Isolate has moved to a new home

[eval.git] / isolate / isolate.c

diff --git a/isolate/isolate.c b/isolate/isolate.c
index 2164c9087bc448f6d70a1f8d45a2af1e759288ae..ebc11a64f86d4f9a4121d79da2640bb7d684387c 100644 (file)
--- a/isolate/isolate.c
+++ b/isolate/isolate.c
@@ -1,10 +1,15 @@
 /*
  *     A Process Isolator based on Linux Containers
  *
- *     (c) 2012-2014 Martin Mares <mj@ucw.cz>
+ *     (c) 2012-2015 Martin Mares <mj@ucw.cz>
  *     (c) 2012-2014 Bernard Blackham <bernard@blackham.com.au>
  */
 
+/***********************************************************
+ ** This is not the master version of Isolate any longer. **
+ ** See https://github.com/ioi/isolate for its new home.  **
+ ***********************************************************/
+
 #define _GNU_SOURCE
 
 #include "autoconf.h"
@@ -32,6 +37,7 @@
 #include <sys/stat.h>
 #include <sys/quota.h>
 #include <sys/vfs.h>
+#include <sys/fsuid.h>
 
 #define NONRET __attribute__((noreturn))
 #define UNUSED __attribute__((unused))
@@ -94,7 +100,11 @@ meta_open(const char *name)
       metafile = stdout;
       return;
     }
+  if (setfsuid(getuid()) < 0)
+    die("Failed to switch FS UID: %m");
   metafile = fopen(name, "w");
+  if (setfsuid(geteuid()) < 0)
+    die("Failed to switch FS UID back: %m");
   if (!metafile)
     die("Failed to open metafile '%s'",name);
 }
@@ -1226,7 +1236,7 @@ setup_rlimits(void)
 #define RLIM(res, val) setup_rlim("RLIMIT_" #res, RLIMIT_##res, val)
 
   if (memory_limit)
-    RLIM(AS, memory_limit * 1024);
+    RLIM(AS, (rlim_t)memory_limit * 1024);
 
   RLIM(STACK, (stack_limit ? (rlim_t)stack_limit * 1024 : RLIM_INFINITY));
   RLIM(NOFILE, 64);