X-Git-Url: http://mj.ucw.cz/gitweb/?a=blobdiff_plain;f=box%2Fbox.c;h=892cc53eb9b8bee98fb369f7b4e8810a342375ad;hb=b07a7c4bf08db2928e1845c4e60798f7c9ad8b65;hp=3f6ada1c1c3e49aa6ee58d2b0b977be00381f58b;hpb=8d5dac70e73bee79f8ce65faac1408fbe341489c;p=moe.git

diff --git a/box/box.c b/box/box.c
index 3f6ada1..892cc53 100644
--- a/box/box.c
+++ b/box/box.c
@@ -38,6 +38,7 @@ static int pass_environ;
 static int file_access;
 static int verbose;
 static int memory_limit;
+static int stack_limit;
 static char *redir_stdin, *redir_stdout, *redir_stderr;
 static char *set_cwd;
 
@@ -829,23 +830,27 @@ sample_mem_peak(void)
 static void
 boxkeeper(void)
 {
-  int syscall_count = 0;
+  int syscall_count = (filter_syscalls ? 0 : 1);
   struct sigaction sa;
 
   is_ptraced = 1;
+
   bzero(&sa, sizeof(sa));
   sa.sa_handler = signal_int;
   sigaction(SIGINT, &sa, NULL);
+
   gettimeofday(&start_time, NULL);
   ticks_per_sec = sysconf(_SC_CLK_TCK);
   if (ticks_per_sec <= 0)
     die("Invalid ticks_per_sec!");
+
   if (timeout || wall_timeout)
     {
       sa.sa_handler = signal_alarm;
       sigaction(SIGALRM, &sa, NULL);
       alarm(1);
     }
+
   for(;;)
     {
       struct rusage rus;
@@ -1031,15 +1036,22 @@ box_inside(int argc, char **argv)
   else
     dup2(1, 2);
   setpgrp();
+
   if (memory_limit)
     {
       rl.rlim_cur = rl.rlim_max = memory_limit * 1024;
       if (setrlimit(RLIMIT_AS, &rl) < 0)
-	die("setrlimit: %m");
+	die("setrlimit(RLIMIT_AS): %m");
     }
+
+  rl.rlim_cur = rl.rlim_max = (stack_limit ? (rlim_t)stack_limit * 1024 : RLIM_INFINITY);
+  if (setrlimit(RLIMIT_STACK, &rl) < 0)
+    die("setrlimit(RLIMIT_STACK): %m");
+
   rl.rlim_cur = rl.rlim_max = 64;
   if (setrlimit(RLIMIT_NOFILE, &rl) < 0)
-    die("setrlimit: %m");
+    die("setrlimit(RLIMIT_NOFILE): %m");
+
   char **env = setup_environment();
   if (filter_syscalls)
     {
@@ -1067,6 +1079,7 @@ Options:\n\
 -E <var>=<val>\tSet the environment variable <var> to <val>; unset it if <var> is empty\n\
 -f\t\tFilter system calls (-ff=very restricted)\n\
 -i <file>\tRedirect stdin from <file>\n\
+-k <size>\tLimit stack size to <size> KB (default: 0=unlimited)\n\
 -m <size>\tLimit address space to <size> KB\n\
 -M <file>\tOutput process information to <file> (name:value)\n\
 -o <file>\tRedirect stdout to <file>\n\
@@ -1091,7 +1104,7 @@ main(int argc, char **argv)
   int c;
   uid_t uid;
 
-  while ((c = getopt(argc, argv, "a:c:eE:fi:m:M:o:p:r:s:t:Tvw:x:")) >= 0)
+  while ((c = getopt(argc, argv, "a:c:eE:fi:k:m:M:o:p:r:s:t:Tvw:x:")) >= 0)
     switch (c)
       {
       case 'a':
@@ -1110,6 +1123,9 @@ main(int argc, char **argv)
       case 'f':
 	filter_syscalls++;
 	break;
+      case 'k':
+	stack_limit = atol(optarg);
+	break;
       case 'i':
 	redir_stdin = optarg;
 	break;