diff options
| author | Damien Miller <djm@mindrot.org> | 2014-01-26 09:39:53 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2014-01-26 09:39:53 +1100 |
| commit | 2035b2236d3b1f76c749c642a43e03c85eae76e6 (patch) | |
| tree | 7e4d397d9f030d5180f6a9e1dab7d9f39e01d065 /sandbox-capsicum.c | |
| parent | a92ac7410475fbb00383c7402aa954dc0a75ae19 (diff) | |
- (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable
RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations,
libc will attempt to open additional file descriptors for crypto
offload and crash if they cannot be opened.
Diffstat (limited to 'sandbox-capsicum.c')
| -rw-r--r-- | sandbox-capsicum.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sandbox-capsicum.c b/sandbox-capsicum.c index f648c6ece..ee2a7e79e 100644 --- a/sandbox-capsicum.c +++ b/sandbox-capsicum.c | |||
| @@ -75,9 +75,11 @@ ssh_sandbox_child(struct ssh_sandbox *box) | |||
| 75 | if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) | 75 | if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) |
| 76 | fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", | 76 | fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", |
| 77 | __func__, strerror(errno)); | 77 | __func__, strerror(errno)); |
| 78 | #ifndef SANDBOX_SKIP_RLIMIT_NOFILE | ||
| 78 | if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) | 79 | if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) |
| 79 | fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", | 80 | fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", |
| 80 | __func__, strerror(errno)); | 81 | __func__, strerror(errno)); |
| 82 | #endif | ||
| 81 | if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) | 83 | if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) |
| 82 | fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", | 84 | fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", |
| 83 | __func__, strerror(errno)); | 85 | __func__, strerror(errno)); |