io_jail: Add minijail_rlimit

The virtio-fs server opens a lot of fds and needs to have it's open file limit increased. BUG=b:136128319 TEST=run pjdfstests Change-Id: I9ccc9e0753f990788c9cef2540b3a1aab5f5d15d Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1890583 Tested-by: Chirantan Ekbote <chirantan@chromium.org> Commit-Queue: Chirantan Ekbote <chirantan@chromium.org> Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Reviewed-by: Stephen Barber <smbarber@chromium.org>
2025-02-05 18:20:34 +00:00 · 2019-10-30 12:57:25 +09:00 · 2019-10-30 12:57:25 +09:00 · 3f8599aea9
commit 3f8599aea9
parent 383b3b520a
2 changed files with 18 additions and 1 deletions
--- a/io_jail/src/lib.rs
+++ b/io_jail/src/lib.rs
@ -54,6 +54,8 @@ pub enum Error {
    OpenDevNull(io::Error),
    /// Setting the specified alt-syscall table failed with errno. Is the table in the kernel?
    SetAltSyscallTable { errno: i32, name: String },
+    /// Setting the specified rlimit failed with errno.
+    SetRlimit { errno: i32, kind: libc::c_int },
    /// chroot failed with the provided errno.
    SettingChrootDirectory(i32, PathBuf),
    /// pivot_root failed with the provided errno.
@ -125,6 +127,7 @@ impl Display for Error {
                name,
                io::Error::from_raw_os_error(*errno),
            ),
+            SetRlimit { errno, kind } => write!(f, "failed to set rlimit {}: {}", kind, errno),
            SettingChrootDirectory(errno, p) => write!(
                f,
                "failed to set chroot {}: {}",
@ -233,6 +236,19 @@ impl Minijail {
            libminijail::minijail_keep_supplementary_gids(self.jail);
        }
    }
+    pub fn set_rlimit(
+        &mut self,
+        kind: libc::c_int,
+        cur: libc::rlim_t,
+        max: libc::rlim_t,
+    ) -> Result<()> {
+        let errno = unsafe { libminijail::minijail_rlimit(self.jail, kind, cur, max) };
+        if errno == 0 {
+            Ok(())
+        } else {
+            Err(Error::SetRlimit { errno, kind })
+        }
+    }
    pub fn use_seccomp(&mut self) {
        unsafe {
            libminijail::minijail_use_seccomp(self.jail);
--- a/io_jail/src/libminijail.rs
+++ b/io_jail/src/libminijail.rs
@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

-use libc::{gid_t, pid_t, uid_t};
+use libc::{gid_t, pid_t, rlim_t, uid_t};
 use std::os::raw::{c_char, c_int, c_ulong};

 /// Struct minijail is an opaque type inside libminijail.
@ -19,6 +19,7 @@ extern "C" {
    pub fn minijail_keep_supplementary_gids(j: *mut minijail);
    pub fn minijail_change_user(j: *mut minijail, user: *const c_char) -> c_int;
    pub fn minijail_change_group(j: *mut minijail, group: *const c_char) -> c_int;
+    pub fn minijail_rlimit(j: *mut minijail, kind: c_int, cur: rlim_t, max: rlim_t) -> c_int;
    pub fn minijail_use_seccomp(j: *mut minijail);
    pub fn minijail_no_new_privs(j: *mut minijail);
    pub fn minijail_use_seccomp_filter(j: *mut minijail);