Mercurial > hg > dhcpcd
changeset 5335:d708e3b7cce0 draft
privsep: Apply resource limits to OpenBSD as well where we can
After all, pledge or capsicum could have bugs.
| author | Roy Marples <roy@marples.name> |
|---|---|
| date | Wed, 10 Jun 2020 05:46:19 +0100 |
| parents | 0669fbaf2e5d |
| children | 4e761ef5ee93 |
| files | src/privsep.c |
| diffstat | 1 files changed, 2 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/src/privsep.c Wed Jun 10 05:27:25 2020 +0100 +++ b/src/privsep.c Wed Jun 10 05:46:19 2020 +0100 @@ -129,14 +129,11 @@ return -1; } -#if defined(HAVE_PLEDGE) - /* Pledge does not seem to work well with resource limits. */ -#else struct rlimit rzero = { .rlim_cur = 0, .rlim_max = 0 }; if (ctx->ps_control_pid != getpid()) { /* Prohibit new files, sockets, etc */ -#if defined(__linux__) || defined(__sun) +#if defined(__linux__) || defined(__sun) || defined(__OpenBSD__) /* * If poll(2) is called with nfds > RLIMIT_NOFILE * then it returns EINVAL. @@ -166,7 +163,7 @@ #endif } -#ifndef HAVE_CAPSICUM +#if !defined(HAVE_CAPSICUM) && !defined(HAVE_PLEDGE) /* Prohibit large files */ if (setrlimit(RLIMIT_FSIZE, &rzero) == -1) { logerr("setrlimit RLIMIT_FSIZE"); @@ -181,7 +178,6 @@ return -1; } #endif -#endif return 0; }