Fixed bug in method __update_config_file where when updating multiple fields, the...

[util-vserver.git] / src / vsh.c

diff --git a/src/vsh.c b/src/vsh.c
index ffdf110..7d28bf4 100644 (file)
--- a/src/vsh.c
+++ b/src/vsh.c
@@ -37,12 +37,14 @@
 #include <sys/mount.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <sys/resource.h>
 #include <fcntl.h>
 #include <ctype.h>
 #include <stdarg.h>
 
 //--------------------------------------------------------------------
 #include "vserver.h"
+#include "planetlab.h"
 
 #undef CONFIG_VSERVER_LEGACY
 
@@ -198,7 +200,70 @@ static int sandbox_chroot(uid_t uid)
        return 0;
 }
 
-static int sandbox_processes(xid_t xid)
+#define WHITESPACE(buffer,index,len)     \
+  while(isspace((int)buffer[index])) \
+       if (index < len) index++; else goto out;
+
+struct resources {
+       char *name;
+       unsigned long long *limit;
+};
+
+#define VSERVERCONF "/etc/vservers/"
+static void get_limits(char *context, struct resources *list){
+       FILE *fb;
+       size_t len = strlen(VSERVERCONF) + strlen(context) + strlen(".conf") + NULLBYTE_SIZE;
+       char *conf = (char *)malloc(len);       
+       struct resources *r;
+
+       sprintf(conf, "%s%s.conf", VSERVERCONF, context);
+
+       /* open the conf file for reading */
+       fb = fopen(conf,"r");
+       if (fb != NULL) {
+               size_t index;
+               char *buffer = malloc(1000);
+               char *p;
+
+               /* the conf file exist */ 
+               while((p=fgets(buffer,1000-1,fb))!=NULL) {
+                       index = 0;
+                       len = strnlen(buffer,1000);
+                       WHITESPACE(buffer,index,len);
+                       if (buffer[index] == '#') 
+                               continue;
+
+                       for (r=list; r->name; r++)
+                               if ((p=strstr(&buffer[index],r->name))!=NULL) {
+                                       /* adjust index into buffer */
+                                       index+= (p-&buffer[index])+strlen(r->name);
+
+                                       /* skip over whitespace */
+                                       WHITESPACE(buffer,index,len);
+
+                                       /* expecting to see = sign */
+                                       if (buffer[index++]!='=') goto out;
+
+                                       /* skip over whitespace */
+                                       WHITESPACE(buffer,index,len);
+
+                                       /* expecting to see a digit for number */
+                                       if (!isdigit((int)buffer[index])) goto out;
+
+                                       *r->limit = atoi(&buffer[index]);
+                                       break;
+                               }
+               }
+       out:
+               free(buffer);
+       } else {
+               fprintf(stderr,"cannot open %s\n",conf);
+       }
+       free(conf);
+}
+
+
+static int sandbox_processes(xid_t ctx, char *context)
 {
 #ifdef CONFIG_VSERVER_LEGACY
        int     flags;
@@ -207,7 +272,7 @@ static int sandbox_processes(xid_t xid)
        flags |= 1; /* VX_INFO_LOCK -- cannot request a new vx_id */
        /* flags |= 4; VX_INFO_NPROC -- limit number of procs in a context */
 
-       (void) vc_new_s_context(xid, 0, flags);
+       (void) vc_new_s_context(ctx, 0, flags);
 
        /* use legacy dirty hack for capremove */
        if (vc_new_s_context(VC_SAMECTX, vc_get_insecurebcaps(), flags) == VC_NOCTX) {
@@ -216,33 +281,61 @@ static int sandbox_processes(xid_t xid)
                exit(1);
        }
 #else
-       struct vc_ctx_caps caps;
-       struct vc_ctx_flags flags;
-
-       caps.ccaps = ~vc_get_insecureccaps();
-       caps.cmask = ~0ull;
-       caps.bcaps = ~vc_get_insecurebcaps();
-       caps.bmask = ~0ull;
-
-       flags.flagword = VC_VXF_INFO_LOCK;
-       flags.mask = VC_VXF_STATE_SETUP | VC_VXF_INFO_LOCK;
-
-       if (vc_ctx_create(xid) == VC_NOCTX) {
-               PERROR("vc_ctx_create(%d)", xid);
+       int  ctx_is_new;
+       unsigned long long cpu = VC_LIM_KEEP;
+       unsigned long long mem = VC_LIM_KEEP;
+       unsigned long long task = VC_LIM_KEEP;
+       unsigned long long cpuguaranteed = 0;
+       struct resources list[] = 
+               {{"MEMLIMIT", &mem},
+                {"CPULIMIT", &cpu},
+                {"CPUGUARANTEED", &cpuguaranteed},
+                {"TASKLIMIT", &task},
+                {0,0}};
+
+       get_limits(context,list);
+
+       /* check whether the slice has been disabled */
+       if (!cpu)
+         {
+           fprintf(stderr, "*** this slice has been suspended ***\n");
+           exit(0);
+         }
+
+       (void) (sandbox_chroot(ctx));
+
+        if ((ctx_is_new = pl_chcontext(ctx, 0, ~vc_get_insecurebcaps())) < 0)
+          {
+            PERROR("pl_chcontext(%u)", ctx);
+            exit(1);
+          }
+       if (ctx_is_new)
+         {
+           /* set resources */
+           struct vc_rlimit limits;
+
+           limits.min = VC_LIM_KEEP;
+           limits.soft = VC_LIM_KEEP;
+           limits.hard = mem;
+           if (vc_set_rlimit(ctx, RLIMIT_RSS, &limits))
+             {
+               PERROR("pl_setrlimit(%u, RLIMIT_RSS)", ctx);
                exit(1);
-       }
-
-       if (vc_set_ccaps(xid, &caps) == -1) {
-               PERROR("vc_set_ccaps(%d, 0x%16ullx/0x%16ullx, 0x%16ullx/0x%16ullx)\n",
-                      xid, caps.ccaps, caps.cmask, caps.bcaps, caps.bmask);
+             }
+           limits.hard = task;
+           if (vc_set_rlimit(ctx, RLIMIT_NPROC, &limits))
+             {
+               PERROR("pl_setrlimit(%u, RLIMIT_NPROC)", ctx);
                exit(1);
-       }
-
-       if (vc_set_cflags(xid, &flags) == -1) {
-               PERROR("vc_set_cflags(%d, 0x%16llx/0x%16llx)\n",
-                      xid, flags.flagword, flags.mask);
+             }
+           cpuguaranteed &= VS_SCHED_CPU_GUARANTEED;
+           if (pl_setsched(ctx, cpu, cpuguaranteed) < 0)
+             {
+               PERROR("pl_setsched(&u)", ctx);
                exit(1);
-       }
+             }
+           pl_setup_done(ctx);
+         }
 #endif
        return 0;
 }
@@ -347,7 +440,6 @@ void slice_enter(char *context)
        struct passwd pwdd, *pwd = &pwdd, *result;
        char          *pwdBuffer;
        long          pwdBuffer_len;
-       unsigned remove_cap;
        uid_t uid;
 
        pwdBuffer_len = sysconf(_SC_GETPW_R_SIZE_MAX);
@@ -367,27 +459,18 @@ void slice_enter(char *context)
                PERROR("getpwnam_r(%s)", context);
                exit(2);
        }
-
-       context = (char*)malloc(strlen(pwd->pw_name)+NULLBYTE_SIZE);
-       if (!context) {
-               PERROR("malloc(%d)");
-               exit(2);
-       }
-       strcpy(context,pwd->pw_name);
+       uid = pwd->pw_uid;
 
        if (setuidgid_root() < 0) { /* For chroot, new_s_context */
                fprintf(stderr, "vsh: Could not become root, check that SUID flag is set on binary\n");
                exit(2);
        }
 
-       uid = pwd->pw_uid;
-
-       if (sandbox_chroot(uid) < 0) {
-               fprintf(stderr, "vsh: Could not chroot\n");
-               exit(2);
-       }
+#ifdef CONFIG_VSERVER_LEGACY
+       (void) (sandbox_chroot(uid));
+#endif
 
-       if (sandbox_processes((xid_t) uid) < 0) {
+       if (sandbox_processes((xid_t) uid, context) < 0) {
                fprintf(stderr, "vsh: Could not change context to %d\n", uid);
                exit(2);
        }