diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2012-07-03 22:48:31 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2012-07-03 22:48:31 +1000 |
| commit | d545a4b9749fef6613b556b2191f6cb898fcb60f (patch) | |
| tree | 1e8e8f1291dce0bbf7a7fbb53fd6cabed069fe1b /sandbox-rlimit.c | |
| parent | 60395f91c6987c17b3f9a783350e34d35896961b (diff) | |
- (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not
setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its
benefit is minor, so it's not worth disabling the sandbox if it doesn't
work.
Diffstat (limited to 'sandbox-rlimit.c')
| -rw-r--r-- | sandbox-rlimit.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sandbox-rlimit.c b/sandbox-rlimit.c index 761e9284f..a00386337 100644 --- a/sandbox-rlimit.c +++ b/sandbox-rlimit.c | |||
| @@ -64,9 +64,11 @@ ssh_sandbox_child(struct ssh_sandbox *box) | |||
| 64 | 64 | ||
| 65 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; | 65 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; |
| 66 | 66 | ||
| 67 | #ifndef SANDBOX_SKIP_RLIMIT_FSIZE | ||
| 67 | if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) | 68 | if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) |
| 68 | fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", | 69 | fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", |
| 69 | __func__, strerror(errno)); | 70 | __func__, strerror(errno)); |
| 71 | #endif | ||
| 70 | if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) | 72 | if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) |
| 71 | fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", | 73 | fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", |
| 72 | __func__, strerror(errno)); | 74 | __func__, strerror(errno)); |