Isolate: Add chdir flag. Repurpose --cg shorthand flag.

Using -c is consistent with mo-box.

diff --git a/isolate/isolate.1.txt b/isolate/isolate.1.txt
index b3252de92d3e032a3c39e4b15f41a438f12b526b..f59dadf8e142f53b3add08370591fb3515a3fad2 100644 (file)
--- a/isolate/isolate.1.txt
+++ b/isolate/isolate.1.txt
@@ -92,6 +92,10 @@ OPTIONS
        Redirect standard error output to 'file'. The 'file' has to be accessible
        inside the sandbox.
 
        Redirect standard error output to 'file'. The 'file' has to be accessible
        inside the sandbox.
 

+*-c, --chdir=*'dir'::
+       Change directory to 'dir' before executing the program. This path must be
+       relative to the root of the sandbox.
+

 *-p, --processes*[*=*'max']::
        Permit the program to create up to 'max' processes and/or threads. Please
        keep in mind that time and memory limit do not work with multiple processes
 *-p, --processes*[*=*'max']::
        Permit the program to create up to 'max' processes and/or threads. Please
        keep in mind that time and memory limit do not work with multiple processes


@@ -169,7 +173,7 @@ to constrain programs consisting of multiple processes. Please note
 that this feature needs special system setup described in the REQUIREMENTS
 section.
 
 that this feature needs special system setup described in the REQUIREMENTS
 section.
 

-*-c, --cg*::
+*--cg*::

        Enable use of control groups.
 
 *--cg-mem=*'size'::
        Enable use of control groups.
 
 *--cg-mem=*'size'::

diff --git a/isolate/isolate.c b/isolate/isolate.c
index 16ea06e10a3ebb6c0616790cb3fa982c57bbc842..1131ddbc5c108cb1bdf834cdbcc4fdc996e05de4 100644 (file)
--- a/isolate/isolate.c
+++ b/isolate/isolate.c
@@ -47,6 +47,7 @@ static int block_quota;
 static int inode_quota;
 static int max_processes = 1;
 static char *redir_stdin, *redir_stdout, *redir_stderr;
 static int inode_quota;
 static int max_processes = 1;
 static char *redir_stdin, *redir_stdout, *redir_stderr;

+static char *set_cwd;

 
 static int cg_enable;
 static int cg_memory_limit;
 
 static int cg_enable;
 static int cg_memory_limit;


@@ -1134,6 +1135,9 @@ box_inside(void *arg)
   setup_rlimits();
   char **env = setup_environment();
 
   setup_rlimits();
   char **env = setup_environment();
 

+  if (set_cwd && chdir(set_cwd))
+    die("chdir: %m");
+

   execve(args[0], args, env);
   die("execve(\"%s\"): %m", args[0]);
 }
   execve(args[0], args, env);
   die("execve(\"%s\"): %m", args[0]);
 }


@@ -1287,6 +1291,7 @@ enum opt_code {
   OPT_RUN,
   OPT_CLEANUP,
   OPT_VERSION,
   OPT_RUN,
   OPT_CLEANUP,
   OPT_VERSION,

+  OPT_CG,

   OPT_CG_MEM,
   OPT_CG_TIMING,
 };
   OPT_CG_MEM,
   OPT_CG_TIMING,
 };


@@ -1295,7 +1300,8 @@ static const char short_opts[] = "b:c:d:eE:i:k:m:M:o:p::q:r:t:vw:x:";
 
 static const struct option long_opts[] = {
   { "box-id",          1, NULL, 'b' },
 
 static const struct option long_opts[] = {
   { "box-id",          1, NULL, 'b' },

-  { "cg",              1, NULL, 'c' },
+  { "chdir",           1, NULL, 'c' },
+  { "cg",              0, NULL, OPT_CG },

   { "cg-mem",          1, NULL, OPT_CG_MEM },
   { "cg-timing",       0, NULL, OPT_CG_TIMING },
   { "cleanup",         0, NULL, OPT_CLEANUP },
   { "cg-mem",          1, NULL, OPT_CG_MEM },
   { "cg-timing",       0, NULL, OPT_CG_TIMING },
   { "cleanup",         0, NULL, OPT_CLEANUP },


@@ -1336,6 +1342,9 @@ main(int argc, char **argv)
        box_id = atoi(optarg);
        break;
       case 'c':
        box_id = atoi(optarg);
        break;
       case 'c':

+       set_cwd = optarg;
+       break;
+      case OPT_CG:

        cg_enable = 1;
        break;
       case 'd':
        cg_enable = 1;
        break;
       case 'd':