Initial commit

.gitignore

@@ -0,0 +1 @@
+CMakeLists.txt.user

.gitmodules

@@ -0,0 +1,6 @@
+[submodule "qipc"]
+	path = qipc
+	url = https://gitlab.com/niansa/quickipc.git
+[submodule "dlhandlepp"]
+	path = dlhandlepp
+	url = https://gitlab.com/niansa/dlhandlepp

CMakeLists.txt

@@ -0,0 +1,16 @@
+cmake_minimum_required(VERSION 3.5)
+
+project(libhss LANGUAGES CXX)
+
+set(CMAKE_CXX_STANDARD 17)
+set(CMAKE_CXX_STANDARD_REQUIRED ON)
+
+add_executable(HSSChildLauncher child_launcher.cpp)
+target_link_libraries(HSSChildLauncher PRIVATE seccomp dl)
+target_include_directories(HSSChildLauncher PRIVATE qipc/include dlhandlepp)
+
+include(GNUInstallDirs)
+install(TARGETS HSSChildLauncher
+        RUNTIME DESTINATION bin
+)
+install(FILES hss.hpp DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/)

child_launcher.cpp

@@ -0,0 +1,49 @@
+#include <stdexcept>
+
+#include <linux/seccomp.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <seccomp.h>
+
+#include <QIPC/ipc.hpp>
+#include <dlhandle.hpp>
+
+
+void enable_limits() {
+    // rlimit
+    constexpr size_t memLimit = 4 * 1000; // 4 KB
+    rlimit memRLimit{memLimit, memLimit};
+    if (setrlimit(RLIMIT_AS, &memRLimit) < 0) {
+        throw std::runtime_error("Error setting ressource limits");
+    }
+    // Seccomp
+    scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_ERRNO(EOPNOTSUPP));
+    for (const auto sysc : {
+         SCMP_SYS(mmap), SCMP_SYS(mmap2), SCMP_SYS(munmap),
+         SCMP_SYS(write), SCMP_SYS(read), SCMP_SYS(close),
+         SCMP_SYS(exit), SCMP_SYS(exit_group)
+                            }) {
+        seccomp_rule_add(ctx, SCMP_ACT_ALLOW, sysc, 0);
+    }
+    seccomp_rule_add(ctx, SCMP_ACT_KILL, SCMP_SYS(write), 0);
+    if (seccomp_load(ctx) < 0) {
+        throw std::runtime_error("Error setting up seccomp");
+    }
+}
+
+int main(int argc, char **argv) {
+    // Get IPC
+    if (argc != 4) {
+        abort();
+    }
+    QIPC ipc(QIPC::Fds{{std::stoi(argv[1]), std::stoi(argv[2])}});
+    // Launch
+    close(STDIN_FILENO);
+    close(STDOUT_FILENO);
+    close(STDERR_FILENO);
+    Dlhandle dl(argv[3], RTLD_NOW | RTLD_LOCAL);
+    auto entry = dl.get<void*(QIPC&)>("entry");
+    enable_limits();
+    entry(ipc);
+    exit(EXIT_SUCCESS);
+}

example/CMakeLists.txt

@@ -0,0 +1,12 @@
+cmake_minimum_required(VERSION 3.5)
+
+project(hss_examples LANGUAGES CXX)
+
+set(CMAKE_CXX_STANDARD 17)
+set(CMAKE_CXX_STANDARD_REQUIRED ON)
+
+add_executable(HSSTestMain main.cpp)
+target_include_directories(HSSTestMain PRIVATE qipc/include ..)
+
+add_library(HSSTestChild SHARED child.cpp)
+target_include_directories(HSSTestChild PRIVATE qipc/include ..)

example/child.cpp

@@ -0,0 +1,14 @@
+#include <string>
+#include <sys/mman.h>
+#include <QIPC/ipc.hpp>
+
+
+extern "C"
+void entry(QIPC& ipc) {
+    open("lol", 0);
+    ipc.send("Lol");
+    std::string test = "Dynamic ";
+    test += "memory";
+    ipc.send(test.c_str());
+    ipc.send_raw(size_t(1234567890));
+}

example/main.cpp

@@ -0,0 +1,17 @@
+#include <iostream>
+#include <string>
+#include <unistd.h>
+#include <QIPC/ipc.hpp>
+#include <hss.hpp>
+
+
+int main() {
+    QIPC ipc;
+    ipc.create();
+
+    HSS::run(ipc, "./libHSSTestChild.so");
+
+    std::cout << ipc.recv() << std::endl;
+    std::cout << ipc.recv() << std::endl;
+    std::cout << ipc.recv_raw<size_t>() << std::endl;
+}

hss.hpp

@@ -0,0 +1,18 @@
+#include <string>
+#include <unistd.h>
+#include <QIPC/ipc.hpp>
+
+
+
+namespace HSS {
+inline void run(QIPC& ipc, const std::string& file) {
+    if (fork() == 0) {
+        execlp("HSSChildLauncher", "child",
+               std::to_string(ipc.get_fds().get_in()).c_str(),
+               std::to_string(ipc.get_fds().get_out()).c_str(),
+               file.c_str(),
+               nullptr);
+        throw std::runtime_error("Failed to run HSSChildLauncher");
+    }
+}
+}