Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

set rlimit before dropping root, duh

  • Loading branch information...
commit 73302a30fa87b03be565ea65c996f409453e3c0a 1 parent 2900f01
@bradfitz authored
Showing with 12 additions and 13 deletions.
  1. +12 −13 exec.go
View
25 exec.go
@@ -99,7 +99,18 @@ func MaybeBecomeChildProcess() {
if err != nil {
log.Fatalf("Failed to decode LaunchRequest in child: %v", err)
}
-
+ if lr.NumFiles != 0 {
+ var lim syscall.Rlimit
+ if err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, &lim); err != nil {
+ log.Fatalf("failed to get NOFILE rlimit: %v", err)
+ }
+ noFile := uint64(lr.NumFiles)
+ lim.Cur = noFile
+ lim.Max = noFile
+ if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, &lim); err != nil {
+ log.Fatalf("failed to set NOFILE rlimit: %v", err)
+ }
+ }
if lr.Gid != 0 {
if err := syscall.Setgid(lr.Gid); err != nil {
log.Fatalf("failed to Setgid(%d): %v", lr.Gid, err)
@@ -121,18 +132,6 @@ func MaybeBecomeChildProcess() {
log.Fatalf("failed to chdir to %q: %v", lr.Dir, err)
}
}
- if lr.NumFiles != 0 {
- var lim syscall.Rlimit
- if err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, &lim); err != nil {
- log.Fatalf("failed to get NOFILE rlimit: %v", err)
- }
- noFile := uint64(lr.NumFiles)
- lim.Cur = noFile
- lim.Max = noFile
- if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, &lim); err != nil {
- log.Fatalf("failed to set NOFILE rlimit: %v", err)
- }
- }
err = syscall.Exec(lr.Path, lr.Argv, lr.Env)
log.Fatalf("failed to exec %q: %v", lr.Path, err)
}
Please sign in to comment.
Something went wrong with that request. Please try again.