| version 1.4, 2016/09/12 01:22:38 |
version 1.5, 2020/10/18 11:32:01 |
|
|
| * Strictly, we don't need to maintain any state here but we need |
* Strictly, we don't need to maintain any state here but we need |
| * to return non-NULL to satisfy the API. |
* to return non-NULL to satisfy the API. |
| */ |
*/ |
| debug3("%s: preparing rlimit sandbox", __func__); |
debug3_f("preparing rlimit sandbox"); |
| box = xcalloc(1, sizeof(*box)); |
box = xcalloc(1, sizeof(*box)); |
| box->child_pid = 0; |
box->child_pid = 0; |
| |
|
|
|
| rl_zero.rlim_cur = rl_zero.rlim_max = 0; |
rl_zero.rlim_cur = rl_zero.rlim_max = 0; |
| |
|
| if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) |
if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1) |
| fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", |
fatal_f("setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s", |
| __func__, strerror(errno)); |
strerror(errno)); |
| if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) |
if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1) |
| fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", |
fatal_f("setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s", |
| __func__, strerror(errno)); |
strerror(errno)); |
| if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) |
if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1) |
| fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", |
fatal_f("setrlimit(RLIMIT_NPROC, { 0, 0 }): %s", |
| __func__, strerror(errno)); |
strerror(errno)); |
| } |
} |
| |
|
| void |
void |
| ssh_sandbox_parent_finish(struct ssh_sandbox *box) |
ssh_sandbox_parent_finish(struct ssh_sandbox *box) |
| { |
{ |
| free(box); |
free(box); |
| debug3("%s: finished", __func__); |
debug3_f("finished"); |
| } |
} |
| |
|
| void |
void |
![[BACK]](/icons/back.gif){kind=icon}
Return to sandbox-rlimit.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh