From: Roy Marples <roy@marples.name>
Date: Wed, 10 Jun 2020 07:30:28 +0000 (+0100)
Subject: privsep: RLIMIT_FSIZE works fine on pledge and capsicum
X-Git-Tag: v9.1.2~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8fdd34b858450503daf96409458fb48834d56163;p=thirdparty%2Fdhcpcd.git

privsep: RLIMIT_FSIZE works fine on pledge and capsicum

If you don't use the dhcpcd logfile option.
Duh.
---

diff --git a/src/privsep.c b/src/privsep.c
index ec8e4cc1..b2f3b309 100644
--- a/src/privsep.c
+++ b/src/privsep.c
@@ -163,19 +163,14 @@ ps_dropprivs(struct dhcpcd_ctx *ctx)
 #endif
 	}
 
-#if !defined(HAVE_CAPSICUM) && !defined(HAVE_PLEDGE)
-	/*
-	 * Prohibit large files
-	 * Cannot offload this to the privilged actioneer because
-	 * only the master process has access to it.
-	 */
+	/* Prohibit writing to files.
+	 * Obviously this won't work if we are using a logfile. */
 	if (ctx->logfile == NULL) {
 		if (setrlimit(RLIMIT_FSIZE, &rzero) == -1) {
 			logerr("setrlimit RLIMIT_FSIZE");
 			return -1;
 		}
 	}
-#endif
 
 #ifdef RLIMIT_NPROC
 	/* Prohibit forks */