27
27
* Scripts (such as Python programs) should be executed by supplying
28
28
* "/usr/bin/python" as the program, and the script as the first argument.
30
* Usage: trampoline uid jail-path working-path program [args...]
30
31
* Must run as root. Will safely setuid to the supplied uid, checking that it
31
32
* is not root. Recommended that the file is set up as follows:
32
33
* sudo chown root:root trampoline; sudo chroot +s trampoline
35
36
#define _XOPEN_SOURCE
39
39
#include <stdlib.h>
125
124
"usage: %s [-d] [-u] <uid> <base> <src> <system> <jail> <cwd> <program> [args...]\n", nm);
126
fprintf(stderr, " -d \tDaemonize\n");
127
fprintf(stderr, " -u \tPrint usage\n");
128
fprintf(stderr, " <uid> \tUID to run program as\n");
129
fprintf(stderr, " <base> \tDirectory that jails will be mounted in\n");
130
fprintf(stderr, " <src> \tDirectory containing users jail data\n");
131
fprintf(stderr, " <system> \tDirectory containing main jail file system\n");
132
fprintf(stderr, " <jail> \tDirectory of users mounted jail\n");
133
fprintf(stderr, " <cwd> \tDirectory inside the jail to change dir to\n");
134
fprintf(stderr, " <program>\tProgram inside jail to execute\n");
150
int checked_mount(const char *source, const char *target,
151
const char *filesystemtype, unsigned long mountflags,
154
int result = mount(source, target, filesystemtype, mountflags, data);
157
syslog(LOG_ERR, "could not mount %s on %s\n", source, target);
158
perror("could not mount");
166
140
/* Find the path of the user components of a jail, given a mountpoint. */
167
141
char *jail_src(const char *jail_src_base, const char *jail_base,
168
142
const char *jailpath)
174
148
srclen = strlen(jail_src_base);
175
149
dstlen = strlen(jail_base);
177
151
src = die_if_null(malloc(strlen(jailpath) + (srclen - dstlen) + 1));
178
152
strcpy(src, jail_src_base);
179
153
strcat(src, jailpath+dstlen);
211
184
syslog(LOG_NOTICE, "created mountpoint %s\n", jailpath);
214
187
jailsrc = jail_src(jail_src_base, jail_base, jailpath);
215
checked_mount(jail_system, jailpath, NULL, MS_BIND | MS_RDONLY, NULL);
217
source_bits = die_if_null(malloc(strlen(jailsrc) + 5 + 1));
218
target_bits = die_if_null(malloc(strlen(jailpath) + 5 + 1));
219
sprintf(source_bits, "%s/home", jailsrc);
220
sprintf(target_bits, "%s/home", jailpath);
222
checked_mount(source_bits, target_bits, NULL, MS_BIND, NULL);
224
sprintf(source_bits, "%s/tmp", jailsrc);
225
sprintf(target_bits, "%s/tmp", jailpath);
227
checked_mount(source_bits, target_bits, NULL, MS_BIND, NULL);
188
mountdata = die_if_null(malloc(3 + strlen(jailsrc) + 4 + strlen(jail_system) + 3 + 1));
189
sprintf(mountdata, "br:%s=rw:%s=ro", jailsrc, jail_system);
190
if (mount("none", jailpath, "aufs", 0, mountdata))
192
syslog(LOG_ERR, "could not mount %s\n", jailpath);
193
perror("could not mount");
229
197
syslog(LOG_INFO, "mounted %s\n", jailpath);
381
340
/* Process adress space in memory */
382
l.rlim_cur = 448 * 1024 * 1024; /* 512MiB - 64MiB */
383
l.rlim_max = 512 * 1024 * 1024; /* 512MiB */
341
l.rlim_cur = 192 * 1024 * 1024; /* 192MiB */
342
l.rlim_max = 256 * 1024 * 1024; /* 256MiB */
384
343
if (setrlimit(RLIMIT_AS, &l))
386
345
perror("could not setrlimit/RLIMIT_AS");
391
350
* Note: This requires a kernel patch to work correctly otherwise it is
392
351
* ineffective (thus you are only limited by RLIMIT_AS)
394
l.rlim_cur = 448 * 1024 * 1024; /* 512MiB - 64MiB */
395
l.rlim_max = 512 * 1024 * 1024; /* 512MiB */
353
l.rlim_cur = 192 * 1024 * 1024; /* 192MiB */
354
l.rlim_max = 256 * 1024 * 1024; /* 256MiB */
396
355
if (setrlimit(RLIMIT_DATA, &l))
398
357
perror("could not setrlimit/RLIMIT_DATA");
421
380
l.rlim_cur = 64 * 1024 * 1024; /* 64MiB */
422
381
l.rlim_max = 72 * 1024 * 1024; /* 72MiB */
423
if (setrlimit(RLIMIT_FSIZE, &l))
382
if (setrlimit(RLIMIT_FSIZE, &l))
425
384
perror("could not setrlimit/RLIMIT_FSIZE");
429
/* Number of Processes */
432
if (setrlimit(RLIMIT_NPROC, &l))
434
perror("could not setrlimit/RLIMIT_NPROC");
439
389
/* Remove any signal handler masks so we can send signals to the child */