set RLIMIT_NPROC = 0 on bsd/os X systems.

This BSD-specific limit prevents child process creation.
This commit is contained in:
Robert Muir 2015-11-26 02:58:53 -05:00
parent 609d9db470
commit 2341330aba
2 changed files with 34 additions and 1 deletions

View File

@ -66,6 +66,7 @@ final class JNACLibrary {
}
static native int getrlimit(int resource, Rlimit rlimit);
static native int setrlimit(int resource, Rlimit rlimit);
static native String strerror(int errno);

View File

@ -47,7 +47,7 @@ import java.util.Map;
* Installs a limited form of secure computing mode,
* to filters system calls to block process execution.
* <p>
* This is only supported on the Linux, Solaris, and Mac OS X operating systems.
* This is only supported on the Linux, Solaris, FreeBSD, OpenBSD, and Mac OS X operating systems.
* <p>
* On Linux it currently supports amd64 and i386 architectures, requires Linux kernel 3.5 or above, and requires
* {@code CONFIG_SECCOMP} and {@code CONFIG_SECCOMP_FILTER} compiled into the kernel.
@ -71,6 +71,8 @@ import java.util.Map;
* <li>{@code PRIV_PROC_EXEC}</li>
* </ul>
* <p>
* On BSD systems, process creation is restricted with {@code setrlimit(RLIMIT_NPROC)}.
* <p>
* On Mac OS X Leopard or above, a custom {@code sandbox(7)} ("Seatbelt") profile is installed that
* denies the following rules:
* <ul>
@ -534,6 +536,31 @@ final class Seccomp {
logger.debug("Solaris priv_set initialization successful");
}
// BSD implementation via setrlimit(2)
// TODO: add OpenBSD to Lucene Constants
// TODO: JNA doesn't have netbsd support, but this mechanism should work there too.
static final boolean OPENBSD = Constants.OS_NAME.startsWith("OpenBSD");
// not a standard limit, means something different on linux, etc!
static final int RLIMIT_NPROC = 7;
static void bsdImpl() {
boolean supported = Constants.FREE_BSD || OPENBSD || Constants.MAC_OS_X;
if (supported == false) {
throw new IllegalStateException("bug: should not be trying to initialize RLIMIT_NPROC for an unsupported OS");
}
JNACLibrary.Rlimit limit = new JNACLibrary.Rlimit();
limit.rlim_cur.setValue(0);
limit.rlim_max.setValue(0);
if (JNACLibrary.setrlimit(RLIMIT_NPROC, limit) != 0) {
throw new UnsupportedOperationException("RLIMIT_NPROC unavailable: " + JNACLibrary.strerror(Native.getLastError()));
}
logger.debug("BSD RLIMIT_NPROC initialization successful");
}
/**
* Attempt to drop the capability to execute for the process.
* <p>
@ -544,11 +571,16 @@ final class Seccomp {
if (Constants.LINUX) {
return linuxImpl();
} else if (Constants.MAC_OS_X) {
// try to enable both mechanisms if possible
bsdImpl();
macImpl(tmpFile);
return 1;
} else if (Constants.SUN_OS) {
solarisImpl();
return 1;
} else if (Constants.FREE_BSD || OPENBSD) {
bsdImpl();
return 1;
} else {
throw new UnsupportedOperationException("syscall filtering not supported for OS: '" + Constants.OS_NAME + "'");
}