Untitled

#define _GNU_SOURCE

#include <sys/syscall.h>
#include <unistd.h>
#include <errno.h>
#include <sched.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdio.h>
#include <sys/prctl.h>
#include <sys/resource.h>
#include <sys/time.h>
#include <sys/wait.h>

__attribute__((noreturn)) static void doexit(int status)
{
	volatile unsigned i;
	syscall(__NR_exit_group, status);
	for (i = 0;; i++) {
	}
}
#define NORETURN __attribute__((noreturn))

#include <stdint.h>
#include <string.h>

static void loop();

static void sandbox_common()
{
	prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
	setpgrp();
	setsid();

	struct rlimit rlim;
	rlim.rlim_cur = rlim.rlim_max = 128 << 20;
	setrlimit(RLIMIT_AS, &rlim);
	rlim.rlim_cur = rlim.rlim_max = 8 << 20;
	setrlimit(RLIMIT_MEMLOCK, &rlim);
	rlim.rlim_cur = rlim.rlim_max = 1 << 20;
	setrlimit(RLIMIT_FSIZE, &rlim);
	rlim.rlim_cur = rlim.rlim_max = 1 << 20;
	setrlimit(RLIMIT_STACK, &rlim);
	rlim.rlim_cur = rlim.rlim_max = 0;
	setrlimit(RLIMIT_CORE, &rlim);

	unshare(CLONE_NEWNS);
	unshare(CLONE_NEWIPC);
	unshare(CLONE_IO);
}

static int do_sandbox_none(int executor_pid, bool enable_tun)
{
	int pid = fork();
	if (pid)
		return pid;

	sandbox_common();

	loop();
	doexit(1);
}

#ifndef __NR_bpf
#define __NR_bpf 321
#endif

long r[9];
void loop()
{
	memset(r, -1, sizeof(r));
	r[0] = syscall(__NR_mmap, 0x20000000ul, 0xa34000ul, 0x3ul, 0x32ul, 0xfffffffffffffffful, 0x0ul);
*(uint32_t*)0x20038000 = (uint32_t)0xe;
*(uint32_t*)0x20038004 = (uint32_t)0x4;
*(uint32_t*)0x20038008 = (uint32_t)0x4;
*(uint32_t*)0x2003800c = (uint32_t)0x80009;
*(uint32_t*)0x20038010 = (uint32_t)0x0;
*(uint32_t*)0x20038014 = (uint32_t)0x0;
*(uint32_t*)0x20038018 = (uint32_t)0x0;
	r[8] = syscall(__NR_bpf, 0x0ul, 0x20038000ul, 0x1cul);
}

int main()
{
	int pid = do_sandbox_none(0, false);
	int status = 0;
	while (waitpid(pid, &status, __WALL) != pid) {}
	return 0;
}