[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 5/6] tools/dm_depriv: Add first cut RLIMITs



George Dunlap writes ("[PATCH v2 5/6] tools/dm_depriv: Add first cut RLIMITs"):
> Limit the ability of a potentially compromised QEMU to consume system
> resources.  Key limits:
...
> +static struct {
> +    int resource;
> +    rlim_t limit;
> +} rlimits[] = {
> +    {
> +        .resource = RLIMIT_FSIZE,
> +        /* Big enough for log files, not big enough for a DoS */
> +        .limit = 256*1024,
> +    },
> +    {
> +        .resource = RLIMIT_NPROC,
> +        .limit = 0
> +    },
> +    {
> +        .resource = RLIMIT_CORE,
> +        .limit = 0
> +    },
> +    {
> +        .resource = RLIMIT_MSGQUEUE,
> +        .limit = 0
> +    },
> +    {
> +        .resource = RLIMIT_LOCKS,
> +        .limit = 0
> +    },
> +    {
> +        .resource = RLIMIT_MEMLOCK,
> +        .limit = 0

This table would be much nicer in table format, with each entry as a
row.  If the entries are too long to wrap then options include:
 * Use an intermediate struct so as to avoid having to use
    named initialisers
 * Introduce a macro to define each table row (I think
    this is better).

> +    /* Set various "easy" rlimits */
> +    for (i=0; rlimits[i].resource != -1; i++) {

It would be more idiomatic to walk a pointer along the array, rather
than writing rlimits[i] all the time.

> +        if (rc < 0) {
> +            char *msg = GCSPRINTF("libxl: Setting rlimit %d to %lld failed 
> with error %d\n",
> +                                  rlimits[i].resource,

If you cared very much about the error handling, you could produce
names rather than numbers for the rlimit values by wrapping the struct
rlimit up in a struct of our own with a `const char *name' field, and
having a macro to generate the table entries.

But it's probably not worth it.

Again, use `r' for syscall returns.  And, again, don't print numerical
errno values.  use LOGE.

...
> +    if [[ "$input" =~ 
> ^$limit_string[[:space:]]*([^[:space:]]+)[[:space:]]*([^[:space:]]+)[[:space:]]*[^[:space:]]+
>  ]] ; then
> +     if [[ "${BASH_REMATCH[1]}" != $tgt ||

Cor.  I think I would have reached for Perl by now.  I guess tastes
differ.

I guess you have tested that this does all pass and fail
appropriately ?


About the output format from this checker script.  As it is, osstest
will have to grow an additional parser to parse this.  I don't mind
that if it's subunit v1 (or some other plsusible standard).

But if it's going to be bespoke it would be much more convenient if
the output was parseable by the same parser as the oiutput from
depriv-fd-checker.

Thanks,
Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.