mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Extract GetRlimitName into util
PiperOrigin-RevId: 248682931 Change-Id: I702533a8d36465de956a1a90a40c634434b7a671
This commit is contained in:
parent
6e1c3c3055
commit
8678af23d0
|
@ -480,41 +480,22 @@ bool Monitor::InitSendCwd() {
|
||||||
|
|
||||||
bool Monitor::InitApplyLimit(pid_t pid, __rlimit_resource resource,
|
bool Monitor::InitApplyLimit(pid_t pid, __rlimit_resource resource,
|
||||||
const rlimit64& rlim) const {
|
const rlimit64& rlim) const {
|
||||||
std::string rlim_name = absl::StrCat("UNKNOWN: ", resource);
|
|
||||||
switch (resource) {
|
|
||||||
case RLIMIT_AS:
|
|
||||||
rlim_name = "RLIMIT_AS";
|
|
||||||
break;
|
|
||||||
case RLIMIT_FSIZE:
|
|
||||||
rlim_name = "RLIMIT_FSIZE";
|
|
||||||
break;
|
|
||||||
case RLIMIT_NOFILE:
|
|
||||||
rlim_name = "RLIMIT_NOFILE";
|
|
||||||
break;
|
|
||||||
case RLIMIT_CPU:
|
|
||||||
rlim_name = "RLIMIT_CPU";
|
|
||||||
break;
|
|
||||||
case RLIMIT_CORE:
|
|
||||||
rlim_name = "RLIMIT_CORE";
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
rlimit64 curr_limit;
|
rlimit64 curr_limit;
|
||||||
if (prlimit64(pid, resource, nullptr, &curr_limit) == -1) {
|
if (prlimit64(pid, resource, nullptr, &curr_limit) == -1) {
|
||||||
PLOG(ERROR) << "prlimit64(" << pid << ", " << rlim_name << ")";
|
PLOG(ERROR) << "prlimit64(" << pid << ", " << util::GetRlimitName(resource)
|
||||||
|
<< ")";
|
||||||
} else if (rlim.rlim_cur > curr_limit.rlim_max) {
|
} else if (rlim.rlim_cur > curr_limit.rlim_max) {
|
||||||
// In such case, don't update the limits, as it will fail. Just stick to the
|
// In such case, don't update the limits, as it will fail. Just stick to the
|
||||||
// current ones (which are already lower than intended).
|
// current ones (which are already lower than intended).
|
||||||
LOG(ERROR) << rlim_name << ": new.current > current.max (" << rlim.rlim_cur
|
LOG(ERROR) << util::GetRlimitName(resource)
|
||||||
<< " > " << curr_limit.rlim_max << "), skipping";
|
<< ": new.current > current.max (" << rlim.rlim_cur << " > "
|
||||||
|
<< curr_limit.rlim_max << "), skipping";
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (prlimit64(pid, resource, &rlim, nullptr) == -1) {
|
if (prlimit64(pid, resource, &rlim, nullptr) == -1) {
|
||||||
PLOG(ERROR) << "prlimit64(" << pid << ", " << rlim_name << ", "
|
PLOG(ERROR) << "prlimit64(" << pid << ", " << util::GetRlimitName(resource)
|
||||||
<< rlim.rlim_cur << ")";
|
<< ", " << rlim.rlim_cur << ")";
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
#include <bits/local_lim.h>
|
#include <bits/local_lim.h>
|
||||||
#include <sched.h>
|
#include <sched.h>
|
||||||
#include <spawn.h>
|
#include <spawn.h>
|
||||||
|
#include <sys/resource.h>
|
||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
#include <sys/uio.h>
|
#include <sys/uio.h>
|
||||||
#include <sys/wait.h>
|
#include <sys/wait.h>
|
||||||
|
@ -261,6 +262,23 @@ std::string GetSignalName(int signo) {
|
||||||
return absl::StrFormat("%s [%d]", kSignalNames[signo], signo);
|
return absl::StrFormat("%s [%d]", kSignalNames[signo], signo);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
std::string GetRlimitName(int resource) {
|
||||||
|
switch (resource) {
|
||||||
|
case RLIMIT_AS:
|
||||||
|
return "RLIMIT_AS";
|
||||||
|
case RLIMIT_FSIZE:
|
||||||
|
return "RLIMIT_FSIZE";
|
||||||
|
case RLIMIT_NOFILE:
|
||||||
|
return "RLIMIT_NOFILE";
|
||||||
|
case RLIMIT_CPU:
|
||||||
|
return "RLIMIT_CPU";
|
||||||
|
case RLIMIT_CORE:
|
||||||
|
return "RLIMIT_CORE";
|
||||||
|
default:
|
||||||
|
return absl::StrCat("UNKNOWN: ", resource);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
::sapi::StatusOr<std::string> ReadCPathFromPid(pid_t pid, uintptr_t ptr) {
|
::sapi::StatusOr<std::string> ReadCPathFromPid(pid_t pid, uintptr_t ptr) {
|
||||||
std::string path(PATH_MAX, '\0');
|
std::string path(PATH_MAX, '\0');
|
||||||
iovec local_iov[] = {{&path[0], path.size()}};
|
iovec local_iov[] = {{&path[0], path.size()}};
|
||||||
|
|
|
@ -69,6 +69,9 @@ bool CreateMemFd(int* fd, const char* name = "buffer_file");
|
||||||
// Returns signal description.
|
// Returns signal description.
|
||||||
std::string GetSignalName(int signo);
|
std::string GetSignalName(int signo);
|
||||||
|
|
||||||
|
// Returns rlimit resource name
|
||||||
|
std::string GetRlimitName(int resource);
|
||||||
|
|
||||||
// Reads a path string (NUL-terminated, shorter than PATH_MAX) from another
|
// Reads a path string (NUL-terminated, shorter than PATH_MAX) from another
|
||||||
// process memory
|
// process memory
|
||||||
::sapi::StatusOr<std::string> ReadCPathFromPid(pid_t pid, uintptr_t ptr);
|
::sapi::StatusOr<std::string> ReadCPathFromPid(pid_t pid, uintptr_t ptr);
|
||||||
|
|
Loading…
Reference in New Issue
Block a user