| blob | 6c405de3d8d6bea717ed407ad65ffa189c677010 |
1 // Copyright 2012 Google Inc.
2 // All rights reserved.
3 //
4 // Redistribution and use in source and binary forms, with or without
5 // modification, are permitted provided that the following conditions are
6 // met:
7 //
8 // * Redistributions of source code must retain the above copyright
9 // notice, this list of conditions and the following disclaimer.
10 // * Redistributions in binary form must reproduce the above copyright
11 // notice, this list of conditions and the following disclaimer in the
12 // documentation and/or other materials provided with the distribution.
13 // * Neither the name of Google Inc. nor the names of its contributors
14 // may be used to endorse or promote products derived from this software
15 // without specific prior written permission.
16 //
17 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
20 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
21 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
22 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
23 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
27 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 #if defined(HAVE_CONFIG_H)
31 #endif
35 #include <sys/resource.h>
36 #include <sys/stat.h>
37 #include <sys/time.h>
38 #include <sys/wait.h>
40 #include <assert.h>
41 #include <err.h>
42 #include <errno.h>
43 #include <fcntl.h>
44 #include <signal.h>
45 #include <stdbool.h>
46 #include <stdio.h>
47 #include <stdlib.h>
48 #include <string.h>
49 #include <unistd.h>
58 /// Path to the temporary work directory to use.
63 /// Whether we got a signal or not.
67 /// Whether the process timed out or not.
71 /// If not -1, PID of the process to forcibly kill when we get a signal.
72 ///
73 /// Must be protected by protect() and unprotect().
77 /// Whether we are holding signals or not.
81 /// Magic exit code to denote an error while preparing the subprocess.
83 /// Magic exit code to denote an error in exec(3) that we do not handle.
85 /// Magic exit code to denote an EACCES error in exec(3).
87 /// Magic exit code to denote an ENOENT error in exec(3).
91 /// Area to save the original SIGHUP handler.
93 /// Area to save the original SIGINT handler.
95 /// Area to save the original SIGTERM handler.
97 /// Area to save the original SIGALRM handler.
99 /// Area to save the original realtime timer.
103 /// Masks or unmasks all the signals programmed by this module.
104 ///
105 /// \param operation One of SIG_BLOCK or SIG_UNBLOCK.
106 static void
108 {
109 sigset_t mask;
115 #if defined(__minix) && !defined(NDEBUG)
120 }
123 /// Masks all signals programmed by this module.
124 static void
126 {
129 }
132 /// Unmasks all signals programmed by this module.
133 static void
135 {
138 }
141 /// Handler for signals that should abort execution.
142 ///
143 /// When called the first time, this handler kills any running subprocess so
144 /// that the cleanup routines can proceed. Calling this a second time aborts
145 /// execution of the program.
146 ///
147 /// \param unused_signo Number of the captured signal.
148 static void
150 {
158 // Ignore.
159 }
163 }
167 // Ignore.
168 }
172 }
174 }
175 }
178 /// Handler for signals that should terminate the active subprocess.
179 ///
180 /// \param unused_signo Number of the captured signal.
181 static void
183 {
190 // Ignore.
191 }
195 }
197 }
200 /// Installs a signal handler.
201 ///
202 /// \param signo Number of the signal to program.
203 /// \param handler Handler for the signal.
204 /// \param [out] old_sa Pointer to the sigaction structure in which to save the
205 /// current signal handler data.
206 static void
209 {
215 #if defined(__minix) && !defined(NDEBUG)
220 }
223 /// Installs a timer.
224 ///
225 /// \param seconds Deadline for the timer.
226 /// \param [out] old_itimerval Pointer to the itimerval structure in which to
227 /// save the current timer data into.
228 static void
230 {
236 #if defined(__minix) && !defined(NDEBUG)
241 }
244 /// Resets the environment of the process to a known state.
245 ///
246 /// \param work_directory Path to the work directory being used.
247 ///
248 /// \return An error if there is a problem configuring the environment
249 /// variables, or OK if successful. Note that if this returns an error, we have
250 /// left the environment in an inconsistent state.
251 static kyua_error_t
253 {
254 kyua_error_t error;
256 // TODO(jmmv): It might be better to do the opposite: just pass a good known
257 // set of variables to the child (aka HOME, PATH, ...). But how do we
258 // determine this minimum set?
268 }
284 }
287 /// Resets all signals to their default handlers.
288 static void
290 {
295 // Don't attempt to reset immutable signals.
297 }
304 }
305 }
308 /// Raises core size limit to its possible maximum.
309 ///
310 /// This is a best-effort operation. There is no guarantee that the operation
311 /// will yield a large-enough limit to generate any possible core file.
312 static void
314 {
315 #if !defined(__minix)
317 {
320 }
325 }
328 /// Cleans up the container process to run a new child.
329 ///
330 /// If there is any error during the setup, the new process is terminated
331 /// with an error code.
332 ///
333 /// \param run_params End-user parameters that describe how to isolate the
334 /// newly-created process.
335 static void
337 {
358 }
364 }
365 }
368 /// Constructs a path to a work directory based on a template.
369 ///
370 /// \param template Template of the work directory to create. Should be a
371 /// basename and must include the XXXXXX placeholder string. The directory
372 /// is created within the temporary directory specified by the TMPDIR
373 /// environment variable or the builtin value in kyua_run_tmpdir.
374 /// \param [out] work_directory Pointer to a dynamically-allocated string
375 /// containing the full path to the work directory. The caller is
376 /// responsible for releasing this string.
377 ///
378 /// \return An error if there is a problem (most likely OOM), or OK otherwise.
379 static kyua_error_t
381 {
388 else
390 }
393 /// Initializes the run_params parameters with default values.
394 ///
395 /// \param [out] run_params The object to initialize.
396 void
398 {
403 }
406 /// Executes a program and exits if there is a problem.
407 ///
408 /// This routine is supposed to be used in conjunction with kyua_run_fork and
409 /// kyua_run_wait so that the various return codes of the exec system call are
410 /// properly propagated to the parent process.
411 ///
412 /// \param program Path to the program to run.
413 /// \param args Arguments to the program.
414 void
416 {
425 }
426 }
429 /// Forks and isolates the child process.
430 ///
431 /// The created subprocess must be waited for with kyua_run_wait().
432 ///
433 /// \param run_params Parameters that describe how to isolate the newly-created
434 /// process.
435 /// \param [out] out_pid The PID of the child in the parent, or 0 in the child.
436 /// The value left here should only be accessed if this function does not
437 /// return an error.
438 ///
439 /// \return An error object if fork(2) fails.
440 kyua_error_t
442 {
464 }
465 }
468 /// Waits for a process started via kyua_run_fork.
469 ///
470 /// \param pid The PID of the child to wait for.
471 /// \param [out] status The exit status of the awaited process.
472 /// \param [out] timed_out Whether the process timed out or not.
473 ///
474 /// \return An error if the process failed due to an problem in kyua_run_exec.
475 /// However, note that the wait for the process itself is expected to have been
476 /// successful.
477 kyua_error_t
479 {
481 #if defined(__minix) && !defined(NDEBUG)
507 // Fall-through.
508 }
509 }
513 }
516 /// Creates a temporary directory for use by a subprocess.
517 ///
518 /// The temporary directory must be deleted with kyua_run_work_directory_leave.
519 ///
520 /// \param template Template of the work directory to create. Should be a
521 /// basename and must include the XXXXXX placeholder string. The directory
522 /// is created within the temporary directory specified by the TMPDIR
523 /// environment variable or the builtin value.
524 /// \param uid User to set the owner of the directory to.
525 /// \param gid Group to set the owner of the directory to.
526 /// \param [out] out_work_directory Updated with a pointer to a dynamic string
527 /// holding the path to the created work directory. This must be passed as
528 /// is to kyua_run_work_directory_leave, which takes care of freeing the
529 /// memory.
530 ///
531 /// \return An error code if there is a problem creating the directory.
532 kyua_error_t
535 {
550 work_directory);
552 }
561 }
562 }
568 err_work_directory_file:
570 err_work_directory_variable:
572 err_signals:
576 out:
578 }
581 /// Deletes a temporary directory created by kyua_run_work_directory_enter().
582 ///
583 /// \param [in,out] work_directory The pointer to the work_directory string as
584 /// originally returned by kyua_run_work_directory_leave(). This is
585 /// explicitly invalidated by this function to clearly denote that this
586 /// performs the memory releasing.
587 ///
588 /// \return An error code if the cleanup of the directory fails. Note that any
589 /// intermediate errors during the cleanup are sent to stderr.
590 kyua_error_t
592 {
602 // At this point, we have cleaned up the work directory and we could
603 // (should?) re-deliver the signal to ourselves so that we terminated with
604 // the right code. However, we just let this return and allow the caller
605 // code to perform any other cleanups instead.
608 }