---|
244 | continue;
|
---|
245 | }
|
---|
246 | buf[size] = '\n';
|
---|
247 | tail = strchr(buf, '\n');
|
---|
248 | /* skip trailing whitespace */
|
---|
249 | while (1) {
|
---|
250 | *tail = '\0';
|
---|
251 | tail--;
|
---|
252 | if (tail < buf || !isspace(*tail))
|
---|
253 | break;
|
---|
254 | }
|
---|
255 | xsetenv(d->d_name, buf);
|
---|
256 | }
|
---|
257 | closedir(dir);
|
---|
258 | xfchdir(wdir);
|
---|
259 | close(wdir);
|
---|
260 | }
|
---|
261 |
|
---|
262 | static void limit(int what, long l)
|
---|
263 | {
|
---|
264 | struct rlimit r;
|
---|
265 |
|
---|
266 | /* Never fails under Linux (except if you pass it bad arguments) */
|
---|
267 | getrlimit(what, &r);
|
---|
268 | if ((l < 0) || (l > r.rlim_max))
|
---|
269 | r.rlim_cur = r.rlim_max;
|
---|
270 | else
|
---|
271 | r.rlim_cur = l;
|
---|
272 | if (setrlimit(what, &r) == -1)
|
---|
273 | bb_perror_msg_and_die("setrlimit");
|
---|
274 | }
|
---|
275 |
|
---|
276 | int chpst_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
|
---|
277 | int chpst_main(int argc UNUSED_PARAM, char **argv)
|
---|
278 | {
|
---|
279 | struct bb_uidgid_t ugid;
|
---|
280 | char *set_user = set_user; /* for compiler */
|
---|
281 | char *env_dir = env_dir;
|
---|
282 | char *root;
|
---|
283 | char *nicestr;
|
---|
284 | unsigned limita;
|
---|
285 | unsigned limitc;
|
---|
286 | unsigned limitd;
|
---|
287 | unsigned limitf;
|
---|
288 | unsigned limitl;
|
---|
289 | unsigned limitm;
|
---|
290 | unsigned limito;
|
---|
291 | unsigned limitp;
|
---|
292 | unsigned limitr;
|
---|
293 | unsigned limits;
|
---|
294 | unsigned limitt;
|
---|
295 | unsigned opt;
|
---|
296 |
|
---|
297 | if ((ENABLE_CHPST && applet_name[0] == 'c')
|
---|
298 | || (ENABLE_SOFTLIMIT && applet_name[1] == 'o')
|
---|
299 | ) {
|
---|
300 | // FIXME: can we live with int-sized limits?
|
---|
301 | // can we live with 40000 days?
|
---|
302 | // if yes -> getopt converts strings to numbers for us
|
---|
303 | opt_complementary = "-1:a+:c+:d+:f+:l+:m+:o+:p+:r+:s+:t+";
|
---|
304 | opt = getopt32(argv, "+a:c:d:f:l:m:o:p:r:s:t:u:U:e:"
|
---|
305 | IF_CHPST("/:n:vP012"),
|
---|
306 | &limita, &limitc, &limitd, &limitf, &limitl,
|
---|
307 | &limitm, &limito, &limitp, &limitr, &limits, &limitt,
|
---|
308 | &set_user, &set_user, &env_dir
|
---|
309 | IF_CHPST(, &root, &nicestr));
|
---|
310 | argv += optind;
|
---|
311 | if (opt & OPT_m) { // -m means -asld
|
---|
312 | limita = limits = limitl = limitd = limitm;
|
---|
313 | opt |= (OPT_s | OPT_l | OPT_a | OPT_d);
|
---|
314 | }
|
---|
315 | } else {
|
---|
316 | option_mask32 = opt = 0;
|
---|
317 | argv++;
|
---|
318 | if (!*argv)
|
---|
319 | bb_show_usage();
|
---|
320 | }
|
---|
321 |
|
---|
322 | // envdir?
|
---|
323 | if (ENABLE_ENVDIR && applet_name[3] == 'd') {
|
---|
324 | env_dir = *argv++;
|
---|
325 | opt |= OPT_e;
|
---|
326 | }
|
---|
327 |
|
---|
328 | // setuidgid?
|
---|
329 | if (ENABLE_SETUIDGID && applet_name[1] == 'e') {
|
---|
330 | set_user = *argv++;
|
---|
331 | opt |= OPT_u;
|
---|
332 | }
|
---|
333 |
|
---|
334 | // envuidgid?
|
---|
335 | if (ENABLE_ENVUIDGID && applet_name[0] == 'e' && applet_name[3] == 'u') {
|
---|
336 | set_user = *argv++;
|
---|
337 | opt |= OPT_U;
|
---|
338 | }
|
---|
339 |
|
---|
340 | // we must have PROG [ARGS]
|
---|
341 | if (!*argv)
|
---|
342 | bb_show_usage();
|
---|
343 |
|
---|
344 | // set limits
|
---|
345 | if (opt & OPT_d) {
|
---|
346 | #ifdef RLIMIT_DATA
|
---|
347 | limit(RLIMIT_DATA, limitd);
|
---|
348 | #else
|
---|
349 | if (opt & OPT_v)
|
---|
350 | bb_error_msg("system does not support RLIMIT_%s",
|
---|
351 | "DATA");
|
---|
352 | #endif
|
---|
353 | }
|
---|
354 | if (opt & OPT_s) {
|
---|
355 | #ifdef RLIMIT_STACK
|
---|
356 | limit(RLIMIT_STACK, limits);
|
---|
357 | #else
|
---|
358 | if (opt & OPT_v)
|
---|
359 | bb_error_msg("system does not support RLIMIT_%s",
|
---|
360 | "STACK");
|
---|
361 | #endif
|
---|
362 | }
|
---|
363 | if (opt & OPT_l) {
|
---|
364 | #ifdef RLIMIT_MEMLOCK
|
---|
365 | limit(RLIMIT_MEMLOCK, limitl);
|
---|
366 | #else
|
---|
367 | if (opt & OPT_v)
|
---|
368 | bb_error_msg("system does not support RLIMIT_%s",
|
---|
369 | "MEMLOCK");
|
---|
370 | #endif
|
---|
371 | }
|
---|
372 | if (opt & OPT_a) {
|
---|
373 | #ifdef RLIMIT_VMEM
|
---|
374 | limit(RLIMIT_VMEM, limita);
|
---|
375 | #else
|
---|
376 | #ifdef RLIMIT_AS
|
---|
377 | limit(RLIMIT_AS, limita);
|
---|
378 | #else
|
---|
379 | if (opt & OPT_v)
|
---|
380 | bb_error_msg("system does not support RLIMIT_%s",
|
---|
381 | "VMEM");
|
---|
382 | #endif
|
---|
383 | #endif
|
---|
384 | }
|
---|
385 | if (opt & OPT_o) {
|
---|
386 | #ifdef RLIMIT_NOFILE
|
---|
387 | limit(RLIMIT_NOFILE, limito);
|
---|
388 | #else
|
---|
389 | #ifdef RLIMIT_OFILE
|
---|
390 | limit(RLIMIT_OFILE, limito);
|
---|
391 | #else
|
---|
392 | if (opt & OPT_v)
|
---|
393 | bb_error_msg("system does not support RLIMIT_%s",
|
---|
394 | "NOFILE");
|
---|
395 | #endif
|
---|
396 | #endif
|
---|
397 | }
|
---|
398 | if (opt & OPT_p) {
|
---|
399 | #ifdef RLIMIT_NPROC
|
---|
400 | limit(RLIMIT_NPROC, limitp);
|
---|
401 | #else
|
---|
402 | if (opt & OPT_v)
|
---|
403 | bb_error_msg("system does not support RLIMIT_%s",
|
---|
404 | "NPROC");
|
---|
405 | #endif
|
---|
406 | }
|
---|
407 | if (opt & OPT_f) {
|
---|
408 | #ifdef RLIMIT_FSIZE
|
---|
409 | limit(RLIMIT_FSIZE, limitf);
|
---|
410 | #else
|
---|
411 | if (opt & OPT_v)
|
---|
412 | bb_error_msg("system does not support RLIMIT_%s",
|
---|
413 | "FSIZE");
|
---|
414 | #endif
|
---|
415 | }
|
---|
416 | if (opt & OPT_c) {
|
---|
417 | #ifdef RLIMIT_CORE
|
---|
418 | limit(RLIMIT_CORE, limitc);
|
---|
419 | #else
|
---|
420 | if (opt & OPT_v)
|
---|
421 | bb_error_msg("system does not support RLIMIT_%s",
|
---|
422 | "CORE");
|
---|
423 | #endif
|
---|
424 | }
|
---|
425 | if (opt & OPT_r) {
|
---|
426 | #ifdef RLIMIT_RSS
|
---|
427 | limit(RLIMIT_RSS, limitr);
|
---|
428 | #else
|
---|
429 | if (opt & OPT_v)
|
---|
430 | bb_error_msg("system does not support RLIMIT_%s",
|
---|
431 | "RSS");
|
---|
432 | #endif
|
---|
433 | }
|
---|
434 | if (opt & OPT_t) {
|
---|
435 | #ifdef RLIMIT_CPU
|
---|
436 | limit(RLIMIT_CPU, limitt);
|
---|
437 | #else
|
---|
438 | if (opt & OPT_v)
|
---|
439 | bb_error_msg("system does not support RLIMIT_%s",
|
---|
440 | "CPU");
|
---|
441 | #endif
|
---|
442 | }
|
---|
443 |
|
---|
444 | if (opt & OPT_P)
|
---|
445 | setsid();
|
---|
446 |
|
---|
447 | if (opt & OPT_e)
|
---|
448 | edir(env_dir);
|
---|
449 |
|
---|
450 | if (opt & (OPT_u|OPT_U))
|
---|
451 | xget_uidgid(&ugid, set_user);
|
---|
452 |
|
---|
453 | // chrooted jail must have /etc/passwd if we move this after chroot.
|
---|
454 | // OTOH chroot fails for non-roots.
|
---|
455 | // Solution: cache uid/gid before chroot, apply uid/gid after.
|
---|
456 | if (opt & OPT_U) {
|
---|
457 | xsetenv("GID", utoa(ugid.gid));
|
---|
458 | xsetenv("UID", utoa(ugid.uid));
|
---|
459 | }
|
---|
460 |
|
---|
461 | if (opt & OPT_root) {
|
---|
462 | xchroot(root);
|
---|
463 | }
|
---|
464 |
|
---|
465 | if (opt & OPT_u) {
|
---|
466 | if (setgroups(1, &ugid.gid) == -1)
|
---|
467 | bb_perror_msg_and_die("setgroups");
|
---|
468 | xsetgid(ugid.gid);
|
---|
469 | xsetuid(ugid.uid);
|
---|
470 | }
|
---|
471 |
|
---|
472 | if (opt & OPT_n) {
|
---|
473 | errno = 0;
|
---|
474 | if (nice(xatoi(nicestr)) == -1)
|
---|
475 | bb_perror_msg_and_die("nice");
|
---|
476 | }
|
---|
477 |
|
---|
478 | if (opt & OPT_0)
|
---|
479 | close(STDIN_FILENO);
|
---|
480 | if (opt & OPT_1)
|
---|
481 | close(STDOUT_FILENO);
|
---|
482 | if (opt & OPT_2)
|
---|
483 | close(STDERR_FILENO);
|
---|
484 |
|
---|
485 | BB_EXECVP_or_die(argv);
|
---|
486 | }
|
---|