}
}
+static const char *
+get_setuid_error_str(const struct restrict_access_settings *set)
+{
+ string_t *str = t_str_new(128);
+
+ str_printfa(str, "setuid(%s", get_uid_str(set->uid));
+ if (set->uid_source != NULL)
+ str_printfa(str, " from %s", set->uid_source);
+ str_printfa(str, ") failed with euid=%s: %m ",
+ get_uid_str(geteuid()));
+ if (errno == EAGAIN) {
+ str_append(str, "(ulimit -u reached)");
+ } else {
+ str_printfa(str, "(This binary should probably be called with "
+ "process user set to %s instead of %s)",
+ get_uid_str(set->uid), get_uid_str(geteuid()));
+ }
+ return str_c(str);
+}
+
void restrict_access(const struct restrict_access_settings *set,
const char *home, bool disallow_root)
{
/* uid last */
if (set->uid != (uid_t)-1) {
- if (setuid(set->uid) != 0) {
- string_t *str = t_str_new(128);
-
- str_printfa(str, "setuid(%s", get_uid_str(set->uid));
- if (set->uid_source != NULL)
- str_printfa(str, " from %s", set->uid_source);
- str_printfa(str, ") failed with euid=%s: %m "
- "(This binary should probably be called with "
- "process user set to %s instead of %s)",
- get_uid_str(geteuid()),
- get_uid_str(set->uid), get_uid_str(geteuid()));
- i_fatal("%s", str_c(str));
- }
+ if (setuid(set->uid) != 0)
+ i_fatal("%s", get_setuid_error_str(set));
}
/* verify that we actually dropped the privileges */
projects / thirdparty / dovecot / core.git / commitdiff
