X-Git-Url: http://mj.ucw.cz/gitweb/?a=blobdiff_plain;f=src%2Fbox.c;h=3dc4a199b0930908d38dde0cc4cac6280ae1e00a;hb=3ee2e239596ff6da044bdeeae2e9fdeded48c4a5;hp=2558a3eadea4aff9a4071c7cd2f86318ce45f9fa;hpb=762cd19388d4958967e087226acd8875ab997c68;p=eval.git

diff --git a/src/box.c b/src/box.c
index 2558a3e..3dc4a19 100644
--- a/src/box.c
+++ b/src/box.c
@@ -35,6 +35,8 @@ static int use_wall_clock;
 static int file_access;
 static int verbose;
 static int memory_limit;
+static int allow_times;
+static char *redir_stdin, *redir_stdout;
 
 static pid_t box_pid;
 static int is_ptraced;
@@ -142,7 +144,10 @@ valid_filename(unsigned long addr)
 	  && !strstr(namebuf, ".."))
 	return;
       if (!strcmp(namebuf, "/dev/null") ||
-	  !strcmp(namebuf, "/dev/zero"))
+	  !strcmp(namebuf, "/dev/zero") ||
+	  !strcmp(namebuf, "/proc/meminfo") ||
+	  !strcmp(namebuf, "/proc/self/stat") ||
+	  !strncmp(namebuf, "/usr/share/zoneinfo/", 20))
 	return;
     }
   die("Forbidden access to file `%s'.", namebuf);
@@ -198,10 +203,12 @@ valid_syscall(struct user *u)
     case SYS_ftruncate64:
     case SYS_fstat64:
     case SYS_fcntl:
+    case SYS_fcntl64:
     case SYS_mmap:
     case SYS_munmap:
     case SYS_ioctl:
     case SYS_uname:
+    case 252:
       return 1;
     case SYS_time:
     case SYS_alarm:
@@ -224,6 +231,7 @@ valid_syscall(struct user *u)
     case SYS_mprotect:
     case SYS_sigprocmask:
     case SYS_getdents:
+    case SYS_getdents64:
     case SYS__newselect:
     case SYS_fdatasync:
     case SYS_mremap:
@@ -238,7 +246,10 @@ valid_syscall(struct user *u)
     case SYS_rt_sigqueueinfo:
     case SYS_rt_sigsuspend:
     case SYS_mmap2:
+    case SYS__sysctl:
       return (filter_syscalls == 1);
+    case SYS_times:
+      return allow_times;
     default:
       return 0;
     }
@@ -354,7 +365,7 @@ boxkeeper(void)
 	  timeradd(&rus.ru_utime, &rus.ru_stime, &total);
 	  wall = time(NULL) - start_time;
 	  if ((use_wall_clock ? wall : total.tv_sec) > timeout)
-	    die("Timeout exceeded (after exit).");
+	    die("Time limit exceeded (after exit).");
 	  fprintf(stderr, "OK (%d sec real, %d sec wall, %d syscalls)\n", (int) total.tv_sec, wall, syscall_count);
 	  exit(0);
 	}
@@ -419,6 +430,18 @@ box_inside(int argc, char **argv)
 
   memcpy(args, argv, argc * sizeof(char *));
   args[argc] = NULL;
+  if (redir_stdin)
+    {
+      close(0);
+      if (open(redir_stdin, O_RDONLY) != 0)
+	die("open(\"%s\"): %m", redir_stdin);
+    }
+  if (redir_stdout)
+    {
+      close(1);
+      if (open(redir_stdout, O_WRONLY | O_CREAT | O_TRUNC, 0666) != 1)
+	die("open(\"%s\"): %m", redir_stdout);
+    }
   close(2);
   dup(1);
   setpgrp();
@@ -449,8 +472,11 @@ Options:\n\
 -c <dir>\tChange directory to <dir> first\n\
 -e\t\tPass full environment of parent process\n\
 -f\t\tFilter system calls (-ff=very restricted)\n\
+-i <file>\tRedirect stdin from <file>\n\
 -m <size>\tLimit address space to <size> KB\n\
+-o <file>\tRedirect stdout to <file>\n\
 -t <time>\tStop after <time> seconds\n\
+-T\t\tAllow syscalls for measuring run time\n\
 -v\t\tBe verbose\n\
 -w\t\tMeasure wall clock time instead of run time\n\
 ");
@@ -464,7 +490,7 @@ main(int argc, char **argv)
   uid_t uid;
   char *cwd = NULL;
 
-  while ((c = getopt(argc, argv, "a:c:efm:t:vw")) >= 0)
+  while ((c = getopt(argc, argv, "a:c:efi:m:o:t:Tvw")) >= 0)
     switch (c)
       {
       case 'a':
@@ -479,12 +505,21 @@ main(int argc, char **argv)
       case 'f':
 	filter_syscalls++;
 	break;
+      case 'i':
+	redir_stdin = optarg;
+	break;
       case 'm':
 	memory_limit = atol(optarg);
 	break;
+      case 'o':
+	redir_stdout = optarg;
+	break;
       case 't':
 	timeout = atol(optarg);
 	break;
+      case 'T':
+	allow_times++;
+	break;
       case 'v':
 	verbose++;
 	break;