MO-P: CEOI contestants

[eval.git] / isolate / isolate.c

diff --git a/isolate/isolate.c b/isolate/isolate.c
index 2164c9087bc448f6d70a1f8d45a2af1e759288ae..cb33c603ab5e1ca0cd1bd91781b412679c983684 100644 (file)
--- a/isolate/isolate.c
+++ b/isolate/isolate.c
@@ -1,7 +1,7 @@
 /*
  *     A Process Isolator based on Linux Containers
  *
- *     (c) 2012-2014 Martin Mares <mj@ucw.cz>
+ *     (c) 2012-2015 Martin Mares <mj@ucw.cz>
  *     (c) 2012-2014 Bernard Blackham <bernard@blackham.com.au>
  */
 
@@ -32,6 +32,7 @@
 #include <sys/stat.h>
 #include <sys/quota.h>
 #include <sys/vfs.h>
+#include <sys/fsuid.h>
 
 #define NONRET __attribute__((noreturn))
 #define UNUSED __attribute__((unused))
@@ -94,7 +95,11 @@ meta_open(const char *name)
       metafile = stdout;
       return;
     }
+  if (setfsuid(getuid()) < 0)
+    die("Failed to switch FS UID: %m");
   metafile = fopen(name, "w");
+  if (setfsuid(geteuid()) < 0)
+    die("Failed to switch FS UID back: %m");
   if (!metafile)
     die("Failed to open metafile '%s'",name);
 }
@@ -1226,7 +1231,7 @@ setup_rlimits(void)
 #define RLIM(res, val) setup_rlim("RLIMIT_" #res, RLIMIT_##res, val)
 
   if (memory_limit)
-    RLIM(AS, memory_limit * 1024);
+    RLIM(AS, (rlim_t)memory_limit * 1024);
 
   RLIM(STACK, (stack_limit ? (rlim_t)stack_limit * 1024 : RLIM_INFINITY));
   RLIM(NOFILE, 64);