let a profile control a tasks rlimits

2025-08-31 06:16:03 +00:00 · 2008-04-06 18:55:46 +00:00
parent 34f2c96700
commit ecf6b55baf
5 changed files with 211 additions and 10 deletions
--- a/parser/parser_interface.c
+++ b/parser/parser_interface.c
@@ -40,8 +40,9 @@
 #define _(s) gettext(s)

 #define u8  unsigned char
-#define u16 unsigned short
-#define u32 unsigned int
+#define u16 uint16_t
+#define u32 uint32_t
+#define u64 uint64_t

 #define BUFFERINC 65536
 //#define BUFFERINC 16
@@ -49,9 +50,11 @@
 #if __BYTE_ORDER == __BIG_ENDIAN
 #  define cpu_to_le16(x) ((u16)(bswap_16 ((u16) x)))
 #  define cpu_to_le32(x) ((u32)(bswap_32 ((u32) x)))
+#  define cpu_to_le64(x) ((u64)(bswap_64 ((u64) x)))
 #else
 #  define cpu_to_le16(x) ((u16)(x))
 #  define cpu_to_le32(x) ((u32)(x))
+#  define cpu_to_le64(x) ((u64)(x))
 #endif

 #define SD_CODE_SIZE (sizeof(u8))
@@ -193,6 +196,8 @@ const char *sd_code_names[] = {
 	"SD_STRUCTEND",
 	"SD_LIST",
 	"SD_LISTEND",
+	"SD_ARRAY",
+	"SD_ARRAYEND",
 	"SD_OFFSET"
 };

@@ -307,6 +312,17 @@ inline int sd_write32(sd_serialize *p, u32 b)
 	return 1;
 }

+inline int sd_write64(sd_serialize *p, u64 b)
+{
+	u64 tmp;
+	if (!sd_prepare_write(p, SD_U64, sizeof(b)))
+		return 0;
+	tmp = cpu_to_le64(b);
+	memcpy(p->pos, &tmp, sizeof(tmp));
+	sd_inc(p, sizeof(tmp));
+	return 1;
+}
+
 inline int sd_write_name(sd_serialize *p, char *name)
 {
 	long size = 0;
@@ -489,6 +505,28 @@ int sd_serialize_dfa(sd_serialize *p, void *dfa, size_t size)
 	return 1;
 }

+int sd_serialize_rlimits(sd_serialize *p, struct aa_rlimits *limits)
+{
+	int i;
+	if (!limits->specified)
+		return 1;
+	if (!sd_write_struct(p, "rlimits"))
+		return 0;
+	if (!sd_write32(p, limits->specified))
+		return 0;
+	if (!sd_write_array(p, NULL, RLIM_NLIMITS))
+		return 0;
+	for (i = 0; i < RLIM_NLIMITS; i++) {
+		if (!sd_write64(p, limits->limits[i]))
+			return 0;
+	}
+	if (!sd_write_arrayend(p))
+		return 0;
+	if (!sd_write_structend(p))
+		return 0;
+	return 1;
+}
+
 int count_file_ents(struct cod_entry *list)
 {
 	struct cod_entry *entry;
@@ -571,6 +609,9 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile,
 	if (!sd_write32(p, profile->set_caps & ~profile->deny_caps))
 		return 0;

+	if (!sd_serialize_rlimits(p, &profile->rlimits))
+		return 0;
+
 	if (profile->network_allowed) {
 		int i;
 		if (!sd_write_array(p, "net_allowed_af", AF_MAX))