join: add support for rlimit options

author: smitsohu <smitsohu@gmail.com> 2021-09-22 20:12:58 +0200
committer: smitsohu <smitsohu@gmail.com> 2021-09-22 20:12:58 +0200
commit: 921c9cc153174434c6464498274ae0ae9ca51efd (patch)
tree: 88a1df516d51b04432998458c177929113de6720
parent: hardcode PATH for internal use (diff)
download: firejail-921c9cc153174434c6464498274ae0ae9ca51efd.tar.gz
firejail-921c9cc153174434c6464498274ae0ae9ca51efd.tar.zst
firejail-921c9cc153174434c6464498274ae0ae9ca51efd.zip
3 files changed, 46 insertions, 6 deletions
diff --git a/src/firejail/join.c b/src/firejail/join.c
index 99fbfdd0a..a869f6b64 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -551,10 +551,6 @@ void join(pid_t pid, int argc, char **argv, int index) {
                if (cfg.cpus)   // not available for uid 0
                        set_cpu_affinity();
-                // set nice value
-                if (arg_nice)
-                        set_nice(cfg.nice);
                // add x11 display
                if (display) {
                        char *display_str;
@@ -573,6 +569,11 @@ void join(pid_t pid, int argc, char **argv, int index) {
                        dbus_set_system_bus_env();
 #endif
+                // set nice and rlimits
+                if (arg_nice)
+                        set_nice(cfg.nice);
+                set_rlimits();
                start_application(0, shfd, NULL);
                __builtin_unreachable();
diff --git a/test/environment/environment.sh b/test/environment/environment.sh
index 152975c9d..1e1dd549b 100755
--- a/test/environment/environment.sh
+++ b/test/environment/environment.sh
@@ -112,14 +112,17 @@ echo "TESTING: rlimit (test/environment/rlimit.exp)"
 echo "TESTING: rlimit profile (test/environment/rlimit-profile.exp)"
 ./rlimit-profile.exp
+echo "TESTING: rlimit join (test/environment/rlimit-join.exp)"
+./rlimit-join.exp
 echo "TESTING: rlimit errors (test/environment/rlimit-bad.exp)"
 ./rlimit-bad.exp
 echo "TESTING: rlimit errors profile (test/environment/rlimit-bad-profile.exp)"
 ./rlimit-bad-profile.exp
-echo "TESTING: deterministic exit code (test/environment/deterministic-exit-code.exp"
+echo "TESTING: deterministic exit code (test/environment/deterministic-exit-code.exp)"
 ./deterministic-exit-code.exp
-echo "TESTING: retain umask (test/environment/umask.exp"
+echo "TESTING: retain umask (test/environment/umask.exp)"
 (umask 123 && ./umask.exp)
diff --git a/test/environment/rlimit-join.exp b/test/environment/rlimit-join.exp
new file mode 100755
index 000000000..aa8a203c0
--- /dev/null
+++ b/test/environment/rlimit-join.exp
@@ -0,0 +1,36 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2021 Firejail Authors
+# License GPL v2
+set timeout 10
+cd /home
+spawn $env(SHELL)
+match_max 100000
+send --  "firejail --noprofile --name=\"rlimit testing\"\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Child process initialized"
+}
+sleep 1
+spawn $env(SHELL)
+send --  "firejail --rlimit-nofile=1234 --join=\"rlimit testing\"\r"
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        "Switching to pid"
+}
+sleep 1
+send -- "cat /proc/self/limits\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        "Max open files            1234                 1234"
+}
+after 100
+send -- "exit\r"
+after 100
+puts "\nall done\n"
author	smitsohu <smitsohu@gmail.com>	2021-09-22 20:12:58 +0200
committer	smitsohu <smitsohu@gmail.com>	2021-09-22 20:12:58 +0200
commit	921c9cc153174434c6464498274ae0ae9ca51efd (patch)
tree	88a1df516d51b04432998458c177929113de6720
parent	hardcode PATH for internal use (diff)
download	firejail-921c9cc153174434c6464498274ae0ae9ca51efd.tar.gz firejail-921c9cc153174434c6464498274ae0ae9ca51efd.tar.zst firejail-921c9cc153174434c6464498274ae0ae9ca51efd.zip

diff --git a/src/firejail/join.c b/src/firejail/join.c index 99fbfdd0a..a869f6b64 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c
@@ -551,10 +551,6 @@ void join(pid_t pid, int argc, char **argv, int index) {
551	if (cfg.cpus) // not available for uid 0	551	if (cfg.cpus) // not available for uid 0
552	set_cpu_affinity();	552	set_cpu_affinity();
553		553
554	// set nice value
555	if (arg_nice)
556	set_nice(cfg.nice);
557
558	// add x11 display	554	// add x11 display
559	if (display) {	555	if (display) {
560	char *display_str;	556	char *display_str;
@@ -573,6 +569,11 @@ void join(pid_t pid, int argc, char **argv, int index) {
573	dbus_set_system_bus_env();	569	dbus_set_system_bus_env();
574	#endif	570	#endif
575		571
		572	// set nice and rlimits
		573	if (arg_nice)
		574	set_nice(cfg.nice);
		575	set_rlimits();
		576
576	start_application(0, shfd, NULL);	577	start_application(0, shfd, NULL);
577		578
578	__builtin_unreachable();	579	__builtin_unreachable();


diff --git a/test/environment/environment.sh b/test/environment/environment.sh index 152975c9d..1e1dd549b 100755 --- a/test/environment/environment.sh +++ b/test/environment/environment.sh
@@ -112,14 +112,17 @@ echo "TESTING: rlimit (test/environment/rlimit.exp)"
112	echo "TESTING: rlimit profile (test/environment/rlimit-profile.exp)"	112	echo "TESTING: rlimit profile (test/environment/rlimit-profile.exp)"
113	./rlimit-profile.exp	113	./rlimit-profile.exp
114		114
		115	echo "TESTING: rlimit join (test/environment/rlimit-join.exp)"
		116	./rlimit-join.exp
		117
115	echo "TESTING: rlimit errors (test/environment/rlimit-bad.exp)"	118	echo "TESTING: rlimit errors (test/environment/rlimit-bad.exp)"
116	./rlimit-bad.exp	119	./rlimit-bad.exp
117		120
118	echo "TESTING: rlimit errors profile (test/environment/rlimit-bad-profile.exp)"	121	echo "TESTING: rlimit errors profile (test/environment/rlimit-bad-profile.exp)"
119	./rlimit-bad-profile.exp	122	./rlimit-bad-profile.exp
120		123
121	echo "TESTING: deterministic exit code (test/environment/deterministic-exit-code.exp"	124	echo "TESTING: deterministic exit code (test/environment/deterministic-exit-code.exp)"
122	./deterministic-exit-code.exp	125	./deterministic-exit-code.exp
123		126
124	echo "TESTING: retain umask (test/environment/umask.exp"	127	echo "TESTING: retain umask (test/environment/umask.exp)"
125	(umask 123 && ./umask.exp)	128	(umask 123 && ./umask.exp)


diff --git a/test/environment/rlimit-join.exp b/test/environment/rlimit-join.exp new file mode 100755 index 000000000..aa8a203c0 --- /dev/null +++ b/test/environment/rlimit-join.exp
@@ -0,0 +1,36 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2021 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	cd /home
		8	spawn $env(SHELL)
		9	match_max 100000
		10
		11	send -- "firejail --noprofile --name=\"rlimit testing\"\r"
		12	expect {
		13	timeout {puts "TESTING ERROR 0\n";exit}
		14	"Child process initialized"
		15	}
		16	sleep 1
		17
		18	spawn $env(SHELL)
		19	send -- "firejail --rlimit-nofile=1234 --join=\"rlimit testing\"\r"
		20	expect {
		21	timeout {puts "TESTING ERROR 1\n";exit}
		22	"Switching to pid"
		23	}
		24	sleep 1
		25
		26	send -- "cat /proc/self/limits\r"
		27	expect {
		28	timeout {puts "TESTING ERROR 2\n";exit}
		29	"Max open files 1234 1234"
		30	}
		31	after 100
		32
		33	send -- "exit\r"
		34	after 100
		35
		36	puts "\nall done\n"