chore: rlimits

nixpig · Sep 21, 2024 · 40a0a92 · 40a0a92
1 parent 714daaf
commit 40a0a92
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 1 deletion.
diff --git a/cmd/cmd.go b/cmd/cmd.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"strconv"
 	"strings"
 
 	"github.com/nixpig/brownie/internal/commands"
@@ -156,7 +157,7 @@ func forkCmd(log *zerolog.Logger) *cobra.Command {
 	fork := &cobra.Command{
 		Use:     "fork [flags] CONTAINER_ID INIT_SOCK_ADDR CONTAINER_SOCK_ADDR",
 		Short:   "Fork container process\n\n \033[31m ⚠ FOR INTERNAL USE ONLY - DO NOT RUN DIRECTLY ⚠ \033[0m",
-		Args:    cobra.ExactArgs(3),
+		Args:    cobra.ExactArgs(4),
 		Example: "\n -- FOR INTERNAL USE ONLY --",
 		Hidden:  true,
 		RunE: func(cmd *cobra.Command, args []string) error {
@@ -165,11 +166,17 @@ func forkCmd(log *zerolog.Logger) *cobra.Command {
 			containerID := args[0]
 			initSockAddr := args[1]
 			containerSockAddr := args[2]
+			pid := args[3]
+			ipid, err := strconv.Atoi(pid)
+			if err != nil {
+				return fmt.Errorf("convert pid string to int: %w", err)
+			}
 
 			opts := &commands.ForkOpts{
 				ID:                containerID,
 				InitSockAddr:      initSockAddr,
 				ContainerSockAddr: containerSockAddr,
+				PID:               ipid,
 			}
 
 			return commands.Fork(opts, log)

diff --git a/internal/commands/create.go b/internal/commands/create.go
@@ -9,6 +9,7 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"strconv"
 	"syscall"
 	"time"
 
@@ -113,6 +114,7 @@ func Create(opts *CreateOpts, log *zerolog.Logger) error {
 			opts.ID,
 			initSockAddr,
 			containerSockAddr,
+			strconv.Itoa(state.Pid),
 		}...)
 
 	var cloneFlags uintptr

diff --git a/internal/commands/fork.go b/internal/commands/fork.go
@@ -85,6 +85,7 @@ type ForkOpts struct {
 	ID                string
 	InitSockAddr      string
 	ContainerSockAddr string
+	PID               int
 }
 
 func Fork(opts *ForkOpts, log *zerolog.Logger) error {
@@ -347,6 +348,15 @@ func Fork(opts *ForkOpts, log *zerolog.Logger) error {
 		log.Info().Str("caps", cap.GetProc().String()).Msg("current (after apply)")
 	}
 
+	for _, rl := range spec.Process.Rlimits {
+		if err := syscall.Setrlimit(int(pkg.Rlimits[rl.Type]), &syscall.Rlimit{
+			Cur: rl.Soft,
+			Max: rl.Hard,
+		}); err != nil {
+			log.Error().Err(err).Str("type", rl.Type).Msg("set rlimit")
+		}
+	}
+
 	time.Sleep(time.Second * 1) // give the listener in 'create' time to come up
 	if n, err := initConn.Write([]byte("ready")); n == 0 || err != nil {
 		log.Error().Err(err).Msg("send 'ready' message")

diff --git a/pkg/rlimit.go b/pkg/rlimit.go
@@ -0,0 +1,13 @@
+package pkg
+
+import "syscall"
+
+var Rlimits = map[string]uint{
+	"RLIMIT_AS":     syscall.RLIMIT_AS,
+	"RLIMIT_CORE":   syscall.RLIMIT_CORE,
+	"RLIMIT_CPU":    syscall.RLIMIT_CPU,
+	"RLIMIT_DATA":   syscall.RLIMIT_DATA,
+	"RLIMIT_FSIZE":  syscall.RLIMIT_FSIZE,
+	"RLIMIT_STACK":  syscall.RLIMIT_STACK,
+	"RLIMIT_NOFILE": syscall.RLIMIT_NOFILE,
+}