mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-06-27 14:58:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix bugs and add security features to redbean

Browse source 
- Fix a regression with the previous change that broke redbean
- Add chroot(), resource limit, seccomp, and other stuff to redbean
- Write lots and lots of documentation
- Iron out more system call issues
This commit is contained in:
Justine Tunney 2022-04-18 00:01:26 -07:00
parent f1dfa4bdfa
commit 7166679620
182 changed files with 1855 additions and 918 deletions
Download patch file Download diff file Expand all files Collapse all files

28
test/libc/calls/setrlimit_test.c
View file

@ -22,6 +22,7 @@
#include "libc/calls/sigbits.h"
#include "libc/calls/struct/rlimit.h"
#include "libc/calls/struct/sigaction.h"
#include "libc/dce.h"
#include "libc/errno.h"
#include "libc/fmt/fmt.h"
#include "libc/log/check.h"
@ -114,25 +115,30 @@ TEST(setrlimit, testFileSizeLimit) {
}
int SetKernelEnforcedMemoryLimit(size_t n) {
struct rlimit rlim = {n, n};
if (IsWindows() || IsXnu()) return -1;
return setrlimit(!IsOpenbsd() ? RLIMIT_AS : RLIMIT_DATA, &rlim);
struct rlimit rlim;
getrlimit(RLIMIT_AS, &rlim);
rlim.rlim_cur = n;
return setrlimit(RLIMIT_AS, &rlim);
}
TEST(setrlimit, testMemoryLimit) {
char *p;
bool gotsome;
int i, wstatus;
if (IsAsan()) return; /* b/c we use sys_mmap */
if (IsXnu()) return; /* doesn't work on darwin */
if (IsWindows()) return; /* of course it doesn't work on windows */
if (IsAsan()) return; /* b/c we use sys_mmap */
ASSERT_NE(-1, (wstatus = xspawn(0)));
if (wstatus == -2) {
ASSERT_EQ(0, SetKernelEnforcedMemoryLimit(MEM));
for (i = 0; i < (MEM * 2) / PAGESIZE; ++i) {
p = sys_mmap(0, PAGESIZE, PROT_READ | PROT_WRITE,
MAP_ANONYMOUS | MAP_PRIVATE | MAP_POPULATE, -1, 0)
.addr;
if (p == MAP_FAILED) {
for (gotsome = i = 0; i < (MEM * 2) / PAGESIZE; ++i) {
p = mmap(0, PAGESIZE, PROT_READ | PROT_WRITE,
MAP_ANONYMOUS | MAP_PRIVATE | MAP_POPULATE, -1, 0);
if (p != MAP_FAILED) {
gotsome = true;
} else {
if (!IsNetbsd()) {
// TODO(jart): what's going on with NetBSD?
ASSERT_TRUE(gotsome);
}
ASSERT_EQ(ENOMEM, errno);
_exit(0);
}