Moved setting process limit after exec().

--HG--
branch : HEAD

diff --git a/src/login-common/main.c b/src/login-common/main.c
index fffdc2c96f99c60780722dea87db0d224189a844..ae1bff3f7eac81a074290f12a5b39ceab9128221 100644 (file)
--- a/src/login-common/main.c
+++ b/src/login-common/main.c
@@ -4,6 +4,7 @@
 #include "ioloop.h"
 #include "lib-signals.h"
 #include "restrict-access.h"
+#include "restrict-process-size.h"
 #include "process-title.h"
 #include "fd-close-on-exec.h"
 #include "auth-connection.h"
@@ -129,6 +130,9 @@ static void open_logfile(const char *name)
 
 static void drop_privileges(const char *name)
 {
+       /* make sure we can't fork() */
+       restrict_process_size((unsigned int)-1, 0);
+
        /* Log file or syslog opening probably requires roots */
        open_logfile(name);
 

diff --git a/src/master/login-process.c b/src/master/login-process.c
index 09dbd6ba93378e17fc6e437cfdec72e53a6a2194..4e91dd995099d05c7498b8558fa2e6d0d7d79857 100644 (file)
--- a/src/master/login-process.c
+++ b/src/master/login-process.c
@@ -479,7 +479,7 @@ static pid_t create_login_process(struct login_group *group)
                        i_fatal("chdir(%s) failed: %m", set->login_dir);
        }
 
-       restrict_process_size(group->set->process_size, 0);
+       restrict_process_size(group->set->process_size, (unsigned int)-1);
 
        /* make sure we don't leak syslog fd, but do it last so that
           any errors above will be logged */