#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <stdlib.h>
#include <errno.h>
+#include <limits.h>
#include <pwd.h>
#include <unistd.h>
#include <syscall.h>
//--------------------------------------------------------------------
#include "vserver.h"
+#include "planetlab.h"
#undef CONFIG_VSERVER_LEGACY
-/* Null byte made explicit */
-#define NULLBYTE_SIZE 1
-
/* Base for all vserver roots for chroot */
#define VSERVER_ROOT_BASE "/vservers"
-static int
-_PERROR(const char *format, char *file, int line, int _errno, ...)
-{
- va_list ap;
-
- va_start(ap, _errno);
- fprintf(stderr, "%s:%d: ", file, line);
- vfprintf(stderr, format, ap);
- if (_errno)
- fprintf(stderr, ": %s (%d)", strerror(_errno), _errno);
- fputs("\n", stderr);
- fflush(stderr);
-
- return _errno;
-}
-
-#define PERROR(format, args...) _PERROR(format, __FILE__, __LINE__, errno, ## args)
-
/* Change to root:root (before entering new context) */
static int setuidgid_root()
{
return 0;
}
-static void compute_new_root(char *base, char **root, uid_t uid)
+static void compute_new_root(char *base, char **root, const struct passwd *pwd)
{
int root_len;
- struct passwd *pwd;
-
- if ((pwd = getpwuid(uid)) == NULL) {
- PERROR("getpwuid(%d)", uid);
- exit(1);
- }
root_len =
strlen(base) + strlen("/") +
(*root)[root_len - 1] = '\0';
}
-/* Example: sandbox_root = /vservers/bnc, relpath = /proc/1 */
-static int sandbox_file_exists(char *sandbox_root, char *relpath)
-{
- struct stat stat_buf;
- char *file;
- int len, exists = 0;
-
- len = strlen(sandbox_root) + strlen(relpath) + NULLBYTE_SIZE;
- if ((file = (char *)malloc(len)) == NULL) {
- PERROR("malloc(%d)", len);
- exit(1);
- }
- sprintf(file, "%s%s", sandbox_root, relpath);
- file[len - 1] = '\0';
- if (stat(file, &stat_buf) == 0) {
- exists = 1;
- }
-
-
- free(file);
- return exists;
-}
-
-static int proc_mounted(char *sandbox_root)
-{
- return sandbox_file_exists(sandbox_root, "/proc/1");
-}
-
-static int devpts_mounted(char *sandbox_root)
-{
- return sandbox_file_exists(sandbox_root, "/dev/pts/0");
-}
-
-static void mount_proc(char *sandbox_root)
-{
- char *source = "/proc";
- char *target;
- int len;
-
- len = strlen(sandbox_root) + strlen("/") + strlen("proc") + NULLBYTE_SIZE;
- if ((target = (char *)malloc(len)) == NULL) {
- PERROR("malloc(%d)", len);
- exit(1);
- }
-
- sprintf(target, "%s/proc", sandbox_root);
- target[len - 1] = '\0';
- if (!proc_mounted(sandbox_root))
- mount(source, target, "proc", MS_BIND | MS_RDONLY, NULL);
-
- free(target);
-}
-
-static void mount_devpts(char *sandbox_root)
-{
- char *source = "/dev/pts";
- char *target;
- int len;
-
- len = strlen(sandbox_root) + strlen("/") + strlen("dev/pts") + NULLBYTE_SIZE;
- if ((target = (char *)malloc(len)) == NULL) {
- PERROR("malloc(%d)", len);
- exit(1);
- }
-
- sprintf(target, "%s/dev/pts", sandbox_root);
- target[len - 1] = '\0';
- if (!devpts_mounted(sandbox_root))
- mount(source, target, "devpts", 0, NULL);
-
- free(target);
-}
-
-static int sandbox_chroot(uid_t uid)
+static int sandbox_chroot(const struct passwd *pwd)
{
char *sandbox_root = NULL;
- compute_new_root(VSERVER_ROOT_BASE,&sandbox_root, uid);
- mount_proc(sandbox_root);
- mount_devpts(sandbox_root);
+ compute_new_root(VSERVER_ROOT_BASE,&sandbox_root, pwd);
if (chroot(sandbox_root) < 0) {
PERROR("chroot(%s)", sandbox_root);
exit(1);
return 0;
}
-#define WHITESPACE(buffer,index,len) \
- while(isspace((int)buffer[index])) \
- if (index < len) index++; else goto out;
-
-struct resources {
- char *name;
- unsigned long long *limit;
-};
-
-#define VSERVERCONF "/etc/vservers/"
-static void get_limits(char *context, struct resources *list){
- FILE *fb;
- size_t len = strlen(VSERVERCONF) + strlen(context) + strlen(".conf") + NULLBYTE_SIZE;
- char *conf = (char *)malloc(len);
- struct resources *r;
-
- sprintf(conf, "%s%s.conf", VSERVERCONF, context);
-
- /* open the conf file for reading */
- fb = fopen(conf,"r");
- if (fb != NULL) {
- size_t index;
- char *buffer = malloc(1000);
- char *p;
-
- /* the conf file exist */
- while((p=fgets(buffer,1000-1,fb))!=NULL) {
- index = 0;
- len = strnlen(buffer,1000);
- WHITESPACE(buffer,index,len);
- if (buffer[index] == '#')
- continue;
-
- for (r=list; r->name; r++)
- if ((p=strstr(&buffer[index],r->name))!=NULL) {
- /* adjust index into buffer */
- index+= (p-&buffer[index])+strlen(r->name);
-
- /* skip over whitespace */
- WHITESPACE(buffer,index,len);
-
- /* expecting to see = sign */
- if (buffer[index++]!='=') goto out;
-
- /* skip over whitespace */
- WHITESPACE(buffer,index,len);
-
- /* expecting to see a digit for number */
- if (!isdigit((int)buffer[index])) goto out;
-
- *r->limit = atoi(&buffer[index]);
- break;
- }
- }
- out:
- free(buffer);
- } else {
- fprintf(stderr,"cannot open %s\n",conf);
- }
- free(conf);
-}
-
-
-static int sandbox_processes(xid_t ctx, char *context)
+static int sandbox_processes(xid_t ctx, const char *context, const struct passwd *pwd)
{
#ifdef CONFIG_VSERVER_LEGACY
int flags;
/* use legacy dirty hack for capremove */
if (vc_new_s_context(VC_SAMECTX, vc_get_insecurebcaps(), flags) == VC_NOCTX) {
- PERROR("vc_new_s_context(%u, 0x%16ullx, 0x%08x)",
+ PERROR("vc_new_s_context(%u, 0x%16llx, 0x%08x)",
VC_SAMECTX, vc_get_insecurebcaps(), flags);
exit(1);
}
#else
- struct vc_rlimit limits;
- struct vc_ctx_caps caps;
- struct vc_ctx_flags flags;
- struct vc_vx_info vc;
-
- xid_t xid;
- unsigned long long cpu = VC_LIM_KEEP;
- unsigned long long mem = VC_LIM_KEEP;
- unsigned long long task = VC_LIM_KEEP;
- unsigned long long cpuguaranteed = 0;
- struct resources list[] =
- {{"MEMLIMIT", &mem},
- {"CPULIMIT", &cpu},
- {"CPUGUARANTEED", &cpuguaranteed},
- {"TASKLIMIT", &task},
- {0,0}};
-
- get_limits(context,list);
- (void) (sandbox_chroot(ctx));
-
- caps.ccaps = ~vc_get_insecureccaps();
- caps.cmask = ~0ull;
- caps.bcaps = ~vc_get_insecurebcaps();
- caps.bmask = ~0ull;
- flags.mask = flags.flagword = VC_VXF_STATE_SETUP;
-
- xid = VC_NOCTX;
- if (vc_get_vx_info(ctx,&vc) != 0) {
- xid = vc_ctx_create(ctx);
- if (xid == VC_NOCTX && errno != EEXIST){
- PERROR("vc_ctx_create(%d)", xid);
- exit(1);
- }
- }
-
- /* CPU */
- if (cpu != VC_LIM_KEEP) {
- struct vc_set_sched sched = {
- .set_mask = 0
- };
-
- /* Need to distinguish between guarantee (hard) and
- * best effort (share) from the vserver
- * configuration.
- */
-#define VC_VXF_SCHED_SHARE 0x00000800ull
- flags.flagword |= VC_VXF_SCHED_HARD;
- flags.mask |= VC_VXF_SCHED_HARD;
- if (cpuguaranteed==0) {
- flags.flagword |= VC_VXF_SCHED_SHARE;
- flags.mask |= VC_VXF_SCHED_SHARE;
- }
-
- /* CPULIMIT value from /etc/vservers/xyz.conf */
- sched.fill_rate = cpu;
- sched.set_mask |= VC_VXSM_FILL_RATE;
-
- sched.interval = 1000; /* Andy's default value */
- sched.set_mask |= VC_VXSM_INTERVAL;
-
- /* set base token value for new contexts */
- if (xid != VC_NOCTX) {
- sched.tokens = 100; /* Andy's default value */
- sched.set_mask |= VC_VXSM_TOKENS;
- }
-
- sched.tokens_min = 50; /* Andy's default value */
- sched.tokens_max = 100; /* Andy's default value */
- sched.set_mask |= VC_VXSM_TOKENS_MIN;
- sched.set_mask |= VC_VXSM_TOKENS_MAX;
-
- if (vc_set_sched(ctx, &sched)==-1) {
- PERROR("vc_set_sched()");
- exit(1);
- }
- }
-
- /* MEM */
- limits.min = VC_LIM_KEEP;
- limits.soft = VC_LIM_KEEP;
- limits.hard = mem;
- if (vc_set_rlimit(ctx, RLIMIT_RSS, &limits)) {
- PERROR("vc_set_rlimit(%d, %d, %d/%d/%d)",
- ctx, RLIMIT_RSS, limits.min, limits.soft, limits.hard);
- exit(1);
- }
-
- /* TASK */
- limits.min = VC_LIM_KEEP;
- limits.soft = VC_LIM_KEEP;
- limits.hard = task;
- if (vc_set_rlimit(ctx, RLIMIT_NPROC, &limits)) {
- PERROR("vc_set_rlimit(%d, %d, %d/%d/%d)",
- ctx, RLIMIT_NPROC, limits.min, limits.soft, limits.hard);
- exit(1);
- }
-
- if (vc_set_ccaps(ctx, &caps) == -1) {
- PERROR("vc_set_ccaps(%d, 0x%16ullx/0x%16ullx, 0x%16ullx/0x%16ullx)",
- ctx, caps.ccaps, caps.cmask, caps.bcaps, caps.bmask);
- exit(1);
- }
-
- if (vc_set_cflags(ctx, &flags) == -1) {
- PERROR("vc_set_cflags(%d, 0x%16llx/0x%16llx)",
- ctx, flags.flagword, flags.mask);
- exit(1);
- }
-
- /* context already exists, migrate to it */
- if (xid == VC_NOCTX && vc_ctx_migrate(ctx) == -1) {
- PERROR("vc_ctx_migrate(%d)", xid);
- exit(1);
- }
+ int ctx_is_new;
+ struct sliver_resources slr;
+ char hostname[HOST_NAME_MAX+1];
+ pl_get_limits(context,&slr);
+
+ if (gethostname(hostname, sizeof hostname) == -1)
+ {
+ PERROR("gethostname(...)");
+ exit(1);
+ }
+
+ /* check whether the slice has been suspended */
+ if (slr.vs_cpu==0)
+ {
+ fprintf(stderr, "*** %s: %s has zero cpu resources and presumably it has been disabled/suspended ***\n", hostname, context);
+ exit(0);
+ }
+
+ (void) (sandbox_chroot(pwd));
+
+ if ((ctx_is_new = pl_chcontext(ctx, ~vc_get_insecurebcaps(),&slr)) < 0)
+ {
+ PERROR("pl_chcontext(%u)", ctx);
+ exit(1);
+ }
+ if (ctx_is_new)
+ {
+ fprintf(stderr, " *** %s: %s has not been started yet, please check back later ***\n", hostname, context);
+ exit(1);
+ }
#endif
return 0;
}
-void runas_slice_user(char *username)
+void runas_slice_user(struct passwd *pwd)
{
- struct passwd pwdd, *pwd = &pwdd, *result;
- char *pwdBuffer;
+ char *username = pwd->pw_name;
char *home_env, *logname_env, *mail_env, *shell_env, *user_env;
int home_len, logname_len, mail_len, shell_len, user_len;
- long pwdBuffer_len;
static char *envp[10];
-
- pwdBuffer_len = sysconf(_SC_GETPW_R_SIZE_MAX);
- if (pwdBuffer_len == -1) {
- PERROR("sysconf(_SC_GETPW_R_SIZE_MAX)");
- exit(1);
- }
-
- pwdBuffer = (char*)malloc(pwdBuffer_len);
- if (pwdBuffer == NULL) {
- PERROR("malloc(%d)", pwdBuffer_len);
- exit(1);
- }
-
- errno = 0;
- if ((getpwnam_r(username,pwd,pwdBuffer,pwdBuffer_len, &result) != 0) || (errno != 0)) {
- PERROR("getpwnam_r(%s)", username);
- exit(1);
- }
-
if (setgid(pwd->pw_gid) < 0) {
PERROR("setgid(%d)", pwd->pw_gid);
exit(1);
}
}
-void slice_enter(char *context)
+void slice_enter(struct passwd *pwd)
{
- struct passwd pwdd, *pwd = &pwdd, *result;
- char *pwdBuffer;
- long pwdBuffer_len;
- uid_t uid;
-
- pwdBuffer_len = sysconf(_SC_GETPW_R_SIZE_MAX);
- if (pwdBuffer_len == -1) {
- PERROR("sysconf(_SC_GETPW_R_SIZE_MAX)");
- exit(1);
- }
-
- pwdBuffer = (char*)malloc(pwdBuffer_len);
- if (pwdBuffer == NULL) {
- PERROR("malloc(%d)", pwdBuffer_len);
- exit(1);
- }
-
- errno = 0;
- if ((getpwnam_r(context,pwd,pwdBuffer,pwdBuffer_len, &result) != 0) || (errno != 0)) {
- PERROR("getpwnam_r(%s)", context);
- exit(2);
- }
- uid = pwd->pw_uid;
-
if (setuidgid_root() < 0) { /* For chroot, new_s_context */
fprintf(stderr, "vsh: Could not become root, check that SUID flag is set on binary\n");
exit(2);
}
#ifdef CONFIG_VSERVER_LEGACY
- (void) (sandbox_chroot(uid));
+ (void) (sandbox_chroot(pwd));
#endif
- if (sandbox_processes((xid_t) uid, context) < 0) {
- fprintf(stderr, "vsh: Could not change context to %d\n", uid);
+ if (sandbox_processes((xid_t) pwd->pw_uid, pwd->pw_name, pwd) < 0) {
+ fprintf(stderr, "vsh: Could not change context to %d\n", pwd->pw_uid);
exit(2);
}
}
int main(int argc, char **argv)
{
- struct passwd pwdd, *pwd = &pwdd, *result;
+ struct passwd pwdd, *result, *prechroot, *postchroot = &pwdd;
char *context, *username, *shell, *pwdBuffer;
long pwdBuffer_len;
uid_t uid;
index = 0;
uid = getuid();
- if ((pwd = getpwuid(uid)) == NULL) {
+ if ((prechroot = getpwuid(uid)) == NULL) {
PERROR("getpwuid(%d)", uid);
exit(1);
}
- context = (char*)strdup(pwd->pw_name);
+ context = (char*)strdup(prechroot->pw_name);
if (!context) {
PERROR("strdup");
exit(2);
}
/* enter vserver "context" */
- slice_enter(context);
+ slice_enter(prechroot);
- /* Now run as username in this context. Note that for PlanetLab's
- vserver configuration the context name also happens to be the
- "default" username within the vserver context.
- */
- username = context;
- runas_slice_user(username);
-
- /* With the uid/gid appropriately set. Let's figure out what the
- * shell in the vserver's /etc/passwd is for the given username.
+ /* Get the /etc/passwd entry for this user, this time inside
+ * the chroot.
*/
+ username = context;
pwdBuffer_len = sysconf(_SC_GETPW_R_SIZE_MAX);
if (pwdBuffer_len == -1) {
}
errno = 0;
- if ((getpwnam_r(username,pwd,pwdBuffer,pwdBuffer_len, &result) != 0) || (errno != 0)) {
+ if ((getpwnam_r(username,postchroot,pwdBuffer,pwdBuffer_len, &result) != 0) ||
+ (errno != 0) || result != postchroot) {
PERROR("getpwnam_r(%s)", username);
exit(1);
}
+ /* Now run as username in this context. Note that for PlanetLab's
+ vserver configuration the context name also happens to be the
+ "default" username within the vserver context.
+ */
+ runas_slice_user(postchroot);
+
/* Make sure pw->pw_shell is non-NULL.*/
- if (pwd->pw_shell == NULL || pwd->pw_shell[0] == '\0') {
- pwd->pw_shell = (char *) DEFAULT_SHELL;
+ if (postchroot->pw_shell == NULL || postchroot->pw_shell[0] == '\0') {
+ postchroot->pw_shell = (char *) DEFAULT_SHELL;
}
- shell = (char *)strdup(pwd->pw_shell);
+ shell = (char *)strdup(postchroot->pw_shell);
if (!shell) {
PERROR("strdup");
exit(2);