Isolate has moved to a new home

[eval.git] / isolate / isolate.c

diff --git a/isolate/isolate.c b/isolate/isolate.c
index 78567ab2dc676e797e856710af08e36ad872ee8f..ebc11a64f86d4f9a4121d79da2640bb7d684387c 100644 (file)
--- a/isolate/isolate.c
+++ b/isolate/isolate.c
@@ -1,10 +1,15 @@
 /*
  *     A Process Isolator based on Linux Containers
  *
- *     (c) 2012-2014 Martin Mares <mj@ucw.cz>
+ *     (c) 2012-2015 Martin Mares <mj@ucw.cz>
  *     (c) 2012-2014 Bernard Blackham <bernard@blackham.com.au>
  */
 
+/***********************************************************
+ ** This is not the master version of Isolate any longer. **
+ ** See https://github.com/ioi/isolate for its new home.  **
+ ***********************************************************/
+
 #define _GNU_SOURCE
 
 #include "autoconf.h"
@@ -32,6 +37,7 @@
 #include <sys/stat.h>
 #include <sys/quota.h>
 #include <sys/vfs.h>
+#include <sys/fsuid.h>
 
 #define NONRET __attribute__((noreturn))
 #define UNUSED __attribute__((unused))
@@ -94,7 +100,11 @@ meta_open(const char *name)
       metafile = stdout;
       return;
     }
+  if (setfsuid(getuid()) < 0)
+    die("Failed to switch FS UID: %m");
   metafile = fopen(name, "w");
+  if (setfsuid(geteuid()) < 0)
+    die("Failed to switch FS UID back: %m");
   if (!metafile)
     die("Failed to open metafile '%s'",name);
 }
@@ -156,9 +166,7 @@ box_exit(int rc)
     }
 
   if (rc < 2 && cleanup_ownership)
-    {
-      chowntree("box", orig_uid, orig_gid);
-    }
+    chowntree("box", orig_uid, orig_gid);
 
   meta_close();
   exit(rc);
@@ -284,6 +292,7 @@ rmtree(char *path)
 
 static uid_t chown_uid;
 static gid_t chown_gid;
+
 static int chowntree_helper(const char *fpath, const struct stat *sb UNUSED,
     int typeflag UNUSED, struct FTW *ftwbuf UNUSED)
 {
@@ -637,14 +646,14 @@ static const struct cg_controller_desc cg_controllers[CG_NUM_CONTROLLERS+1] = {
 
 #define FOREACH_CG_CONTROLLER(_controller) \
   for (cg_controller (_controller) = 0; \
-      (_controller) < CG_NUM_CONTROLLERS; (_controller)++)
+       (_controller) < CG_NUM_CONTROLLERS; (_controller)++)
 
 static const char *cg_controller_name(cg_controller c)
 {
   return cg_controllers[c].name;
 }
 
-static const int cg_controller_optional(cg_controller c)
+static int cg_controller_optional(cg_controller c)
 {
   return cg_controllers[c].optional;
 }
@@ -864,10 +873,12 @@ cg_remove(void)
 
   FOREACH_CG_CONTROLLER(controller)
     {
-      if (cg_controller_optional(controller)) {
-       if (!cg_read(controller, "?tasks", buf))
-         continue;
-      } else
+      if (cg_controller_optional(controller))
+       {
+         if (!cg_read(controller, "?tasks", buf))
+           continue;
+       }
+      else
        cg_read(controller, "tasks", buf);
 
       if (buf[0])
@@ -1225,7 +1236,7 @@ setup_rlimits(void)
 #define RLIM(res, val) setup_rlim("RLIMIT_" #res, RLIMIT_##res, val)
 
   if (memory_limit)
-    RLIM(AS, memory_limit * 1024);
+    RLIM(AS, (rlim_t)memory_limit * 1024);
 
   RLIM(STACK, (stack_limit ? (rlim_t)stack_limit * 1024 : RLIM_INFINITY));
   RLIM(NOFILE, 64);
@@ -1243,6 +1254,7 @@ box_inside(void *arg)
   char **args = arg;
   write_errors_to_fd = error_pipes[1];
   close(error_pipes[0]);
+  meta_close();
 
   cg_enter();
   setup_root();
@@ -1517,7 +1529,7 @@ main(int argc, char **argv)
       case OPT_RUN:
       case OPT_CLEANUP:
       case OPT_VERSION:
-       if (!mode || mode == c)
+       if (!mode || (int) mode == c)
          mode = c;
        else
          usage("Only one command is allowed.\n");