Linux: make resource limits work by using getifaddrs over privsep

author: Roy Marples <roy@marples.name> 2020-06-05 14:12:23 +0100
committer: Roy Marples <roy@marples.name> 2020-06-05 14:12:23 +0100
commit: 59c952ac3db05d7ec0a8c275b3163fde32a7fade (patch)
tree: ec2da8c54d57a45b555cd0d0ed5c5c7485676ed3 /src/privsep.c
parent: bbc8b10a5aa9e0f8d72be2a103619a1aeb0bb933 (diff)
download: dhcpcd-59c952ac3db05d7ec0a8c275b3163fde32a7fade.tar.xz
1 files changed, 5 insertions, 3 deletions
diff --git a/src/privsep.c b/src/privsep.c
index 89017464..271c0c39 100644
--- a/src/privsep.c
+++ b/src/privsep.c
@@ -113,7 +113,7 @@ int
 ps_dropprivs(struct dhcpcd_ctx *ctx)
 {
 	struct passwd *pw = ctx->ps_user;
-#if !defined(HAVE_PLEDGE) && !defined(__linux__)
+#if !defined(HAVE_PLEDGE)
 	struct rlimit rzero = { .rlim_cur = 0, .rlim_max = 0 };
 #endif
 
@@ -132,16 +132,18 @@ ps_dropprivs(struct dhcpcd_ctx *ctx)
 		return -1;
 	}
 
-#if defined(HAVE_PLEDGE) || defined(__linux__)
+#if defined(HAVE_PLEDGE)
 	/* None of these resource limits work with pledge. */
 #else
+#ifndef __linux__ /* breaks ppoll */
 	/* Prohibit new files, sockets, etc */
 	if (setrlimit(RLIMIT_NOFILE, &rzero) == -1) {
 		logerr("setrlimit RLIMIT_NOFILE");
 		return -1;
 	}
+#endif
 
-#ifndef HAVE_CAPSICUM /* Seems to break our IPC. */
+#ifndef HAVE_CAPSICUM /* breaks sending over our IPC */
 	/* Prohibit large files */
 	if (setrlimit(RLIMIT_FSIZE, &rzero) == -1) {
 		logerr("setrlimit RLIMIT_FSIZE");
author	Roy Marples <roy@marples.name>	2020-06-05 14:12:23 +0100
committer	Roy Marples <roy@marples.name>	2020-06-05 14:12:23 +0100
commit	59c952ac3db05d7ec0a8c275b3163fde32a7fade (patch)
tree	ec2da8c54d57a45b555cd0d0ed5c5c7485676ed3 /src/privsep.c
parent	bbc8b10a5aa9e0f8d72be2a103619a1aeb0bb933 (diff)
download	dhcpcd-59c952ac3db05d7ec0a8c275b3163fde32a7fade.tar.xz