Mercurial > hg > dhcpcd
changeset 5314:11e07bba68c3 draft
FreeBSD: Fix prior for capsicum as well.
| author | Roy Marples <roy@marples.name> |
|---|---|
| date | Fri, 05 Jun 2020 13:15:51 +0100 |
| parents | 9aa7c5f01a8b |
| children | e4e369bdb914 |
| files | src/privsep.c |
| diffstat | 1 files changed, 6 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/privsep.c Fri Jun 05 13:02:32 2020 +0100 +++ b/src/privsep.c Fri Jun 05 13:15:51 2020 +0100 @@ -113,7 +113,7 @@ ps_dropprivs(struct dhcpcd_ctx *ctx) { struct passwd *pw = ctx->ps_user; -#ifndef HAVE_PLEDGE +#if !defined(HAVE_PLEDGE) struct rlimit rzero = { .rlim_cur = 0, .rlim_max = 0 }; #endif @@ -132,18 +132,22 @@ return -1; } -#ifndef HAVE_PLEDGE +#ifdef HAVE_PLEDGE + /* None of these resource limits work with pledge. */ +#else /* Prohibit new files, sockets, etc */ if (setrlimit(RLIMIT_NOFILE, &rzero) == -1) { logerr("setrlimit RLIMIT_NOFILE"); return -1; } +#ifndef HAVE_CAPSICUM /* Seems to break our IPC. */ /* Prohibit large files */ if (setrlimit(RLIMIT_FSIZE, &rzero) == -1) { logerr("setrlimit RLIMIT_FSIZE"); return -1; } +#endif #ifdef RLIMIT_NPROC /* Prohibit forks */