tabox 1.3.6

A sandbox to execute a program in an isolated environment and measure its resource usage
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165

use std::sync::atomic::{AtomicBool, Ordering};
use std::sync::Arc;
use std::time::Duration;

use anyhow::{bail, Context};
use nix::sys::signal::{kill, Signal};
use nix::unistd::Pid;

use crate::configuration::SandboxConfiguration;
use crate::result::{ExitStatus, ResourceUsage};
use crate::Result;

// MacOS libc crate seems to have miss this function... so I declare it
extern "C" {
    fn wait4(
        pid: libc::pid_t,
        status: *mut libc::c_int,
        options: libc::c_int,
        rusage: *mut libc::rusage,
    ) -> libc::pid_t;
}

/// Setup the resource limits
pub fn setup_resource_limits(config: &SandboxConfiguration) -> Result<()> {
    // macOS does not support RLIMIT_AS (https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man2/setrlimit.2.html)
    #[cfg(not(target_os = "macos"))]
    {
        if let Some(memory_limit) = config.memory_limit {
            set_resource_limit(libc::RLIMIT_AS, memory_limit).context("Failed to set RLIMIT_AS")?;
        }
    }

    if let Some(stack_limit) = config.stack_limit {
        set_resource_limit(libc::RLIMIT_STACK, stack_limit)
            .context("Failed to set RLIMIT_STACK")?;
    } else {
        set_resource_limit(libc::RLIMIT_STACK, libc::RLIM_INFINITY)
            .context("Failed to set RLIMIT_STACK")?;
    }

    if let Some(time_limit) = config.time_limit {
        set_resource_limit(libc::RLIMIT_CPU, time_limit).context("Failed to set RLIMIT_CPU")?;
    }

    // No core dumps
    set_resource_limit(libc::RLIMIT_CORE, 0).context("Failed to set RLIMIT_CORE")
}

#[cfg(target_env = "gnu")]
type Resource = u32;

#[cfg(not(target_env = "gnu"))]
type Resource = i32;

/// Utility function to set a resource limit
fn set_resource_limit(resource: Resource, limit: u64) -> Result<()> {
    unsafe {
        let rlim = limit as libc::rlim_t;
        let mut current_limit: libc::rlimit = std::mem::zeroed();

        let code = libc::getrlimit(resource, &mut current_limit);
        if code < 0 {
            panic!("getrlimit() error: {}", code);
        }

        let new_limit = libc::rlimit {
            // avoid increasing over the hard limit. You need to be superuser for that!
            rlim_cur: if rlim < current_limit.rlim_max {
                rlim
            } else {
                current_limit.rlim_max
            },
            rlim_max: if rlim < current_limit.rlim_max {
                rlim
            } else {
                current_limit.rlim_max
            },
        };

        let code = libc::setrlimit(resource, &new_limit);
        if code < 0 {
            bail!("Error calling setrlimit(): {}", strerror());
        } else {
            Ok(())
        }
    }
}

/// Wait for child completion, returning a WaitStatus and ResourceUsage
pub fn wait(pid: libc::pid_t) -> Result<(ExitStatus, ResourceUsage)> {
    let mut status = 0;
    let mut rusage: libc::rusage = unsafe { std::mem::zeroed() };

    if unsafe { wait4(pid, &mut status, 0, &mut rusage) } != pid {
        bail!("Error waiting for child completion: {}", strerror());
    };

    let status = if libc::WIFEXITED(status) {
        ExitStatus::ExitCode(libc::WEXITSTATUS(status))
    } else if libc::WIFSIGNALED(status) {
        ExitStatus::Signal(libc::WTERMSIG(status))
    } else {
        bail!("Child terminated with unknown status");
    };

    let resource_usage = ResourceUsage {
        memory_usage: rusage.ru_maxrss as u64 * 1024,
        user_cpu_time: rusage.ru_utime.tv_usec as f64 / 1_000_000.0 + rusage.ru_utime.tv_sec as f64,
        system_cpu_time: rusage.ru_stime.tv_usec as f64 / 1_000_000.0
            + rusage.ru_stime.tv_sec as f64,
        wall_time_usage: 0.0,
    };

    Ok((status, resource_usage))
}

pub fn start_wall_time_watcher(limit: u64, child_pid: i32, killed: Arc<AtomicBool>) -> Result<()> {
    std::thread::Builder::new()
        .name("Wall time watcher".into())
        .spawn(move || {
            std::thread::sleep(Duration::new(limit, 0));

            // Kill process if it didn't terminate in wall limit
            kill(Pid::from_raw(child_pid), Signal::SIGKILL)
                .expect("Error killing child due to wall limit exceeded");

            killed.store(true, Ordering::SeqCst);
        })
        .context("Failed to spawn Wall time watcher thread")?;
    Ok(())
}

/// Read the error from errno and using `libc::strerror` obtain a string representation of it.
pub fn strerror() -> &'static str {
    nix::errno::Errno::last().desc()
}

#[cfg(unix)]
mod unix {
    use std::os::raw::c_char;

    extern "C" {
        /// http://man7.org/linux/man-pages/man3/strsignal.3.html
        pub fn strsignal(signal: i32) -> *mut c_char;
    }
}

/// Returns a string with the text representation of the signal, `None` if it's not available.
pub fn strsignal(signal: i32) -> Option<String> {
    #[cfg(unix)]
    {
        unsafe {
            let cstr = std::ffi::CStr::from_ptr(unix::strsignal(signal));
            if cstr.is_empty() {
                None
            } else {
                Some(cstr.to_string_lossy().to_string())
            }
        }
    }
    #[cfg(not(unix))]
    {
        None
    }
}