From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 31 Mar 2021 16:58:07 +0000 (+0000)
Subject: execute: Create a random cgroup for each process
X-Git-Tag: 0.9.28~1285^2~450
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9e1e798572aa9ae2bcc884acbbd7e0333ad47be7;p=pakfire.git

execute: Create a random cgroup for each process

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/libpakfire/cgroup.c b/src/libpakfire/cgroup.c
index d68f58827..c57e68a58 100644
--- a/src/libpakfire/cgroup.c
+++ b/src/libpakfire/cgroup.c
@@ -25,6 +25,7 @@
 #include <signal.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/random.h>
 #include <sys/types.h>
 #include <sys/vfs.h>
 #include <time.h>
@@ -48,6 +49,33 @@ static const char* cgroup_controllers[] = {
 	NULL,
 };
 
+static char random_character() {
+	static char characters[] =
+		"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+		"abcdefghijklmnopqrstuvwxyz"
+		"0123456789";
+
+	int random;
+
+	int r = getrandom(&random, sizeof(random), GRND_NONBLOCK);
+	if (r != sizeof(random))
+		return -1;
+
+	return characters[random % sizeof(characters)];
+}
+
+int pakfire_cgroup_random_name(char* template) {
+	for (int i = strlen(template) - 1; i > 0 && template[i] == 'X'; i--) {
+		char c = random_character();
+		if (c < 0)
+			return 1;
+
+		template[i] = c;
+	}
+
+	return 0;
+}
+
 /*
 	Returns the name of the parent group
 */
diff --git a/src/libpakfire/execute.c b/src/libpakfire/execute.c
index c2db04aea..75609143b 100644
--- a/src/libpakfire/execute.c
+++ b/src/libpakfire/execute.c
@@ -265,6 +265,7 @@ static int pakfire_execute_fork(void* data) {
 
 	DEBUG(pakfire, "Execution environment has been forked as PID %d\n", getpid());
 	DEBUG(pakfire, "	root	: %s\n", root);
+	DEBUG(pakfire, "    cgroup  : %s\n", env->cgroup);
 
 	for (unsigned int i = 0; env->argv[i]; i++)
 		DEBUG(pakfire, "	argv[%u]	: %s\n", i, env->argv[i]);
@@ -340,11 +341,9 @@ PAKFIRE_EXPORT int pakfire_execute(Pakfire pakfire, const char* argv[], char* en
 		.pakfire = pakfire,
 		.argv = argv,
 		.envp = envp,
+		.cgroup = "pakfire/execute-XXXXXX",
 	};
 
-	// Make cgroup name
-	snprintf(env.cgroup, sizeof(env.cgroup) - 1, "%s", "pakfire/execute-XXXXXX");
-
 	// argv is invalid
 	if (!argv || !argv[0])
 		return -EINVAL;
@@ -387,8 +386,13 @@ PAKFIRE_EXPORT int pakfire_execute(Pakfire pakfire, const char* argv[], char* en
 		}
 	}
 
+	// Make cgroup name
+	int r = pakfire_cgroup_random_name(env.cgroup);
+	if (r)
+		goto ERROR;
+
 	// Create cgroup
-	int r = pakfire_cgroup_create(pakfire, env.cgroup);
+	r = pakfire_cgroup_create(pakfire, env.cgroup);
 	if (r)
 		goto ERROR;
 
diff --git a/src/libpakfire/include/pakfire/cgroup.h b/src/libpakfire/include/pakfire/cgroup.h
index b86150706..3ac6d4418 100644
--- a/src/libpakfire/include/pakfire/cgroup.h
+++ b/src/libpakfire/include/pakfire/cgroup.h
@@ -29,6 +29,8 @@
 
 #include <pakfire/types.h>
 
+int pakfire_cgroup_random_name(char* template);
+
 int pakfire_cgroup_create(Pakfire pakfire, const char* group);
 int pakfire_cgroup_destroy(Pakfire pakfire, const char* group);
 
diff --git a/tests/libpakfire/cgroup.c b/tests/libpakfire/cgroup.c
index 283cc0c68..508614a3e 100644
--- a/tests/libpakfire/cgroup.c
+++ b/tests/libpakfire/cgroup.c
@@ -163,11 +163,25 @@ static int test_cpustat(const struct test* t) {
 	);
 }
 
+static int test_random_name(const struct test* t) {
+	char name1[] = "pakfire/execute-XXXXXX";
+	char name2[] = "pakfire/execute-XXXXXX";
+
+	ASSERT_SUCCESS(pakfire_cgroup_random_name(name1));
+	ASSERT_SUCCESS(pakfire_cgroup_random_name(name2));
+
+	// Make sure we got different results
+	ASSERT_STRING_NOT_EQUALS(name1, name2);
+
+	return EXIT_SUCCESS;
+}
+
 int main(int argc, char** argv) {
 	testsuite_add_test(test_create_and_destroy);
 	testsuite_add_test(test_attach);
 	testsuite_add_test(test_killall);
 	testsuite_add_test(test_cpustat);
+	testsuite_add_test(test_random_name);
 
 	return testsuite_run();
 }
diff --git a/tests/testsuite.h b/tests/testsuite.h
index 2dcb842ae..d6a7b073d 100644
--- a/tests/testsuite.h
+++ b/tests/testsuite.h
@@ -85,6 +85,15 @@ int testsuite_run();
 		} \
 	} while (0)
 
+#define ASSERT_STRING_NOT_EQUALS(value1, value2) \
+	do { \
+		if (strcmp(value1, value2) == 0) { \
+			LOG_ERROR("Failed assertion: " #value1 " (%s) != " #value2 " (%s) %s:%d %s\n", \
+				value1, value2, __FILE__, __LINE__, __PRETTY_FUNCTION__); \
+			return EXIT_FAILURE; \
+		} \
+	} while (0)
+
 #define ASSERT_STRING_STARTSWITH(string, start) \
 	do { \
 		if (strncmp(string, start, strlen(start)) != 0) { \