diff options
author | kuesji koesnu <kuesji@koesnu.com> | 2021-06-08 17:35:36 +0300 |
---|---|---|
committer | kuesji koesnu <kuesji@koesnu.com> | 2021-06-08 20:23:02 +0300 |
commit | c6f5120dfb2c70d07bc653ecd5dd7b88cc945c0c (patch) | |
tree | 0360a9638f3bdb4d713d7fa2b842547110b79aa6 /src | |
parent | reorganizing youtube-viewers (#4128) (diff) | |
download | firejail-c6f5120dfb2c70d07bc653ecd5dd7b88cc945c0c.tar.gz firejail-c6f5120dfb2c70d07bc653ecd5dd7b88cc945c0c.tar.zst firejail-c6f5120dfb2c70d07bc653ecd5dd7b88cc945c0c.zip |
added better parser for size strings
this commit add support to size parsing for k,m,g suffix for numbers and
applies this support to rlimit-as and rlimit-fsize arguments in both for
commandline and profile parsing.
supported suffix:
- k for kilobytes
- m for megabytes
- g for gigabytes
( these values uses 1024 bases instead of 1000 )
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/main.c | 14 | ||||
-rw-r--r-- | src/firejail/profile.c | 14 | ||||
-rw-r--r-- | src/firejail/util.c | 24 | ||||
-rw-r--r-- | src/man/firejail.txt | 2 |
5 files changed, 47 insertions, 8 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 1da70fd54..87a42fc8b 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -486,6 +486,7 @@ int macro_id(const char *name); | |||
486 | 486 | ||
487 | 487 | ||
488 | // util.c | 488 | // util.c |
489 | long long unsigned parse_arg_size(char * str); | ||
489 | void errLogExit(char* fmt, ...) __attribute__((noreturn)); | 490 | void errLogExit(char* fmt, ...) __attribute__((noreturn)); |
490 | void fwarning(char* fmt, ...); | 491 | void fwarning(char* fmt, ...); |
491 | void fmessage(char* fmt, ...); | 492 | void fmessage(char* fmt, ...); |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 31694558d..2dfa19ec2 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1488,8 +1488,11 @@ int main(int argc, char **argv, char **envp) { | |||
1488 | arg_rlimit_nproc = 1; | 1488 | arg_rlimit_nproc = 1; |
1489 | } | 1489 | } |
1490 | else if (strncmp(argv[i], "--rlimit-fsize=", 15) == 0) { | 1490 | else if (strncmp(argv[i], "--rlimit-fsize=", 15) == 0) { |
1491 | check_unsigned(argv[i] + 15, "Error: invalid rlimit"); | 1491 | cfg.rlimit_fsize = parse_arg_size(argv[i] + 15); |
1492 | sscanf(argv[i] + 15, "%llu", &cfg.rlimit_fsize); | 1492 | if ( cfg.rlimit_fsize == 0 ) { |
1493 | perror("Error: given rlimit-size is invalid. use only non-negative numbers and k,m,g suffix for size"); | ||
1494 | exit(1); | ||
1495 | } | ||
1493 | arg_rlimit_fsize = 1; | 1496 | arg_rlimit_fsize = 1; |
1494 | } | 1497 | } |
1495 | else if (strncmp(argv[i], "--rlimit-sigpending=", 20) == 0) { | 1498 | else if (strncmp(argv[i], "--rlimit-sigpending=", 20) == 0) { |
@@ -1498,8 +1501,11 @@ int main(int argc, char **argv, char **envp) { | |||
1498 | arg_rlimit_sigpending = 1; | 1501 | arg_rlimit_sigpending = 1; |
1499 | } | 1502 | } |
1500 | else if (strncmp(argv[i], "--rlimit-as=", 12) == 0) { | 1503 | else if (strncmp(argv[i], "--rlimit-as=", 12) == 0) { |
1501 | check_unsigned(argv[i] + 12, "Error: invalid rlimit"); | 1504 | cfg.rlimit_as = parse_arg_size(argv[i] + 12); |
1502 | sscanf(argv[i] + 12, "%llu", &cfg.rlimit_as); | 1505 | if ( cfg.rlimit_as == 0 ) { |
1506 | perror("Error: given rlimit-as is invalid. use only non-negative numbers and k,m,g suffix for size"); | ||
1507 | exit(1); | ||
1508 | } | ||
1503 | arg_rlimit_as = 1; | 1509 | arg_rlimit_as = 1; |
1504 | } | 1510 | } |
1505 | else if (strncmp(argv[i], "--ipc-namespace", 15) == 0) | 1511 | else if (strncmp(argv[i], "--ipc-namespace", 15) == 0) |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 38e94c074..e7e7bdfc2 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -1492,8 +1492,11 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
1492 | arg_rlimit_nproc = 1; | 1492 | arg_rlimit_nproc = 1; |
1493 | } | 1493 | } |
1494 | else if (strncmp(ptr, "rlimit-fsize ", 13) == 0) { | 1494 | else if (strncmp(ptr, "rlimit-fsize ", 13) == 0) { |
1495 | check_unsigned(ptr + 13, "Error: invalid rlimit in profile file: "); | 1495 | cfg.rlimit_fsize = parse_arg_size(ptr + 13); |
1496 | sscanf(ptr + 13, "%llu", &cfg.rlimit_fsize); | 1496 | if ( cfg.rlimit_fsize == 0 ) { |
1497 | perror("Error: invalid rlimit-fsize in profile file. use only non-negative numbers and k,m,g suffix for size"); | ||
1498 | exit(1); | ||
1499 | } | ||
1497 | arg_rlimit_fsize = 1; | 1500 | arg_rlimit_fsize = 1; |
1498 | } | 1501 | } |
1499 | else if (strncmp(ptr, "rlimit-sigpending ", 18) == 0) { | 1502 | else if (strncmp(ptr, "rlimit-sigpending ", 18) == 0) { |
@@ -1502,8 +1505,11 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
1502 | arg_rlimit_sigpending = 1; | 1505 | arg_rlimit_sigpending = 1; |
1503 | } | 1506 | } |
1504 | else if (strncmp(ptr, "rlimit-as ", 10) == 0) { | 1507 | else if (strncmp(ptr, "rlimit-as ", 10) == 0) { |
1505 | check_unsigned(ptr + 10, "Error: invalid rlimit in profile file: "); | 1508 | cfg.rlimit_as = parse_arg_size(ptr + 10); |
1506 | sscanf(ptr + 10, "%llu", &cfg.rlimit_as); | 1509 | if ( cfg.rlimit_as == 0 ){ |
1510 | perror("Error: invalid rlimit-as size in profile file. use only non-negative numbers and k,m,g suffix for size"); | ||
1511 | exit(1); | ||
1512 | } | ||
1507 | arg_rlimit_as = 1; | 1513 | arg_rlimit_as = 1; |
1508 | } | 1514 | } |
1509 | else { | 1515 | else { |
diff --git a/src/firejail/util.c b/src/firejail/util.c index b15b719b7..05c5f26d8 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -31,6 +31,9 @@ | |||
31 | #include <sys/wait.h> | 31 | #include <sys/wait.h> |
32 | #include <limits.h> | 32 | #include <limits.h> |
33 | 33 | ||
34 | #include <string.h> | ||
35 | #include <ctype.h> | ||
36 | |||
34 | #include <fcntl.h> | 37 | #include <fcntl.h> |
35 | #ifndef O_PATH | 38 | #ifndef O_PATH |
36 | #define O_PATH 010000000 | 39 | #define O_PATH 010000000 |
@@ -46,6 +49,27 @@ | |||
46 | #define EMPTY_STRING ("") | 49 | #define EMPTY_STRING ("") |
47 | 50 | ||
48 | 51 | ||
52 | long long unsigned parse_arg_size (char * str) { | ||
53 | long long unsigned result = 0; | ||
54 | int len = strlen(str); | ||
55 | sscanf(str,"%llu",&result); | ||
56 | |||
57 | char suffix = *(str + len - 1); | ||
58 | if (!isdigit(suffix)) { | ||
59 | if ( suffix == 'k' ) { | ||
60 | result *= 1024; | ||
61 | } else if ( suffix == 'm' ) { | ||
62 | result *= 1024*1024; | ||
63 | } else if ( suffix == 'g' ) { | ||
64 | result *= 1024*1024*1024; | ||
65 | } else { | ||
66 | return 0; | ||
67 | } | ||
68 | } | ||
69 | |||
70 | return result; | ||
71 | } | ||
72 | |||
49 | // send the error to /var/log/auth.log and exit after a small delay | 73 | // send the error to /var/log/auth.log and exit after a small delay |
50 | void errLogExit(char* fmt, ...) { | 74 | void errLogExit(char* fmt, ...) { |
51 | va_list args; | 75 | va_list args; |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index f4a549b05..9308eecf4 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -2129,6 +2129,7 @@ $ firejail --read-only=~/test --read-write=~/test/a | |||
2129 | .TP | 2129 | .TP |
2130 | \fB\-\-rlimit-as=number | 2130 | \fB\-\-rlimit-as=number |
2131 | Set the maximum size of the process's virtual memory (address space) in bytes. | 2131 | Set the maximum size of the process's virtual memory (address space) in bytes. |
2132 | you can use kilobyte(k),megabyte(m) and gigabyte(g) for size suffix. ( they works on base 1024 ) | ||
2132 | 2133 | ||
2133 | .TP | 2134 | .TP |
2134 | \fB\-\-rlimit-cpu=number | 2135 | \fB\-\-rlimit-cpu=number |
@@ -2142,6 +2143,7 @@ track of CPU seconds for each process independently. | |||
2142 | .TP | 2143 | .TP |
2143 | \fB\-\-rlimit-fsize=number | 2144 | \fB\-\-rlimit-fsize=number |
2144 | Set the maximum file size that can be created by a process. | 2145 | Set the maximum file size that can be created by a process. |
2146 | you can use kilobyte(k),megabyte(m) and gigabyte(g) for size suffix. ( they works on base 1024 ) | ||
2145 | .TP | 2147 | .TP |
2146 | \fB\-\-rlimit-nofile=number | 2148 | \fB\-\-rlimit-nofile=number |
2147 | Set the maximum number of files that can be opened by a process. | 2149 | Set the maximum number of files that can be opened by a process. |