/*
* A Process Isolator based on Linux Containers
*
- * (c) 2012-2014 Martin Mares <mj@ucw.cz>
+ * (c) 2012-2015 Martin Mares <mj@ucw.cz>
* (c) 2012-2014 Bernard Blackham <bernard@blackham.com.au>
*/
#include <sys/stat.h>
#include <sys/quota.h>
#include <sys/vfs.h>
+#include <sys/fsuid.h>
#define NONRET __attribute__((noreturn))
#define UNUSED __attribute__((unused))
metafile = stdout;
return;
}
+ if (setfsuid(getuid()) < 0)
+ die("Failed to switch FS UID: %m");
metafile = fopen(name, "w");
+ if (setfsuid(geteuid()) < 0)
+ die("Failed to switch FS UID back: %m");
if (!metafile)
die("Failed to open metafile '%s'",name);
}
#define RLIM(res, val) setup_rlim("RLIMIT_" #res, RLIMIT_##res, val)
if (memory_limit)
- RLIM(AS, memory_limit * 1024);
+ RLIM(AS, (rlim_t)memory_limit * 1024);
RLIM(STACK, (stack_limit ? (rlim_t)stack_limit * 1024 : RLIM_INFINITY));
RLIM(NOFILE, 64);
char **args = arg;
write_errors_to_fd = error_pipes[1];
close(error_pipes[0]);
+ meta_close();
cg_enter();
setup_root();
case OPT_RUN:
case OPT_CLEANUP:
case OPT_VERSION:
- if (!mode || mode == c)
+ if (!mode || (int) mode == c)
mode = c;
else
usage("Only one command is allowed.\n");