diff options
author | smitsohu <smitsohu@gmail.com> | 2021-09-22 20:12:58 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2021-09-22 20:12:58 +0200 |
commit | 921c9cc153174434c6464498274ae0ae9ca51efd (patch) | |
tree | 88a1df516d51b04432998458c177929113de6720 | |
parent | hardcode PATH for internal use (diff) | |
download | firejail-921c9cc153174434c6464498274ae0ae9ca51efd.tar.gz firejail-921c9cc153174434c6464498274ae0ae9ca51efd.tar.zst firejail-921c9cc153174434c6464498274ae0ae9ca51efd.zip |
join: add support for rlimit options
-rw-r--r-- | src/firejail/join.c | 9 | ||||
-rwxr-xr-x | test/environment/environment.sh | 7 | ||||
-rwxr-xr-x | test/environment/rlimit-join.exp | 36 |
3 files changed, 46 insertions, 6 deletions
diff --git a/src/firejail/join.c b/src/firejail/join.c index 99fbfdd0a..a869f6b64 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -551,10 +551,6 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
551 | if (cfg.cpus) // not available for uid 0 | 551 | if (cfg.cpus) // not available for uid 0 |
552 | set_cpu_affinity(); | 552 | set_cpu_affinity(); |
553 | 553 | ||
554 | // set nice value | ||
555 | if (arg_nice) | ||
556 | set_nice(cfg.nice); | ||
557 | |||
558 | // add x11 display | 554 | // add x11 display |
559 | if (display) { | 555 | if (display) { |
560 | char *display_str; | 556 | char *display_str; |
@@ -573,6 +569,11 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
573 | dbus_set_system_bus_env(); | 569 | dbus_set_system_bus_env(); |
574 | #endif | 570 | #endif |
575 | 571 | ||
572 | // set nice and rlimits | ||
573 | if (arg_nice) | ||
574 | set_nice(cfg.nice); | ||
575 | set_rlimits(); | ||
576 | |||
576 | start_application(0, shfd, NULL); | 577 | start_application(0, shfd, NULL); |
577 | 578 | ||
578 | __builtin_unreachable(); | 579 | __builtin_unreachable(); |
diff --git a/test/environment/environment.sh b/test/environment/environment.sh index 152975c9d..1e1dd549b 100755 --- a/test/environment/environment.sh +++ b/test/environment/environment.sh | |||
@@ -112,14 +112,17 @@ echo "TESTING: rlimit (test/environment/rlimit.exp)" | |||
112 | echo "TESTING: rlimit profile (test/environment/rlimit-profile.exp)" | 112 | echo "TESTING: rlimit profile (test/environment/rlimit-profile.exp)" |
113 | ./rlimit-profile.exp | 113 | ./rlimit-profile.exp |
114 | 114 | ||
115 | echo "TESTING: rlimit join (test/environment/rlimit-join.exp)" | ||
116 | ./rlimit-join.exp | ||
117 | |||
115 | echo "TESTING: rlimit errors (test/environment/rlimit-bad.exp)" | 118 | echo "TESTING: rlimit errors (test/environment/rlimit-bad.exp)" |
116 | ./rlimit-bad.exp | 119 | ./rlimit-bad.exp |
117 | 120 | ||
118 | echo "TESTING: rlimit errors profile (test/environment/rlimit-bad-profile.exp)" | 121 | echo "TESTING: rlimit errors profile (test/environment/rlimit-bad-profile.exp)" |
119 | ./rlimit-bad-profile.exp | 122 | ./rlimit-bad-profile.exp |
120 | 123 | ||
121 | echo "TESTING: deterministic exit code (test/environment/deterministic-exit-code.exp" | 124 | echo "TESTING: deterministic exit code (test/environment/deterministic-exit-code.exp)" |
122 | ./deterministic-exit-code.exp | 125 | ./deterministic-exit-code.exp |
123 | 126 | ||
124 | echo "TESTING: retain umask (test/environment/umask.exp" | 127 | echo "TESTING: retain umask (test/environment/umask.exp)" |
125 | (umask 123 && ./umask.exp) | 128 | (umask 123 && ./umask.exp) |
diff --git a/test/environment/rlimit-join.exp b/test/environment/rlimit-join.exp new file mode 100755 index 000000000..aa8a203c0 --- /dev/null +++ b/test/environment/rlimit-join.exp | |||
@@ -0,0 +1,36 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2021 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | cd /home | ||
8 | spawn $env(SHELL) | ||
9 | match_max 100000 | ||
10 | |||
11 | send -- "firejail --noprofile --name=\"rlimit testing\"\r" | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 0\n";exit} | ||
14 | "Child process initialized" | ||
15 | } | ||
16 | sleep 1 | ||
17 | |||
18 | spawn $env(SHELL) | ||
19 | send -- "firejail --rlimit-nofile=1234 --join=\"rlimit testing\"\r" | ||
20 | expect { | ||
21 | timeout {puts "TESTING ERROR 1\n";exit} | ||
22 | "Switching to pid" | ||
23 | } | ||
24 | sleep 1 | ||
25 | |||
26 | send -- "cat /proc/self/limits\r" | ||
27 | expect { | ||
28 | timeout {puts "TESTING ERROR 2\n";exit} | ||
29 | "Max open files 1234 1234" | ||
30 | } | ||
31 | after 100 | ||
32 | |||
33 | send -- "exit\r" | ||
34 | after 100 | ||
35 | |||
36 | puts "\nall done\n" | ||