privsep: Apply resource limits to OpenBSD as well where we can

After all, pledge or capsicum could have bugs.
author: Roy Marples <roy@marples.name> 2020-06-10 05:46:19 +0100
committer: Roy Marples <roy@marples.name> 2020-06-10 05:46:19 +0100
commit: 00b5fa3b54899271376ed89b785aec32b9f97e98 (patch)
tree: ad89b74e571c5b7abb2d62454466f59488d3cf29 /src/privsep.c
parent: 8e529ad867c62275ef60c7148ec0592544f26ce2 (diff)
download: dhcpcd-00b5fa3b54899271376ed89b785aec32b9f97e98.tar.xz
1 files changed, 2 insertions, 6 deletions
diff --git a/src/privsep.c b/src/privsep.c
index c18968e8..a29c1da6 100644
--- a/src/privsep.c
+++ b/src/privsep.c
@@ -129,14 +129,11 @@ ps_dropprivs(struct dhcpcd_ctx *ctx)
 		return -1;
 	}
 
-#if defined(HAVE_PLEDGE)
-	/* Pledge does not seem to work well with resource limits. */
-#else
 	struct rlimit rzero = { .rlim_cur = 0, .rlim_max = 0 };
 
 	if (ctx->ps_control_pid != getpid()) {
 		/* Prohibit new files, sockets, etc */
-#if defined(__linux__) || defined(__sun)
+#if defined(__linux__) || defined(__sun) || defined(__OpenBSD__)
 		/*
 		 * If poll(2) is called with nfds > RLIMIT_NOFILE
 		 * then it returns EINVAL.
@@ -166,7 +163,7 @@ ps_dropprivs(struct dhcpcd_ctx *ctx)
 #endif
 	}
 
-#ifndef HAVE_CAPSICUM
+#if !defined(HAVE_CAPSICUM) && !defined(HAVE_PLEDGE)
 	/* Prohibit large files */
 	if (setrlimit(RLIMIT_FSIZE, &rzero) == -1) {
 		logerr("setrlimit RLIMIT_FSIZE");
@@ -181,7 +178,6 @@ ps_dropprivs(struct dhcpcd_ctx *ctx)
 		return -1;
 	}
 #endif
-#endif
 
 	return 0;
 }
author	Roy Marples <roy@marples.name>	2020-06-10 05:46:19 +0100
committer	Roy Marples <roy@marples.name>	2020-06-10 05:46:19 +0100
commit	00b5fa3b54899271376ed89b785aec32b9f97e98 (patch)
tree	ad89b74e571c5b7abb2d62454466f59488d3cf29 /src/privsep.c
parent	8e529ad867c62275ef60c7148ec0592544f26ce2 (diff)
download	dhcpcd-00b5fa3b54899271376ed89b785aec32b9f97e98.tar.xz