mirror of
https://gitlab.com/niansa/libhss.git
synced 2025-03-06 20:49:21 +01:00
49 lines
1.3 KiB
C++
49 lines
1.3 KiB
C++
#include <stdexcept>
|
|
|
|
#include <linux/seccomp.h>
|
|
#include <sys/time.h>
|
|
#include <sys/resource.h>
|
|
#include <seccomp.h>
|
|
|
|
#include <QIPC/ipc.hpp>
|
|
#include <dlhandle.hpp>
|
|
|
|
|
|
void enable_limits() {
|
|
// rlimit
|
|
constexpr size_t memLimit = 4 * 1000; // 4 KB
|
|
rlimit memRLimit{memLimit, memLimit};
|
|
if (setrlimit(RLIMIT_AS, &memRLimit) < 0) {
|
|
throw std::runtime_error("Error setting ressource limits");
|
|
}
|
|
// Seccomp
|
|
scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_ERRNO(EOPNOTSUPP));
|
|
for (const auto sysc : {
|
|
SCMP_SYS(mmap), SCMP_SYS(mmap2), SCMP_SYS(munmap),
|
|
SCMP_SYS(write), SCMP_SYS(read), SCMP_SYS(close),
|
|
SCMP_SYS(exit), SCMP_SYS(exit_group)
|
|
}) {
|
|
seccomp_rule_add(ctx, SCMP_ACT_ALLOW, sysc, 0);
|
|
}
|
|
seccomp_rule_add(ctx, SCMP_ACT_KILL, SCMP_SYS(write), 0);
|
|
if (seccomp_load(ctx) < 0) {
|
|
throw std::runtime_error("Error setting up seccomp");
|
|
}
|
|
}
|
|
|
|
int main(int argc, char **argv) {
|
|
// Get IPC
|
|
if (argc != 4) {
|
|
abort();
|
|
}
|
|
QIPC ipc(QIPC::Fds{{std::stoi(argv[1]), std::stoi(argv[2])}});
|
|
// Launch
|
|
close(STDIN_FILENO);
|
|
close(STDOUT_FILENO);
|
|
close(STDERR_FILENO);
|
|
Dlhandle dl(argv[3], RTLD_NOW | RTLD_LOCAL);
|
|
auto entry = dl.get<void*(QIPC&)>("entry");
|
|
enable_limits();
|
|
entry(ipc);
|
|
exit(EXIT_SUCCESS);
|
|
}
|