X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=src%2Fvsh.c;h=cded350033103327e257e263f41f16be30d1e3a7;hb=1e66ba43c6390048ef1400666aa94123331627d1;hp=5f1f9a383daeb1c2cf86323c3f579cca2c62ffdd;hpb=8ccb799bda96e6654434d15d9b1136876463b05e;p=util-vserver.git

diff --git a/src/vsh.c b/src/vsh.c
index 5f1f9a3..cded350 100644
--- a/src/vsh.c
+++ b/src/vsh.c
@@ -27,8 +27,8 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <stdlib.h>
 #include <errno.h>
+#include <limits.h>
 #include <pwd.h>
 #include <unistd.h>
 #include <syscall.h>
@@ -37,39 +37,20 @@
 #include <sys/mount.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <sys/resource.h>
 #include <fcntl.h>
 #include <ctype.h>
 #include <stdarg.h>
 
 //--------------------------------------------------------------------
 #include "vserver.h"
+#include "planetlab.h"
 
 #undef CONFIG_VSERVER_LEGACY
 
-/* Null byte made explicit */
-#define NULLBYTE_SIZE                    1
-
 /* Base for all vserver roots for chroot */
 #define VSERVER_ROOT_BASE       "/vservers"
 
-static int
-_PERROR(const char *format, char *file, int line, int _errno, ...)
-{
-	va_list ap;
-
-	va_start(ap, _errno);
-	fprintf(stderr, "%s:%d: ", file, line);
-	vfprintf(stderr, format, ap);
-	if (_errno)
-		fprintf(stderr, ": %s (%d)", strerror(_errno), _errno);
-	fputs("\n", stderr);
-	fflush(stderr);
-
-	return _errno;
-}
-
-#define PERROR(format, args...) _PERROR(format, __FILE__, __LINE__, errno, ## args)
-
 /* Change to root:root (before entering new context) */
 static int setuidgid_root()
 {
@@ -198,7 +179,7 @@ static int sandbox_chroot(uid_t uid)
 	return 0;
 }
 
-static int sandbox_processes(xid_t xid)
+static int sandbox_processes(xid_t ctx, char *context)
 {
 #ifdef CONFIG_VSERVER_LEGACY
 	int	flags;
@@ -207,7 +188,7 @@ static int sandbox_processes(xid_t xid)
 	flags |= 1; /* VX_INFO_LOCK -- cannot request a new vx_id */
 	/* flags |= 4; VX_INFO_NPROC -- limit number of procs in a context */
 
-	(void) vc_new_s_context(xid, 0, flags);
+	(void) vc_new_s_context(ctx, 0, flags);
 
 	/* use legacy dirty hack for capremove */
 	if (vc_new_s_context(VC_SAMECTX, vc_get_insecurebcaps(), flags) == VC_NOCTX) {
@@ -216,33 +197,36 @@ static int sandbox_processes(xid_t xid)
 		exit(1);
 	}
 #else
-	struct vc_ctx_caps caps;
-	struct vc_ctx_flags flags;
-
-	caps.ccaps = ~vc_get_insecureccaps();
-	caps.cmask = ~0ull;
-	caps.bcaps = ~vc_get_insecurebcaps();
-	caps.bmask = ~0ull;
-
-	flags.flagword = VC_VXF_INFO_LOCK;
-	flags.mask = VC_VXF_STATE_SETUP | VC_VXF_INFO_LOCK;
-
-	if ((vc_ctx_create(xid) == VC_NOCTX) && (errno != EEXIST)) {
-		PERROR("vc_ctx_create(%d)", xid);
-		exit(1);
-	}
-
-	if (vc_set_ccaps(xid, &caps) == -1) {
-		PERROR("vc_set_ccaps(%d, 0x%16ullx/0x%16ullx, 0x%16ullx/0x%16ullx)\n",
-		       xid, caps.ccaps, caps.cmask, caps.bcaps, caps.bmask);
-		exit(1);
-	}
-
-	if (vc_set_cflags(xid, &flags) == -1) {
-		PERROR("vc_set_cflags(%d, 0x%16llx/0x%16llx)\n",
-		       xid, flags.flagword, flags.mask);
-		exit(1);
-	}
+	int  ctx_is_new;
+	struct sliver_resources slr;
+	char hostname[HOST_NAME_MAX+1];
+	pl_get_limits(context,&slr);
+
+	if (gethostname(hostname, sizeof hostname) == -1)
+	  {
+	    PERROR("gethostname(...)");
+	    exit(1);
+	  }
+
+	/* check whether the slice has been suspended */
+	if (slr.vs_cpu==0)
+	  {
+	    fprintf(stderr, "*** %s: %s has zero cpu resources and presumably it has been disabled/suspended ***\n", hostname, context);
+	    exit(0);
+	  }
+
+	(void) (sandbox_chroot(ctx));
+
+        if ((ctx_is_new = pl_chcontext(ctx, ~vc_get_insecurebcaps(),&slr)) < 0)
+          {
+            PERROR("pl_chcontext(%u)", ctx);
+            exit(1);
+          }
+	if (ctx_is_new)
+	  {
+	    pl_set_limits(ctx,&slr);
+	    pl_setup_done(ctx);
+	  }
 #endif
 	return 0;
 }
@@ -347,7 +331,6 @@ void slice_enter(char *context)
 	struct passwd pwdd, *pwd = &pwdd, *result;
 	char          *pwdBuffer;
 	long          pwdBuffer_len;
-	unsigned remove_cap;
 	uid_t uid;
 
 	pwdBuffer_len = sysconf(_SC_GETPW_R_SIZE_MAX);
@@ -367,27 +350,18 @@ void slice_enter(char *context)
 		PERROR("getpwnam_r(%s)", context);
 		exit(2);
 	}
-
-	context = (char*)malloc(strlen(pwd->pw_name)+NULLBYTE_SIZE);
-	if (!context) {
-		PERROR("malloc(%d)");
-		exit(2);
-	}
-	strcpy(context,pwd->pw_name);
+	uid = pwd->pw_uid;
 
 	if (setuidgid_root() < 0) { /* For chroot, new_s_context */
 		fprintf(stderr, "vsh: Could not become root, check that SUID flag is set on binary\n");
 		exit(2);
 	}
 
-	uid = pwd->pw_uid;
-
-	if (sandbox_chroot(uid) < 0) {
-		fprintf(stderr, "vsh: Could not chroot\n");
-		exit(2);
-	}
+#ifdef CONFIG_VSERVER_LEGACY
+	(void) (sandbox_chroot(uid));
+#endif
 
-	if (sandbox_processes((xid_t) uid) < 0) {
+	if (sandbox_processes((xid_t) uid, context) < 0) {
 		fprintf(stderr, "vsh: Could not change context to %d\n", uid);
 		exit(2);
 	}