Mercurial > hg > dhcpcd
changeset 5334:0669fbaf2e5d draft
privsep: Apply what resource limits we can to capsicum
| author | Roy Marples <roy@marples.name> |
|---|---|
| date | Wed, 10 Jun 2020 05:27:25 +0100 |
| parents | 4fb2ba0739f0 |
| children | d708e3b7cce0 |
| files | src/privsep.c |
| diffstat | 1 files changed, 4 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/privsep.c Wed Jun 10 05:04:02 2020 +0100 +++ b/src/privsep.c Wed Jun 10 05:27:25 2020 +0100 @@ -129,9 +129,8 @@ return -1; } -#if defined(HAVE_CAPSICUM) || defined(HAVE_PLEDGE) - /* These sandbox technologies do not work well with - * resource limits. */ +#if defined(HAVE_PLEDGE) + /* Pledge does not seem to work well with resource limits. */ #else struct rlimit rzero = { .rlim_cur = 0, .rlim_max = 0 }; @@ -167,11 +166,13 @@ #endif } +#ifndef HAVE_CAPSICUM /* Prohibit large files */ if (setrlimit(RLIMIT_FSIZE, &rzero) == -1) { logerr("setrlimit RLIMIT_FSIZE"); return -1; } +#endif #ifdef RLIMIT_NPROC /* Prohibit forks */