From 3f8599aea9d06af32e3368d45e19edc2666453a8 Mon Sep 17 00:00:00 2001
From: Chirantan Ekbote <chirantan@chromium.org>
Date: Wed, 30 Oct 2019 12:57:25 +0900
Subject: io_jail: Add minijail_rlimit

The virtio-fs server opens a lot of fds and needs to have it's open file
limit increased.

BUG=b:136128319
TEST=run pjdfstests

Change-Id: I9ccc9e0753f990788c9cef2540b3a1aab5f5d15d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1890583
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>
---
 io_jail/src/lib.rs         | 16 ++++++++++++++++
 io_jail/src/libminijail.rs |  3 ++-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/io_jail/src/lib.rs b/io_jail/src/lib.rs
index 43698aa..7e66ec5 100644
--- a/io_jail/src/lib.rs
+++ b/io_jail/src/lib.rs
@@ -54,6 +54,8 @@ pub enum Error {
     OpenDevNull(io::Error),
     /// Setting the specified alt-syscall table failed with errno. Is the table in the kernel?
     SetAltSyscallTable { errno: i32, name: String },
+    /// Setting the specified rlimit failed with errno.
+    SetRlimit { errno: i32, kind: libc::c_int },
     /// chroot failed with the provided errno.
     SettingChrootDirectory(i32, PathBuf),
     /// pivot_root failed with the provided errno.
@@ -125,6 +127,7 @@ impl Display for Error {
                 name,
                 io::Error::from_raw_os_error(*errno),
             ),
+            SetRlimit { errno, kind } => write!(f, "failed to set rlimit {}: {}", kind, errno),
             SettingChrootDirectory(errno, p) => write!(
                 f,
                 "failed to set chroot {}: {}",
@@ -233,6 +236,19 @@ impl Minijail {
             libminijail::minijail_keep_supplementary_gids(self.jail);
         }
     }
+    pub fn set_rlimit(
+        &mut self,
+        kind: libc::c_int,
+        cur: libc::rlim_t,
+        max: libc::rlim_t,
+    ) -> Result<()> {
+        let errno = unsafe { libminijail::minijail_rlimit(self.jail, kind, cur, max) };
+        if errno == 0 {
+            Ok(())
+        } else {
+            Err(Error::SetRlimit { errno, kind })
+        }
+    }
     pub fn use_seccomp(&mut self) {
         unsafe {
             libminijail::minijail_use_seccomp(self.jail);
diff --git a/io_jail/src/libminijail.rs b/io_jail/src/libminijail.rs
index f8c3654..227e753 100644
--- a/io_jail/src/libminijail.rs
+++ b/io_jail/src/libminijail.rs
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-use libc::{gid_t, pid_t, uid_t};
+use libc::{gid_t, pid_t, rlim_t, uid_t};
 use std::os::raw::{c_char, c_int, c_ulong};
 
 /// Struct minijail is an opaque type inside libminijail.
@@ -19,6 +19,7 @@ extern "C" {
     pub fn minijail_keep_supplementary_gids(j: *mut minijail);
     pub fn minijail_change_user(j: *mut minijail, user: *const c_char) -> c_int;
     pub fn minijail_change_group(j: *mut minijail, group: *const c_char) -> c_int;
+    pub fn minijail_rlimit(j: *mut minijail, kind: c_int, cur: rlim_t, max: rlim_t) -> c_int;
     pub fn minijail_use_seccomp(j: *mut minijail);
     pub fn minijail_no_new_privs(j: *mut minijail);
     pub fn minijail_use_seccomp_filter(j: *mut minijail);
-- 
cgit 1.4.1