- (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not

setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its benefit is minor, so it's not worth disabling the sandbox if it doesn't work.
author: Darren Tucker <dtucker@zip.com.au> 2012-07-03 22:48:31 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2012-07-03 22:48:31 +1000
commit: d545a4b9749fef6613b556b2191f6cb898fcb60f (patch)
tree: 1e8e8f1291dce0bbf7a7fbb53fd6cabed069fe1b /sandbox-rlimit.c
parent: 60395f91c6987c17b3f9a783350e34d35896961b (diff)
download: openssh-git-d545a4b9749fef6613b556b2191f6cb898fcb60f.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/sandbox-rlimit.c b/sandbox-rlimit.c
index 761e9284..a0038633 100644
--- a/sandbox-rlimit.c
+++ b/sandbox-rlimit.c
@@ -64,9 +64,11 @@ ssh_sandbox_child(struct ssh_sandbox *box)
 
 	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
 
+#ifndef SANDBOX_SKIP_RLIMIT_FSIZE
 	if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
 		fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
 			__func__, strerror(errno));
+#endif
 	if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
 		fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
 			__func__, strerror(errno));
author	Darren Tucker <dtucker@zip.com.au>	2012-07-03 22:48:31 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2012-07-03 22:48:31 +1000
commit	d545a4b9749fef6613b556b2191f6cb898fcb60f (patch)
tree	1e8e8f1291dce0bbf7a7fbb53fd6cabed069fe1b /sandbox-rlimit.c
parent	60395f91c6987c17b3f9a783350e34d35896961b (diff)
download	openssh-git-d545a4b9749fef6613b556b2191f6cb898fcb60f.tar.gz