| blob | 5fda9e7e832595f1c5ad61aac41403369e48c4bb |
1 // Copyright 2012 Google Inc.
2 // All rights reserved.
3 //
4 // Redistribution and use in source and binary forms, with or without
5 // modification, are permitted provided that the following conditions are
6 // met:
7 //
8 // * Redistributions of source code must retain the above copyright
9 // notice, this list of conditions and the following disclaimer.
10 // * Redistributions in binary form must reproduce the above copyright
11 // notice, this list of conditions and the following disclaimer in the
12 // documentation and/or other materials provided with the distribution.
13 // * Neither the name of Google Inc. nor the names of its contributors
14 // may be used to endorse or promote products derived from this software
15 // without specific prior written permission.
16 //
17 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
20 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
21 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
22 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
23 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
27 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 #if defined(HAVE_CONFIG_H)
31 #endif
35 #include <sys/resource.h>
36 #include <sys/stat.h>
37 #include <sys/time.h>
38 #include <sys/wait.h>
40 #include <assert.h>
41 #include <err.h>
42 #include <errno.h>
43 #include <fcntl.h>
44 #include <signal.h>
45 #include <stdbool.h>
46 #include <stdio.h>
47 #include <stdlib.h>
48 #include <string.h>
49 #include <unistd.h>
58 /// Path to the temporary work directory to use.
63 /// Whether we got a signal or not.
67 /// Whether the process timed out or not.
71 /// If not -1, PID of the process to forcibly kill when we get a signal.
72 ///
73 /// Must be protected by protect() and unprotect().
77 /// Whether we are holding signals or not.
81 /// Magic exit code to denote an error while preparing the subprocess.
83 /// Magic exit code to denote an error in exec(3) that we do not handle.
85 /// Magic exit code to denote an EACCES error in exec(3).
87 /// Magic exit code to denote an ENOENT error in exec(3).
91 /// Area to save the original SIGHUP handler.
93 /// Area to save the original SIGINT handler.
95 /// Area to save the original SIGTERM handler.
97 /// Area to save the original SIGALRM handler.
99 /// Area to save the original realtime timer.
103 /// Masks or unmasks all the signals programmed by this module.
104 ///
105 /// \param operation One of SIG_BLOCK or SIG_UNBLOCK.
106 static void
108 {
109 sigset_t mask;
115 #if defined(__minix) && !defined(NDEBUG)
120 }
123 /// Masks all signals programmed by this module.
124 static void
126 {
129 }
132 /// Unmasks all signals programmed by this module.
133 static void
135 {
138 }
141 /// Handler for signals that should abort execution.
142 ///
143 /// When called the first time, this handler kills any running subprocess so
144 /// that the cleanup routines can proceed. Calling this a second time aborts
145 /// execution of the program.
146 ///
147 /// \param unused_signo Number of the captured signal.
148 static void
150 {
158 // Ignore.
159 }
163 }
167 // Ignore.
168 }
172 }
174 }
175 }
178 /// Handler for signals that should terminate the active subprocess.
179 ///
180 /// \param unused_signo Number of the captured signal.
181 static void
183 {
190 // Ignore.
191 }
195 }
197 }
200 /// Installs a signal handler.
201 ///
202 /// \param signo Number of the signal to program.
203 /// \param handler Handler for the signal.
204 /// \param [out] old_sa Pointer to the sigaction structure in which to save the
205 /// current signal handler data.
206 static void
209 {
215 #if defined(__minix) && !defined(NDEBUG)
220 }
223 /// Installs a timer.
224 ///
225 /// \param seconds Deadline for the timer.
226 /// \param [out] old_itimerval Pointer to the itimerval structure in which to
227 /// save the current timer data into.
228 static void
230 {
236 #if defined(__minix) && !defined(NDEBUG)
241 }
244 /// Resets the environment of the process to a known state.
245 ///
246 /// \param work_directory Path to the work directory being used.
247 ///
248 /// \return An error if there is a problem configuring the environment
249 /// variables, or OK if successful. Note that if this returns an error, we have
250 /// left the environment in an inconsistent state.
251 static kyua_error_t
253 {
254 kyua_error_t error;
256 // TODO(jmmv): It might be better to do the opposite: just pass a good known
257 // set of variables to the child (aka HOME, PATH, ...). But how do we
258 // determine this minimum set?
268 }
284 }
287 /// Resets all signals to their default handlers.
288 static void
290 {
295 // Don't attempt to reset immutable signals.
297 }
304 }
305 }
308 /// Raises core size limit to its possible maximum.
309 ///
310 /// This is a best-effort operation. There is no guarantee that the operation
311 /// will yield a large-enough limit to generate any possible core file.
312 static void
314 {
315 #if !defined(__minix)
317 {
320 }
325 }
328 /// Cleans up the container process to run a new child.
329 ///
330 /// If there is any error during the setup, the new process is terminated
331 /// with an error code.
332 ///
333 /// \param run_params End-user parameters that describe how to isolate the
334 /// newly-created process.
335 static void
337 {
338 #if !defined(__minix)
360 }
366 }
367 }
370 /// Constructs a path to a work directory based on a template.
371 ///
372 /// \param template Template of the work directory to create. Should be a
373 /// basename and must include the XXXXXX placeholder string. The directory
374 /// is created within the temporary directory specified by the TMPDIR
375 /// environment variable or the builtin value in kyua_run_tmpdir.
376 /// \param [out] work_directory Pointer to a dynamically-allocated string
377 /// containing the full path to the work directory. The caller is
378 /// responsible for releasing this string.
379 ///
380 /// \return An error if there is a problem (most likely OOM), or OK otherwise.
381 static kyua_error_t
383 {
390 else
392 }
395 /// Initializes the run_params parameters with default values.
396 ///
397 /// \param [out] run_params The object to initialize.
398 void
400 {
405 }
408 /// Executes a program and exits if there is a problem.
409 ///
410 /// This routine is supposed to be used in conjunction with kyua_run_fork and
411 /// kyua_run_wait so that the various return codes of the exec system call are
412 /// properly propagated to the parent process.
413 ///
414 /// \param program Path to the program to run.
415 /// \param args Arguments to the program.
416 void
418 {
427 }
428 }
431 /// Forks and isolates the child process.
432 ///
433 /// The created subprocess must be waited for with kyua_run_wait().
434 ///
435 /// \param run_params Parameters that describe how to isolate the newly-created
436 /// process.
437 /// \param [out] out_pid The PID of the child in the parent, or 0 in the child.
438 /// The value left here should only be accessed if this function does not
439 /// return an error.
440 ///
441 /// \return An error object if fork(2) fails.
442 kyua_error_t
444 {
466 }
467 }
470 /// Waits for a process started via kyua_run_fork.
471 ///
472 /// \param pid The PID of the child to wait for.
473 /// \param [out] status The exit status of the awaited process.
474 /// \param [out] timed_out Whether the process timed out or not.
475 ///
476 /// \return An error if the process failed due to an problem in kyua_run_exec.
477 /// However, note that the wait for the process itself is expected to have been
478 /// successful.
479 kyua_error_t
481 {
483 #if defined(__minix) && !defined(NDEBUG)
509 // Fall-through.
510 }
511 }
515 }
518 /// Creates a temporary directory for use by a subprocess.
519 ///
520 /// The temporary directory must be deleted with kyua_run_work_directory_leave.
521 ///
522 /// \param template Template of the work directory to create. Should be a
523 /// basename and must include the XXXXXX placeholder string. The directory
524 /// is created within the temporary directory specified by the TMPDIR
525 /// environment variable or the builtin value.
526 /// \param uid User to set the owner of the directory to.
527 /// \param gid Group to set the owner of the directory to.
528 /// \param [out] out_work_directory Updated with a pointer to a dynamic string
529 /// holding the path to the created work directory. This must be passed as
530 /// is to kyua_run_work_directory_leave, which takes care of freeing the
531 /// memory.
532 ///
533 /// \return An error code if there is a problem creating the directory.
534 kyua_error_t
537 {
552 work_directory);
554 }
563 }
564 }
570 err_work_directory_file:
572 err_work_directory_variable:
574 err_signals:
578 out:
580 }
583 /// Deletes a temporary directory created by kyua_run_work_directory_enter().
584 ///
585 /// \param [in,out] work_directory The pointer to the work_directory string as
586 /// originally returned by kyua_run_work_directory_leave(). This is
587 /// explicitly invalidated by this function to clearly denote that this
588 /// performs the memory releasing.
589 ///
590 /// \return An error code if the cleanup of the directory fails. Note that any
591 /// intermediate errors during the cleanup are sent to stderr.
592 kyua_error_t
594 {
604 // At this point, we have cleaned up the work directory and we could
605 // (should?) re-deliver the signal to ourselves so that we terminated with
606 // the right code. However, we just let this return and allow the caller
607 // code to perform any other cleanups instead.
610 }