diff options
| author | Chirantan Ekbote <chirantan@chromium.org> | 2019-10-30 12:57:25 +0900 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2019-11-11 03:13:51 +0000 |
| commit | 3f8599aea9d06af32e3368d45e19edc2666453a8 (patch) | |
| tree | eb5927e45190c4cd65201b71c4377b0cb854ed5e /io_jail | |
| parent | 383b3b520a76a921be17a12640b24fba1419dbbb (diff) | |
| download | crosvm-3f8599aea9d06af32e3368d45e19edc2666453a8.tar crosvm-3f8599aea9d06af32e3368d45e19edc2666453a8.tar.gz crosvm-3f8599aea9d06af32e3368d45e19edc2666453a8.tar.bz2 crosvm-3f8599aea9d06af32e3368d45e19edc2666453a8.tar.lz crosvm-3f8599aea9d06af32e3368d45e19edc2666453a8.tar.xz crosvm-3f8599aea9d06af32e3368d45e19edc2666453a8.tar.zst crosvm-3f8599aea9d06af32e3368d45e19edc2666453a8.zip | |
io_jail: Add minijail_rlimit
The virtio-fs server opens a lot of fds and needs to have it's open file limit increased. BUG=b:136128319 TEST=run pjdfstests Change-Id: I9ccc9e0753f990788c9cef2540b3a1aab5f5d15d Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1890583 Tested-by: Chirantan Ekbote <chirantan@chromium.org> Commit-Queue: Chirantan Ekbote <chirantan@chromium.org> Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Reviewed-by: Stephen Barber <smbarber@chromium.org>
Diffstat (limited to 'io_jail')
| -rw-r--r-- | io_jail/src/lib.rs | 16 | ||||
| -rw-r--r-- | io_jail/src/libminijail.rs | 3 |
2 files changed, 18 insertions, 1 deletions
diff --git a/io_jail/src/lib.rs b/io_jail/src/lib.rs index 43698aa..7e66ec5 100644 --- a/io_jail/src/lib.rs +++ b/io_jail/src/lib.rs @@ -54,6 +54,8 @@ pub enum Error { OpenDevNull(io::Error), /// Setting the specified alt-syscall table failed with errno. Is the table in the kernel? SetAltSyscallTable { errno: i32, name: String }, + /// Setting the specified rlimit failed with errno. + SetRlimit { errno: i32, kind: libc::c_int }, /// chroot failed with the provided errno. SettingChrootDirectory(i32, PathBuf), /// pivot_root failed with the provided errno. @@ -125,6 +127,7 @@ impl Display for Error { name, io::Error::from_raw_os_error(*errno), ), + SetRlimit { errno, kind } => write!(f, "failed to set rlimit {}: {}", kind, errno), SettingChrootDirectory(errno, p) => write!( f, "failed to set chroot {}: {}", @@ -233,6 +236,19 @@ impl Minijail { libminijail::minijail_keep_supplementary_gids(self.jail); } } + pub fn set_rlimit( + &mut self, + kind: libc::c_int, + cur: libc::rlim_t, + max: libc::rlim_t, + ) -> Result<()> { + let errno = unsafe { libminijail::minijail_rlimit(self.jail, kind, cur, max) }; + if errno == 0 { + Ok(()) + } else { + Err(Error::SetRlimit { errno, kind }) + } + } pub fn use_seccomp(&mut self) { unsafe { libminijail::minijail_use_seccomp(self.jail); diff --git a/io_jail/src/libminijail.rs b/io_jail/src/libminijail.rs index f8c3654..227e753 100644 --- a/io_jail/src/libminijail.rs +++ b/io_jail/src/libminijail.rs @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -use libc::{gid_t, pid_t, uid_t}; +use libc::{gid_t, pid_t, rlim_t, uid_t}; use std::os::raw::{c_char, c_int, c_ulong}; /// Struct minijail is an opaque type inside libminijail. @@ -19,6 +19,7 @@ extern "C" { pub fn minijail_keep_supplementary_gids(j: *mut minijail); pub fn minijail_change_user(j: *mut minijail, user: *const c_char) -> c_int; pub fn minijail_change_group(j: *mut minijail, group: *const c_char) -> c_int; + pub fn minijail_rlimit(j: *mut minijail, kind: c_int, cur: rlim_t, max: rlim_t) -> c_int; pub fn minijail_use_seccomp(j: *mut minijail); pub fn minijail_no_new_privs(j: *mut minijail); pub fn minijail_use_seccomp_filter(j: *mut minijail); |