Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Allow some users to use more RAM |
|---|---|
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
1738f536ee2de0dc36895e3712fda052 |
| User & Date: | rkeene 2021-07-28 14:30:49.980 |
Context
|
2024-10-14
| ||
| 14:06 | Upgrade to latest version of Fossil check-in: 897ed7c4b4 user: rkeene tags: trunk | |
|
2021-07-28
| ||
| 14:30 | Allow some users to use more RAM check-in: 1738f536ee user: rkeene tags: trunk | |
|
2020-09-03
| ||
| 13:26 | Add patch to fix browser semantics check-in: 708ffba4da user: rkeene tags: trunk | |
Changes
Changes to scripts/fossil-as-user/secure-wrap.c.
| ︙ | ︙ | |||
48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
int main(int argc, char **argv) {
const char *directory, *program;
char *id_string;
unsigned long id;
struct rlimit limit;
unsigned int tmp_fd;
if (argc < 4) {
fprintf(stderr, "usage: secure-wrap <id> <directory> <program> [<args>...]\n");
return(2);
}
| > | 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
int main(int argc, char **argv) {
const char *directory, *program;
char *id_string;
unsigned long id;
struct rlimit limit;
unsigned int tmp_fd;
int unconstrained_user = 0;
if (argc < 4) {
fprintf(stderr, "usage: secure-wrap <id> <directory> <program> [<args>...]\n");
return(2);
}
|
| ︙ | ︙ | |||
73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
directory = argv[1];
argc--;
argv++;
program = argv[1];
argc--;
argv++;
/*
* chroot
*/
check(chdir(directory));
check(chroot(directory));
check(chdir("/"));
| > > > > > > > | 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 |
directory = argv[1];
argc--;
argv++;
program = argv[1];
argc--;
argv++;
/*
* Determine if the user should be constrained
*/
if (getenv("SUID_FOSSIL_UNCONSTRAINED") != NULL) {
unconstrained_user = 1;
}
/*
* chroot
*/
check(chdir(directory));
check(chroot(directory));
check(chdir("/"));
|
| ︙ | ︙ | |||
138 139 140 141 142 143 144 | check(setrlimit(RLIMIT_CPU, &limit)); /** ** Allow a reasonable amount of RAM **/ /*** | | > > > > | | > | 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 |
check(setrlimit(RLIMIT_CPU, &limit));
/**
** Allow a reasonable amount of RAM
**/
/***
*** 512MiB of available memory (unless unconstrained user)
***/
if (unconstrained_user) {
limit.rlim_cur = 1024 * 1024 * 1024 * 4LU;
limit.rlim_max = 1024 * 1024 * 1024 * 4LU;
} else {
limit.rlim_cur = 1024 * 1024 * 512LU;
limit.rlim_max = 1024 * 1024 * 512LU;
}
check(setrlimit(RLIMIT_DATA, &limit));
check(setrlimit(RLIMIT_RSS, &limit));
/***
*** 16MiB of stack space
***/
limit.rlim_cur = 1024 * 1024 * 16LU;
|
| ︙ | ︙ |