Mercurial > hg > dhcpcd
changeset 5316:0a99cd624a1c draft
Linux: make resource limits work by using getifaddrs over privsep
| author | Roy Marples <roy@marples.name> |
|---|---|
| date | Fri, 05 Jun 2020 14:12:23 +0100 |
| parents | e4e369bdb914 |
| children | 8b8bdc55dde8 |
| files | src/if.c src/privsep-root.c src/privsep-root.h src/privsep.c |
| diffstat | 4 files changed, 21 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/src/if.c Fri Jun 05 13:51:51 2020 +0100 +++ b/src/if.c Fri Jun 05 14:12:23 2020 +0100 @@ -403,7 +403,7 @@ } TAILQ_INIT(ifs); -#if defined(PRIVSEP) && defined(HAVE_CAPSICUM) +#ifdef PRIVSEP_GETIFADDRS if (ctx->options & DHCPCD_PRIVSEP) { if (ps_root_getifaddrs(ctx, ifaddrs) == -1) { logerr("ps_root_getifaddrs");
--- a/src/privsep-root.c Fri Jun 05 13:51:51 2020 +0100 +++ b/src/privsep-root.c Fri Jun 05 14:12:23 2020 +0100 @@ -132,7 +132,7 @@ return psr_ctx.psr_error.psr_result; } -#ifdef HAVE_CAPSICUM +#ifdef PRIVSEP_GETIFADDRS static void ps_root_mreaderrorcb(void *arg) { @@ -351,7 +351,7 @@ } #endif -#ifdef HAVE_CAPSICUM +#ifdef PRIVSEP_GETIFADDRS #define IFA_NADDRS 3 static ssize_t ps_root_dogetifaddrs(void **rdata, size_t *rlen) @@ -564,7 +564,7 @@ } break; #endif -#ifdef HAVE_CAPSICUM +#ifdef PRIVSEP_GETIFADDRS case PS_GETIFADDRS: err = ps_root_dogetifaddrs(&rdata, &rlen); free_rdata = true; @@ -889,7 +889,7 @@ return ps_root_readerror(ctx, time, sizeof(*time)); } -#ifdef HAVE_CAPSICUM +#ifdef PRIVSEP_GETIFADDRS int ps_root_getifaddrs(struct dhcpcd_ctx *ctx, struct ifaddrs **ifahead) { @@ -916,7 +916,7 @@ bp = buf; *ifahead = (struct ifaddrs *)(void *)bp; - for (ifa = *ifahead; len != 0; ifa = ifa->ifa_next) { + for (ifa = *ifahead; ifa != NULL; ifa = ifa->ifa_next) { if (len < ALIGN(sizeof(*ifa)) + ALIGN(IFNAMSIZ) + ALIGN(sizeof(salen) * IFA_NADDRS)) goto err; @@ -944,9 +944,11 @@ COPYOUTSA(ifa->ifa_addr); COPYOUTSA(ifa->ifa_netmask); COPYOUTSA(ifa->ifa_broadaddr); - ifa->ifa_next = (struct ifaddrs *)(void *)bp; + if (len != 0) + ifa->ifa_next = (struct ifaddrs *)(void *)bp; + else + ifa->ifa_next = NULL; } - ifa->ifa_next = NULL; return 0; err:
--- a/src/privsep-root.h Fri Jun 05 13:51:51 2020 +0100 +++ b/src/privsep-root.h Fri Jun 05 14:12:23 2020 +0100 @@ -31,6 +31,10 @@ #include "if.h" +#if defined(PRIVSEP) && (defined(HAVE_CAPSICUM) || defined(__linux__)) +#define PRIVSEP_GETIFADDRS +#endif + pid_t ps_root_start(struct dhcpcd_ctx *ctx); int ps_root_stop(struct dhcpcd_ctx *ctx); @@ -45,7 +49,9 @@ const void *, size_t); ssize_t ps_root_script(struct dhcpcd_ctx *, const void *, size_t); int ps_root_getauthrdm(struct dhcpcd_ctx *, uint64_t *); +#ifdef PRIVSEP_GETIFADDRS int ps_root_getifaddrs(struct dhcpcd_ctx *, struct ifaddrs **); +#endif ssize_t ps_root_os(struct ps_msghdr *, struct msghdr *, void **, size_t *); #if defined(BSD) || defined(__sun)
--- a/src/privsep.c Fri Jun 05 13:51:51 2020 +0100 +++ b/src/privsep.c Fri Jun 05 14:12:23 2020 +0100 @@ -113,7 +113,7 @@ ps_dropprivs(struct dhcpcd_ctx *ctx) { struct passwd *pw = ctx->ps_user; -#if !defined(HAVE_PLEDGE) && !defined(__linux__) +#if !defined(HAVE_PLEDGE) struct rlimit rzero = { .rlim_cur = 0, .rlim_max = 0 }; #endif @@ -132,16 +132,18 @@ return -1; } -#if defined(HAVE_PLEDGE) || defined(__linux__) +#if defined(HAVE_PLEDGE) /* None of these resource limits work with pledge. */ #else +#ifndef __linux__ /* breaks ppoll */ /* Prohibit new files, sockets, etc */ if (setrlimit(RLIMIT_NOFILE, &rzero) == -1) { logerr("setrlimit RLIMIT_NOFILE"); return -1; } +#endif -#ifndef HAVE_CAPSICUM /* Seems to break our IPC. */ +#ifndef HAVE_CAPSICUM /* breaks sending over our IPC */ /* Prohibit large files */ if (setrlimit(RLIMIT_FSIZE, &rzero) == -1) { logerr("setrlimit RLIMIT_FSIZE");