From c0d76959080e3ba6534bce1c7053c750668e8b55 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 16 Jan 2019 14:47:09 +0100
Subject: [PATCH] main: when bumping RLIMIT_MEMLOCK, save the previous value to
 pass to children

Let's make sure that the bumping of RLIMIT_MEMLOCK does not leak into
our children.
---
 src/core/main.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/core/main.c b/src/core/main.c
index d0d589e26ac..79f12c9209e 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1327,6 +1327,17 @@ static int bump_rlimit_memlock(struct rlimit *saved_rlimit) {
         if (getrlimit(RLIMIT_MEMLOCK, saved_rlimit) < 0)
                 return log_warning_errno(errno, "Reading RLIMIT_MEMLOCK failed, ignoring: %m");
 
+        /* Pass the original value down to invoked processes */
+        if (!arg_default_rlimit[RLIMIT_MEMLOCK]) {
+                struct rlimit *rl;
+
+                rl = newdup(struct rlimit, saved_rlimit, 1);
+                if (!rl)
+                        return log_oom();
+
+                arg_default_rlimit[RLIMIT_MEMLOCK] = rl;
+        }
+
         r = setrlimit_closest(RLIMIT_MEMLOCK, &RLIMIT_MAKE_CONST(HIGH_RLIMIT_MEMLOCK));
         if (r < 0)
                 return log_warning_errno(r, "Setting RLIMIT_MEMLOCK failed, ignoring: %m");
-- 
2.39.2