FreeBSD: Fix prior for capsicum as well.

author Roy Marples <roy@marples.name>

Fri, 5 Jun 2020 12:15:51 +0000 (13:15 +0100)

committer Roy Marples <roy@marples.name>

Fri, 5 Jun 2020 12:15:51 +0000 (13:15 +0100)
author Roy Marples <roy@marples.name>
Fri, 5 Jun 2020 12:15:51 +0000 (13:15 +0100)
committer Roy Marples <roy@marples.name>
Fri, 5 Jun 2020 12:15:51 +0000 (13:15 +0100)
diff --git a/src/privsep.c b/src/privsep.c

index 749f00c6ea7b5dcbf85780b853e911498e65679f..b9bc61d012a025995a93e3af95c2ef784df9f004 100644 (file)
--- a/src/privsep.c
+++ b/src/privsep.c
@@ -113,7 +113,7 @@ int
  ps_dropprivs(struct dhcpcd_ctx *ctx)
  {
         struct passwd *pw = ctx->ps_user;
-#ifndef HAVE_PLEDGE
+#if !defined(HAVE_PLEDGE)
         struct rlimit rzero = { .rlim_cur = 0, .rlim_max = 0 };
  #endif
  
@@ -132,18 +132,22 @@ ps_dropprivs(struct dhcpcd_ctx *ctx)
                 return -1;
         }
  
-#ifndef HAVE_PLEDGE
+#ifdef HAVE_PLEDGE
+       /* None of these resource limits work with pledge. */
+#else
         /* Prohibit new files, sockets, etc */
         if (setrlimit(RLIMIT_NOFILE, &rzero) == -1) {
                 logerr("setrlimit RLIMIT_NOFILE");
                 return -1;
         }
  
+#ifndef HAVE_CAPSICUM /* Seems to break our IPC. */
         /* Prohibit large files */
         if (setrlimit(RLIMIT_FSIZE, &rzero) == -1) {
                 logerr("setrlimit RLIMIT_FSIZE");
                 return -1;
         }
+#endif
  
  #ifdef RLIMIT_NPROC
         /* Prohibit forks */
author	Roy Marples <roy@marples.name>
	Fri, 5 Jun 2020 12:15:51 +0000 (13:15 +0100)
committer	Roy Marples <roy@marples.name>
	Fri, 5 Jun 2020 12:15:51 +0000 (13:15 +0100)