fiss

commit bf5b0f8ee697a0f16ddccd5c7cd9d149afcbc50d
parent b83c06f2ba2d0500135ea1eeddba4a3b338cb6b7
Author: Friedel Schön <[email protected]>
Date:   Tue, 26 Dec 2023 18:32:46 +0100

add runit subcommands of chpst

Diffstat:
M
bin/chpst.c
 | 
328
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------------
A
bin/envuidgid.lnk
 | 
1
+
A
bin/pgrphack.lnk
 | 
1
+
A
bin/setlock.lnk
 | 
1
+
A
bin/setuidgid.lnk
 | 
1
+
A
bin/softlimit.lnk
 | 
1
+
M
configure
 | 
46
+++++++++++++++++++++++++++++-----------------

7 files changed, 306 insertions(+), 73 deletions(-)
diff --git a/bin/chpst.c b/bin/chpst.c
@@ -10,77 +10,204 @@
 #include <stdlib.h>
 #include <string.h>
 #include <sys/file.h>
+#include <sys/resource.h>
 
 
 const char* current_prog(void) {
 	return "chpst";
 }
 
+void limit(int what, rlim_t l) {
+	struct rlimit r;
+
+	if (getrlimit(what, &r) == -1)
+		fprintf(stderr, "error: unable to getrlimit\n");
+
+	if (l < 0) {
+		r.rlim_cur = 0;
+	} else if (l > r.rlim_max)
+		r.rlim_cur = r.rlim_max;
+	else
+		r.rlim_cur = l;
+
+	if (setrlimit(what, &r) == -1)
+		fprintf(stderr, "error: unable to setrlimit\n");
+}
+
+
 int main(int argc, char** argv) {
 	int   opt, lockfd, lockflags, gid_len = 0;
 	char *arg0 = NULL, *root = NULL, *cd = NULL, *lock = NULL, *exec = NULL;
 	uid_t uid = 0;
 	gid_t gid[61];
-	long  nicelevel   = 0;
-	bool  ssid        = false;
-	bool  closestd[3] = { false, false, false };
-
-	while ((opt = getopt(argc, argv, "+u:U:b:e:m:d:o:p:f:c:r:t:/:C:n:l:L:vP012V")) != -1) {
-		switch (opt) {
-			case 'u':
-			case 'U':
-				gid_len = parse_ugid(optarg, &uid, gid);
-				break;
-			case 'b':
-				arg0 = optarg;
-				break;
-			case '/':
-				root = optarg;
-				break;
-			case 'C':
-				cd = optarg;
-				break;
-			case 'n':
-				nicelevel = parse_long(optarg, "nice-level");
-				break;
-			case 'l':
-				lock      = optarg;
-				lockflags = LOCK_EX | LOCK_NB;
-				break;
-			case 'L':
-				lock      = optarg;
-				lockflags = LOCK_EX;
-				break;
-			case 'v':    // ignored
-				break;
-			case 'P':
-				ssid = true;
-				break;
-			case '0':
-			case '1':
-			case '2':
-				closestd[opt - '0'] = true;
-				break;
-			case 'e':
-			case 'd':
-			case 'o':
-			case 'p':
-			case 'f':
-			case 'c':
-			case 'r':
-			case 't':
-			case 'm':    // ignored
-				fprintf(stderr, "warning: '-%c' is ignored\n", optopt);
-				break;
-			case '?':
-				fprintf(stderr, "usage\n");
-				return 1;
+	long  limitd     = -2,
+	     limits      = -2,
+	     limitl      = -2,
+	     limita      = -2,
+	     limito      = -2,
+	     limitp      = -2,
+	     limitf      = -2,
+	     limitc      = -2,
+	     limitr      = -2,
+	     limitt      = -2;
+	long nicelevel   = 0;
+	bool ssid        = false;
+	bool closestd[3] = { false, false, false };
+
+	if (streq(argv[0], "setuidgid") || streq(argv[0], "envuidgid")) {
+		if (argc < 2) {
+			fprintf(stderr, "%s <uid-gid> command...", argv[0]);
+			return 1;
+		}
+		gid_len = parse_ugid(argv[1], &uid, gid);
+		argv += 2, argc -= 2;
+	} else if (streq(argv[0], "pgrphack")) {
+		ssid = true;
+		argv += 1, argc -= 1;
+	} else if (streq(argv[0], "setlock")) {
+		while ((opt = getopt(argc, argv, "+xXnN")) != -1) {
+			switch (opt) {
+				case 'n':
+					lockflags = LOCK_EX | LOCK_NB;
+					break;
+				case 'N':
+					lockflags = LOCK_EX;
+					break;
+				case 'x':
+				case 'X':
+					fprintf(stderr, "warning: '-%c' is ignored\n", optopt);
+					break;
+				case '?':
+					fprintf(stderr, "%s [-xXnN] command...", argv[0]);
+					return 1;
+			}
+		}
+		argv += optind, argc -= optind;
+		if (argc < 1) {
+			fprintf(stderr, "%s [-xXnN] command...", argv[0]);
+			return 1;
+		}
+		lock = argv[0];
+		argv += 1, argc -= 1;
+	} else if (streq(argv[0], "softlimit")) {
+		while ((opt = getopt(argc, argv, "+a:c:d:f:l:m:o:p:r:s:t:")) != -1) {
+			switch (opt) {
+				case 'm':
+					limits = limitl = limita = limitd = parse_long(optarg, "limit");
+					break;
+				case 'a':
+					limita = parse_long(optarg, "limit");
+					break;
+				case 'd':
+					limitd = parse_long(optarg, "limit");
+					break;
+				case 'o':
+					limito = parse_long(optarg, "limit");
+					break;
+				case 'p':
+					limitp = parse_long(optarg, "limit");
+					break;
+				case 'f':
+					limitf = parse_long(optarg, "limit");
+					break;
+				case 'c':
+					limitc = parse_long(optarg, "limit");
+					break;
+				case 'r':
+					limitr = parse_long(optarg, "limit");
+					break;
+				case 't':
+					limitt = parse_long(optarg, "limit");
+					break;
+				case 'l':
+					limitl = parse_long(optarg, "limit");
+					break;
+				case 's':
+					limits = parse_long(optarg, "limit");
+					break;
+				case '?':
+					fprintf(stderr, "softlimit command...");
+					return 1;
+			}
+		}
+		argv += optind, argc -= optind;
+	} else {
+		if (!streq(argv[0], "chpst"))
+			fprintf(stderr, "warning: program-name unsupported, asuming `chpst`\n");
+
+		while ((opt = getopt(argc, argv, "+u:U:b:e:m:d:o:p:f:c:r:t:/:C:n:l:L:vP012V")) != -1) {
+			switch (opt) {
+				case 'u':
+				case 'U':
+					gid_len = parse_ugid(optarg, &uid, gid);
+					break;
+				case 'b':
+					arg0 = optarg;
+					break;
+				case '/':
+					root = optarg;
+					break;
+				case 'C':
+					cd = optarg;
+					break;
+				case 'n':
+					nicelevel = parse_long(optarg, "nice-level");
+					break;
+				case 'l':
+					lock      = optarg;
+					lockflags = LOCK_EX | LOCK_NB;
+					break;
+				case 'L':
+					lock      = optarg;
+					lockflags = LOCK_EX;
+					break;
+				case 'v':    // ignored
+					break;
+				case 'P':
+					ssid = true;
+					break;
+				case '0':
+				case '1':
+				case '2':
+					closestd[opt - '0'] = true;
+					break;
+				case 'm':
+					limits = limitl = limita = limitd = parse_long(optarg, "limit");
+					break;
+				case 'd':
+					limitd = parse_long(optarg, "limit");
+					break;
+				case 'o':
+					limito = parse_long(optarg, "limit");
+					break;
+				case 'p':
+					limitp = parse_long(optarg, "limit");
+					break;
+				case 'f':
+					limitf = parse_long(optarg, "limit");
+					break;
+				case 'c':
+					limitc = parse_long(optarg, "limit");
+					break;
+				case 'r':
+					limitr = parse_long(optarg, "limit");
+					break;
+				case 't':
+					limitt = parse_long(optarg, "limit");
+					break;
+				case 'e':
+					fprintf(stderr, "warning: '-%c' is ignored\n", optopt);
+					break;
+				case '?':
+					fprintf(stderr, "usage\n");
+					return 1;
+			}
 		}
+		argv += optind, argc -= optind;
 	}
-	argv += optind, argc -= optind;
 
 	if (argc == 0) {
-		fprintf(stderr, "command required\n");
+		fprintf(stderr, "%s: command required\n", argv[0]);
 		return 1;
 	}
 
@@ -112,6 +239,95 @@ int main(int argc, char** argv) {
 			print_errno("unable to set nice level: %s\n");
 	}
 
+	if (limitd >= -1) {
+#ifdef RLIMIT_DATA
+		limit(RLIMIT_DATA, limitd);
+#else
+		if (verbose)
+			fprintf(stderr, "system does not support RLIMIT_DATA\n");
+#endif
+	}
+	if (limits >= -1) {
+#ifdef RLIMIT_STACK
+		limit(RLIMIT_STACK, limits);
+#else
+		if (verbose)
+			fprintf(stderr, "system does not support RLIMIT_STACK\n");
+#endif
+	}
+	if (limitl >= -1) {
+#ifdef RLIMIT_MEMLOCK
+		limit(RLIMIT_MEMLOCK, limitl);
+#else
+		if (verbose)
+			fprintf(stderr, "system does not support RLIMIT_MEMLOCK\n");
+#endif
+	}
+	if (limita >= -1) {
+#ifdef RLIMIT_VMEM
+		limit(RLIMIT_VMEM, limita);
+#else
+#	ifdef RLIMIT_AS
+		limit(RLIMIT_AS, limita);
+#	else
+		if (verbose)
+			fprintf(stderr, "system does neither support RLIMIT_VMEM nor RLIMIT_AS\n");
+#	endif
+#endif
+	}
+	if (limito >= -1) {
+#ifdef RLIMIT_NOFILE
+		limit(RLIMIT_NOFILE, limito);
+#else
+#	ifdef RLIMIT_OFILE
+		limit(RLIMIT_OFILE, limito);
+#	else
+		if (verbose)
+			fprintf(stderr, "system does neither support RLIMIT_NOFILE nor RLIMIT_OFILE\n");
+#	endif
+#endif
+	}
+	if (limitp >= -1) {
+#ifdef RLIMIT_NPROC
+		limit(RLIMIT_NPROC, limitp);
+#else
+		if (verbose)
+			fprintf(stderr, "system does not support RLIMIT_NPROC\n");
+#endif
+	}
+	if (limitf >= -1) {
+#ifdef RLIMIT_FSIZE
+		limit(RLIMIT_FSIZE, limitf);
+#else
+		if (verbose)
+			fprintf(stderr, "system does not support RLIMIT_FSIZE\n");
+#endif
+	}
+	if (limitc >= -1) {
+#ifdef RLIMIT_CORE
+		limit(RLIMIT_CORE, limitc);
+#else
+		if (verbose)
+			fprintf(stderr, "system does not support RLIMIT_CORE\n");
+#endif
+	}
+	if (limitr >= -1) {
+#ifdef RLIMIT_RSS
+		limit(RLIMIT_RSS, limitr);
+#else
+		if (verbose)
+			fprintf(stderr, "system does not support RLIMIT_RSS\n");
+#endif
+	}
+	if (limitt >= -1) {
+#ifdef RLIMIT_CPU
+		limit(RLIMIT_CPU, limitt);
+#else
+		if (verbose)
+			fprintf(stderr, "system does not support RLIMIT_CPU\n");
+#endif
+	}
+
 	if (lock) {
 		if ((lockfd = open(lock, O_WRONLY | O_APPEND)) == -1)
 			print_errno("unable to open lock: %s\n");
diff --git a/bin/envuidgid.lnk b/bin/envuidgid.lnk
@@ -0,0 +1 @@
+chpst
diff --git a/bin/pgrphack.lnk b/bin/pgrphack.lnk
@@ -0,0 +1 @@
+chpst
diff --git a/bin/setlock.lnk b/bin/setlock.lnk
@@ -0,0 +1 @@
+chpst
diff --git a/bin/setuidgid.lnk b/bin/setuidgid.lnk
@@ -0,0 +1 @@
+chpst
diff --git a/bin/softlimit.lnk b/bin/softlimit.lnk
@@ -0,0 +1 @@
+chpst
diff --git a/configure b/configure
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 ENABLED=
-MK_BINARIES='chpst finit fsvc fsvs halt init modules-load poweroff reboot seedrng shutdown sigremap vlogger zzz'
+MK_BINARIES='ZZZ chpst envuidgid finit fsvc fsvs halt init modules-load pgrphack poweroff reboot seedrng setlock setuidgid shutdown sigremap softlimit vlogger zzz'
 
 MK_INSTALL_PREFIX=/
 MK_INSTALL_SBIN=/sbin
@@ -82,21 +82,27 @@ Usage: ./configure [options]
 --disable-install-share . disabling installing share
 --disable-install-man ... disabling installing man8
 --disable-install-docs .. disabling installing docs
-        
---enable-chpst .......... disables everything but given --enable-* and chpst
---enable-finit .......... disables everything but given --enable-* and finit
---enable-fsvc ........... disables everything but given --enable-* and fsvc
---enable-fsvs ........... disables everything but given --enable-* and fsvs
---enable-halt ........... disables everything but given --enable-* and halt
---enable-init ........... disables everything but given --enable-* and init (link)
---enable-modules-load ... disables everything but given --enable-* and modules-load
---enable-poweroff ....... disables everything but given --enable-* and poweroff
---enable-reboot ......... disables everything but given --enable-* and reboot
---enable-seedrng ........ disables everything but given --enable-* and seedrng
---enable-shutdown ....... disables everything but given --enable-* and shutdown
---enable-sigremap ....... disables everything but given --enable-* and sigremap
---enable-vlogger ........ disables everything but given --enable-* and vlogger
---enable-zzz ............ disables everything but given --enable-* and zzz
+
+--enable-ZZZ ............ enable ZZZ
+--enable-chpst .......... enable chpst
+--enable-envuidgid ...... enable envuidgid
+--enable-finit .......... enable finit
+--enable-fsvc ........... enable fsvc
+--enable-fsvs ........... enable fsvs
+--enable-halt ........... enable halt
+--enable-init ........... enable init
+--enable-modules-load ... enable modules-load
+--enable-pgrphack ....... enable pgrphack
+--enable-poweroff ....... enable poweroff
+--enable-reboot ......... enable reboot
+--enable-seedrng ........ enable seedrng
+--enable-setlock ........ enable setlock
+--enable-setuidgid ...... enable setuidgid
+--enable-shutdown ....... enable shutdown
+--enable-sigremap ....... enable sigremap
+--enable-softlimit ...... enable softlimit
+--enable-vlogger ........ enable vlogger
+--enable-zzz ............ enable zzz
 
 --stop-timeout .......... sets the timeout whenever service must be killed
 --fail-limit ............ sets the limit a service may failed before it is declared as dead
@@ -151,19 +157,25 @@ while [ -n "$1" ]; do
         --disable-install-share) MK_INSTALL_SHARE=; shift;;
         --disable-install-man) MK_INSTALL_MAN8=; shift;;
         --disable-install-docs) MK_INSTALL_DOCS=; shift;;
-        
+
+        --enable-ZZZ) enable ZZZ; shift;;
         --enable-chpst) enable chpst; shift;;
+        --enable-envuidgid) enable envuidgid; shift;;
         --enable-finit) enable finit; shift;;
         --enable-fsvc) enable fsvc; shift;;
         --enable-fsvs) enable fsvs; shift;;
         --enable-halt) enable halt; shift;;
         --enable-init) enable init; shift;;
         --enable-modules-load) enable modules-load; shift;;
+        --enable-pgrphack) enable pgrphack; shift;;
         --enable-poweroff) enable poweroff; shift;;
         --enable-reboot) enable reboot; shift;;
         --enable-seedrng) enable seedrng; shift;;
+        --enable-setlock) enable setlock; shift;;
+        --enable-setuidgid) enable setuidgid; shift;;
         --enable-shutdown) enable shutdown; shift;;
         --enable-sigremap) enable sigremap; shift;;
+        --enable-softlimit) enable softlimit; shift;;
         --enable-vlogger) enable vlogger; shift;;
         --enable-zzz) enable zzz; shift;;