work

Author: MikailBag

Cargo.toml

@@ -21,7 +21,7 @@ serde_json = "1.0.51"
 
 [target.'cfg(target_os="windows")'.dependencies]
 winapi = { version = "0.3.9", features = ["std", "processthreadsapi", "jobapi2", "errhandlingapi",
- "namedpipeapi", "fileapi", "synchapi", "winnt"] }
+ "namedpipeapi", "fileapi", "synchapi", "winnt", "userenv", "handleapi"] }
 
 [workspace]
 members = ["minion-ffi", ".", "minion-tests", "minion-cli"]

src/lib.rs

@@ -28,8 +28,8 @@ use std::{
     error::Error as StdError,
     fmt::Debug,
     io::{Read, Write},
-    time::Duration,
     sync::Arc,
+    time::Duration,
 };
 
 /// This functions checks for system configurations issues.

src/linux/jail_common.rs

@@ -22,7 +22,6 @@ pub(crate) struct JailOptions {
     pub(crate) allow_mount_ns_failure: bool,
 }
 
-
 #[derive(Serialize, Deserialize, Clone, Debug)]
 pub(crate) struct JobQuery {
     pub(crate) image_path: PathBuf,

src/linux/sandbox.rs

@@ -50,7 +50,6 @@ impl SandboxState {
     }
 }
 
-
 #[repr(C)]
 pub struct LinuxSandbox {
     id: String,

src/windows.rs

@@ -4,6 +4,7 @@ mod child;
 pub mod error;
 mod pipe;
 mod sandbox;
+mod spawn;
 
 pub use error::Error;
 pub use pipe::{ReadPipe, WritePipe};
@@ -27,13 +28,13 @@ impl crate::Backend for WindowsBackend {
     type ChildProcess = child::WindowsChildProcess;
 
     fn new_sandbox(&self, options: crate::SandboxOptions) -> Result<Self::Sandbox, Self::Error> {
-        sandbox::WindowsSandbox::create()
+        let sandbox = sandbox::WindowsSandbox::create(options)?;
+        Ok(sandbox)
     }
 
     fn spawn(
         &self,
         options: crate::ChildProcessOptions<Self::Sandbox>,
     ) -> Result<Self::ChildProcess, Self::Error> {
-        todo!()
     }
 }

src/windows/child.rs

@@ -14,6 +14,9 @@ pub struct WindowsChildProcess {
     /// Handle to winapi Process object
     child: HANDLE,
 
+    /// Handle to main process of child
+    main_thread: HANDLE,
+
     /// Contains exit code or STILL_ACTIVE otherwise
     exit_code: AtomicU32,
 

src/windows/sandbox.rs

@@ -7,58 +7,77 @@ use crate::{
 };
 
 use winapi::um::{
-    jobapi2::{CreateJobObjectW, QueryInformationJobObject, TerminateJobObject},
+    handleapi::CloseHandle,
+    jobapi2::{
+        AssignProcessToJobObject, CreateJobObjectW, QueryInformationJobObject,
+        SetInformationJobObject, TerminateJobObject,
+    },
     winnt::{
         JobObjectBasicAccountingInformation, JobObjectExtendedLimitInformation,
         JobObjectLimitViolationInformation, HANDLE, JOBOBJECT_BASIC_ACCOUNTING_INFORMATION,
         JOBOBJECT_EXTENDED_LIMIT_INFORMATION, JOBOBJECT_LIMIT_VIOLATION_INFORMATION,
-        JOB_OBJECT_LIMIT_JOB_TIME,
+        JOB_OBJECT_LIMIT_ACTIVE_PROCESS, JOB_OBJECT_LIMIT_JOB_MEMORY, JOB_OBJECT_LIMIT_JOB_TIME,
+        JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE,
     },
 };
 
+/// Responsible for resource isolation & adding & killing
 #[derive(Debug)]
-pub struct WindowsSandbox {
-    job: HANDLE,
-    id: String,
+struct Job {
+    handle: HANDLE,
 }
 
-unsafe impl Send for WindowsSandbox {}
-unsafe impl Sync for WindowsSandbox {}
+unsafe impl Send for Job {}
+unsafe impl Sync for Job {}
 
-impl WindowsSandbox {
-    pub(in crate::windows) fn create() -> Result<Self, Error> {
-        let id = crate::util::gen_jail_id();
-        let name: OsString = format!("minion-sandbox-{}", id).into();
-        let wide_name: Vec<u16> = name.encode_wide().collect();
-        let job = unsafe {
-            Cvt::nonzero(CreateJobObjectW(std::ptr::null_mut(), wide_name.as_ptr()) as i32)? as HANDLE
+impl Job {
+    fn new(jail_id: &str) -> Result<Self, Error> {
+        let name: OsString = format!("minion-sandbox-job-{}", jail_id).into();
+        let name: Vec<u16> = name.encode_wide().collect();
+        let handle = unsafe {
+            Cvt::nonzero(CreateJobObjectW(std::ptr::null_mut(), name.as_ptr()) as i32)? as HANDLE
         };
-        Ok(Self { job, id })
+        Ok(Self { handle })
     }
-}
-
-impl crate::Sandbox for WindowsSandbox {
-    type Error = Error;
-
-    fn id(&self) -> &str {
-        todo!()
-    }
-
-    fn kill(&self) -> Result<(), Self::Error> {
+    fn enable_resource_limits(&mut self, options: &crate::SandboxOptions) -> Result<(), Error> {
+        let mut info: JOBOBJECT_EXTENDED_LIMIT_INFORMATION = unsafe { std::mem::zeroed() };
+        info.JobMemoryLimit = options.memory_limit as usize;
+        info.BasicLimitInformation.ActiveProcessLimit = options.max_alive_process_count;
+        unsafe {
+            *info
+                .BasicLimitInformation
+                .PerJobUserTimeLimit
+                .QuadPart_mut() = (options.cpu_time_limit.as_nanos() / 100) as i64;
+        };
+        info.BasicLimitInformation.LimitFlags = JOB_OBJECT_LIMIT_JOB_MEMORY
+            | JOB_OBJECT_LIMIT_ACTIVE_PROCESS
+            | JOB_OBJECT_LIMIT_JOB_TIME
+            // let's make sure sandbox will die if we panic / abort
+            | JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE;
         unsafe {
-            Cvt::nonzero(TerminateJobObject(self.job, 0xDEADBEEF))?;
+            Cvt::nonzero(SetInformationJobObject(
+                self.handle,
+                JobObjectExtendedLimitInformation,
+                (&mut info as *mut JOBOBJECT_EXTENDED_LIMIT_INFORMATION).cast(),
+                sizeof::<JOBOBJECT_EXTENDED_LIMIT_INFORMATION>(),
+            ))?;
         }
         Ok(())
     }
-
-    fn resource_usage(&self) -> Result<ResourceUsageData, Self::Error> {
+    fn kill(&self) -> Result<(), Error> {
+        unsafe { Cvt::nonzero(TerminateJobObject(self.handle, 0xDEADBEEF)).map(|_| ()) }
+    }
+    fn add_process(&self, process_handle: HANDLE) -> Result<(), Error> {
+        unsafe { Cvt::nonzero(AssignProcessToJobObject(self.handle, process_handle)).map(|_| ()) }
+    }
+    fn resource_usage(&self) -> Result<crate::ResourceUsageData, Error> {
         let cpu = unsafe {
             let mut info: JOBOBJECT_BASIC_ACCOUNTING_INFORMATION = std::mem::zeroed();
             Cvt::nonzero(QueryInformationJobObject(
-                self.job,
+                self.handle,
                 JobObjectBasicAccountingInformation,
                 (&mut info as *mut JOBOBJECT_BASIC_ACCOUNTING_INFORMATION).cast(),
-                std::mem::size_of::<JOBOBJECT_BASIC_ACCOUNTING_INFORMATION>() as u32,
+                sizeof::<JOBOBJECT_BASIC_ACCOUNTING_INFORMATION>(),
                 std::ptr::null_mut(),
             ))?;
 
@@ -69,10 +88,10 @@ impl crate::Sandbox for WindowsSandbox {
         let memory = unsafe {
             let mut info: JOBOBJECT_EXTENDED_LIMIT_INFORMATION = std::mem::zeroed();
             Cvt::nonzero(QueryInformationJobObject(
-                self.job,
+                self.handle,
                 JobObjectExtendedLimitInformation,
                 (&mut info as *mut JOBOBJECT_EXTENDED_LIMIT_INFORMATION).cast(),
-                std::mem::size_of::<JOBOBJECT_EXTENDED_LIMIT_INFORMATION>() as u32,
+                sizeof::<JOBOBJECT_EXTENDED_LIMIT_INFORMATION>(),
                 std::ptr::null_mut(),
             ))?;
             info.PeakJobMemoryUsed as u64
@@ -83,23 +102,76 @@ impl crate::Sandbox for WindowsSandbox {
             memory: Some(memory),
         })
     }
-
-    fn check_cpu_tle(&self) -> Result<bool, Self::Error> {
+    fn check_cpu_tle(&self) -> Result<bool, Error> {
         unsafe {
             let mut info: JOBOBJECT_LIMIT_VIOLATION_INFORMATION = std::mem::zeroed();
             Cvt::nonzero(QueryInformationJobObject(
-                self.job,
+                self.handle,
                 JobObjectLimitViolationInformation,
                 (&mut info as *mut JOBOBJECT_LIMIT_VIOLATION_INFORMATION).cast(),
-                std::mem::size_of::<JOBOBJECT_LIMIT_VIOLATION_INFORMATION>() as u32,
+                sizeof::<JOBOBJECT_LIMIT_VIOLATION_INFORMATION>(),
                 std::ptr::null_mut(),
             ))?;
             let viol = info.ViolationLimitFlags & JOB_OBJECT_LIMIT_JOB_TIME;
             Ok(viol != 0)
         }
     }
 
-    fn check_real_tle(&self) -> Result<bool, Self::Error> {
+    fn check_real_tle(&self) -> Result<bool, Error> {
         todo!()
     }
 }
+
+impl Drop for Job {
+    fn drop(&mut self) {
+        unsafe {
+            CloseHandle(self.handle);
+        }
+    }
+}
+
+#[derive(Debug)]
+pub struct WindowsSandbox {
+    job: Job,
+    id: String,
+}
+
+impl WindowsSandbox {
+    pub(in crate::windows) fn create(options: crate::SandboxOptions) -> Result<Self, Error> {
+        let id = crate::util::gen_jail_id();
+        let mut job = Job::new(&id)?;
+        job.enable_resource_limits(&options)?;
+
+        Ok(Self { job, id })
+    }
+}
+
+impl crate::Sandbox for WindowsSandbox {
+    type Error = Error;
+
+    fn id(&self) -> &str {
+        todo!()
+    }
+
+    fn kill(&self) -> Result<(), Self::Error> {
+        self.job.kill()
+    }
+
+    fn resource_usage(&self) -> Result<ResourceUsageData, Self::Error> {
+        self.job.resource_usage()
+    }
+
+    fn check_cpu_tle(&self) -> Result<bool, Self::Error> {
+        self.job.check_cpu_tle()
+    }
+
+    fn check_real_tle(&self) -> Result<bool, Self::Error> {
+        self.job.check_real_tle()
+    }
+}
+
+fn sizeof<T>() -> u32 {
+    let sz = std::mem::size_of::<T>();
+    assert!(sz <= (u32::max_value() as usize));
+    sz as u32
+}

src/windows/spawn.rs

@@ -0,0 +1,62 @@
+use crate::windows::{
+    child::WindowsChildProcess,
+    pipe::{self, ReadPipe, WritePipe},
+    Cvt, Error, WindowsSandbox,
+};
+use std::mem::size_of;
+use winapi::um::{
+    minwinbase::SECURITY_ATTRIBUTES,
+    processthreadsapi::{
+        CreateProcessW, DeleteProcThreadAttributeList, InitializeProcThreadAttributeList,
+        UpdateProcThreadAttribute,PROC_THREAD_ATTRIBUTE_LIST,
+    },
+    userenv::{CreateAppContainerProfile, DeleteAppContainerProfile},
+    winbase::{STARTF_USESTDHANDLES, STARTUPINFOEXW, CREATE_UNICODE_ENVIRONMENT,EXTENDED_STARTUPINFO_PRESENT},
+    winnt::HANDLE,
+};
+
+pub(in crate::windows) struct Stdio {
+    pub stdin: HANDLE,
+    pub stdout: HANDLE,
+    pub stderr: HANDLE,
+}
+
+pub(in crate::windows) fn spawn(
+    sandbox: &WindowsSandbox,
+    stdio: Stdio,
+) -> Result<WindowsChildProcess, Error> {
+    let mut proc_thread_attr_list_storage: Vec<u64>;
+    let startup_info = unsafe {
+        let mut startup_info: STARTUPINFOEXW = std::mem::zeroed();
+        let mut proc_thread_attr_list_len = 0;
+        Cvt::nonzero(InitializeProcThreadAttributeList(
+            std::ptr::null_mut(),
+            1,
+            0,
+            &mut proc_thread_attr_list_len,
+        ))?;
+        proc_thread_attr_list_storage = Vec::with_capacity((proc_thread_attr_list_len - 1) / 8 + 1);
+        let proc_thread_attr_list: *mut u8 = proc_thread_attr_list_storage.as_mut_ptr().cast();
+        proc_thread_attr_list.write_bytes(0, proc_thread_attr_list_len);
+        startup_info.lpAttributeList = proc_thread_attr_list.cast();
+        Cvt::nonzero(InitializeProcThreadAttributeList(
+            startup_info.lpAttributeList,
+            1,
+            0,
+            &mut proc_thread_attr_list_len,
+        ))?;
+        Cvt::nonzero(UpdateProcThreadAttribute(startup_info.lpAttributeList, 0, PRO, lpValue, cbSize, lpPreviousValue, lpReturnSize))?;
+        
+
+
+        startup_info.StartupInfo.cb = size_of::<STARTUPINFOEXW>() as u32;
+        startup_info.StartupInfo.dwFlags = STARTF_USESTDHANDLES;
+        startup_info.StartupInfo.hStdInput = stdio.stdin;
+        startup_info.StartupInfo.hStdOutput = stdio.stdout;
+        startup_info.StartupInfo.hStdError = stdio.stderr;
+        startup_info
+    };
+    let creation_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
+
+    todo!()
+}