Commit d610ea4c authored by ale's avatar ale
Browse files

Control cgroups creation via 'enable_cgroups' config directive

parent fd035804
......@@ -441,7 +441,7 @@ int sandbox_start(struct sandbox_config *config) {
log_println("out of memory");
goto error;
}
if (resources(config)) {
if (config->enable_cgroups && (resources(config) < 0)) {
err = -1;
goto clear_resources;
}
......@@ -471,7 +471,8 @@ finish_child:;
waitpid(child_pid, &child_status, 0);
err |= WEXITSTATUS(child_status);
clear_resources:
free_resources(config);
if (config->enable_cgroups)
free_resources(config);
free(stack);
goto cleanup;
......
......@@ -15,6 +15,7 @@ struct sandbox_config {
char *argv0;
char **argv;
char *new_root_dir;
int enable_cgroups;
};
int sandbox_config_init(struct sandbox_config *, uid_t, gid_t, int, char *, char **);
......
......@@ -40,6 +40,7 @@ struct config {
int num_docroots;
int min_uid;
int min_gid;
int enable_cgroups;
};
// Convert string to int, with syntax checking.
......@@ -52,6 +53,17 @@ static int s2i(char *s, int *i) {
return 0;
}
static int s2b(char *s, int *i) {
if (!strcmp(s, "yes")
|| !strcmp(s, "y")
|| !strcmp(s, "true")
|| !strcmp(s, "on"))
*i = 1;
else
*i = 0;
return 0;
}
static int config_add_allowed_cmd(struct config *config, char *value) {
return strlist_append(&(config->allowed_cmds), &(config->num_allowed_cmds),
value);
......@@ -157,6 +169,8 @@ static int read_config(const char *path, struct config *config) {
r = config_set_min_uid(config, value);
} else if (!strcmp(key, "min_gid")) {
r = config_set_min_gid(config, value);
} else if (!strcmp(key, "enable_cgroups")) {
r = s2b(value, &(config->enable_cgroups));
} else {
log_printf("Syntax error at %s:%d: unknown directive '%s'", path, lineno,
key);
......@@ -414,6 +428,7 @@ int main(int argc, char **argv) {
real_cmd, (argv + 3)) < 0)
exit(106);
sandbox_config.enable_cgroups = config.enable_cgroups;
if (config.root)
sandbox_config.new_root_dir = config.root;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment