tree-wide: set FORK_RLIMIT_NOFILE_SAFE flag

No functional changes, just refactoring.

diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c
index 37fdfa540f1a3be8fdfbd8d2632c266586177fde..e25c5d5efa67b0e29bb862e70780594578f35ba1 100644 (file)
--- a/src/fsck/fsck.c
+++ b/src/fsck/fsck.c
@@ -27,7 +27,6 @@
 #include "path-util.h"
 #include "proc-cmdline.h"
 #include "process-util.h"
-#include "rlimit-util.h"
 #include "signal-util.h"
 #include "socket-util.h"
 #include "special.h"
@@ -346,7 +345,7 @@ static int run(int argc, char *argv[]) {
             pipe(progress_pipe) < 0)
                 return log_error_errno(errno, "pipe(): %m");
 
-        r = safe_fork("(fsck)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
+        r = safe_fork("(fsck)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE, &pid);
         if (r < 0)
                 return r;
         if (r == 0) {
@@ -395,8 +394,6 @@ static int run(int argc, char *argv[]) {
                 cmdline[i++] = device;
                 cmdline[i++] = NULL;
 
-                (void) rlimit_nofile_safe();
-
                 execv(cmdline[0], (char**) cmdline);
                 _exit(FSCK_OPERATIONAL_ERROR);
         }

diff --git a/src/import/pull-common.c b/src/import/pull-common.c
index 6980f12a796cc4c56de40ec3ed3d6cae3cf30c34..c8a3bf370e113bdd6c223ccd84b88e949d6db6bc 100644 (file)
--- a/src/import/pull-common.c
+++ b/src/import/pull-common.c
@@ -16,7 +16,6 @@
 #include "process-util.h"
 #include "pull-common.h"
 #include "pull-job.h"
-#include "rlimit-util.h"
 #include "rm-rf.h"
 #include "signal-util.h"
 #include "siphash24.h"
@@ -415,7 +414,7 @@ static int verify_gpg(
 
         gpg_home_created = true;
 
-        r = safe_fork("(gpg)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
+        r = safe_fork("(gpg)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE, &pid);
         if (r < 0)
                 return r;
         if (r == 0) {
@@ -446,8 +445,6 @@ static int verify_gpg(
                         _exit(EXIT_FAILURE);
                 }
 
-                (void) rlimit_nofile_safe();
-
                 cmd[k++] = strjoina("--homedir=", gpg_home);
 
                 /* We add the user keyring only to the command line arguments, if it's around since gpg fails

diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
index 29f05891f57646707b0fd9a503bec7cc7bdf3462..7df264fb53141858d15d5f6ed2e77d13690cf152 100644 (file)
--- a/src/journal-remote/journal-remote-main.c
+++ b/src/journal-remote/journal-remote-main.c
@@ -85,7 +85,7 @@ static int spawn_child(const char* child, char** argv) {
         if (pipe(fd) < 0)
                 return log_error_errno(errno, "Failed to create pager pipe: %m");
 
-        r = safe_fork("(remote)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &child_pid);
+        r = safe_fork("(remote)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE, &child_pid);
         if (r < 0) {
                 safe_close_pair(fd);
                 return r;
@@ -101,8 +101,6 @@ static int spawn_child(const char* child, char** argv) {
                         _exit(EXIT_FAILURE);
                 }
 
-                (void) rlimit_nofile_safe();
-
                 execvp(child, argv);
                 log_error_errno(errno, "Failed to exec child %s: %m", child);
                 _exit(EXIT_FAILURE);

diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
index 253f41c636b5c4c8520659b792d57aaeb755a638..64037e4fe0595875933899155c20c700e80d1b1b 100644 (file)
--- a/src/libsystemd/sd-bus/bus-socket.c
+++ b/src/libsystemd/sd-bus/bus-socket.c
@@ -22,7 +22,6 @@
 #include "memory-util.h"
 #include "path-util.h"
 #include "process-util.h"
-#include "rlimit-util.h"
 #include "signal-util.h"
 #include "stdio-util.h"
 #include "string-util.h"
@@ -995,7 +994,7 @@ int bus_socket_exec(sd_bus *b) {
         if (r < 0)
                 return -errno;
 
-        r = safe_fork_full("(sd-busexec)", s+1, 1, FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS, &b->busexec_pid);
+        r = safe_fork_full("(sd-busexec)", s+1, 1, FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_RLIMIT_NOFILE_SAFE, &b->busexec_pid);
         if (r < 0) {
                 safe_close_pair(s);
                 return r;
@@ -1008,8 +1007,6 @@ int bus_socket_exec(sd_bus *b) {
                 if (r < 0)
                         _exit(EXIT_FAILURE);
 
-                (void) rlimit_nofile_safe();
-
                 if (b->exec_argv)
                         execvp(b->exec_path, b->exec_argv);
                 else

diff --git a/src/nspawn/nspawn-setuid.c b/src/nspawn/nspawn-setuid.c
index e396d66441297b6f3457c05307e959ced1af91c2..5772d96b2fa50031e3e38a235dffdf1f0e226219 100644 (file)
--- a/src/nspawn/nspawn-setuid.c
+++ b/src/nspawn/nspawn-setuid.c
@@ -12,7 +12,6 @@
 #include "mkdir.h"
 #include "nspawn-setuid.h"
 #include "process-util.h"
-#include "rlimit-util.h"
 #include "signal-util.h"
 #include "string-util.h"
 #include "strv.h"
@@ -29,7 +28,7 @@ static int spawn_getent(const char *database, const char *key, pid_t *rpid) {
         if (pipe2(pipe_fds, O_CLOEXEC) < 0)
                 return log_error_errno(errno, "Failed to allocate pipe: %m");
 
-        r = safe_fork("(getent)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
+        r = safe_fork("(getent)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE, &pid);
         if (r < 0) {
                 safe_close_pair(pipe_fds);
                 return r;
@@ -44,8 +43,6 @@ static int spawn_getent(const char *database, const char *key, pid_t *rpid) {
 
                 (void) close_all_fds(NULL, 0);
 
-                (void) rlimit_nofile_safe();
-
                 execle("/usr/bin/getent", "getent", database, key, NULL, &empty_env);
                 execle("/bin/getent", "getent", database, key, NULL, &empty_env);
                 _exit(EXIT_FAILURE);

diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c
index f5283f9df459cbb1aaa34865af270a50dc46dad6..7ed2cce76b9a211cd5c3c27118f228eb9b8c6bb2 100644 (file)
--- a/src/shared/exec-util.c
+++ b/src/shared/exec-util.c
@@ -20,7 +20,6 @@
 #include "missing_syscall.h"
 #include "path-util.h"
 #include "process-util.h"
-#include "rlimit-util.h"
 #include "serialize.h"
 #include "set.h"
 #include "signal-util.h"
@@ -43,7 +42,7 @@ static int do_spawn(const char *path, char *argv[], int stdout_fd, pid_t *pid, b
                 return 0;
         }
 
-        r = safe_fork("(direxec)", FORK_DEATHSIG|FORK_LOG, &_pid);
+        r = safe_fork("(direxec)", FORK_DEATHSIG|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE, &_pid);
         if (r < 0)
                 return r;
         if (r == 0) {
@@ -55,8 +54,6 @@ static int do_spawn(const char *path, char *argv[], int stdout_fd, pid_t *pid, b
                                 _exit(EXIT_FAILURE);
                 }
 
-                (void) rlimit_nofile_safe();
-
                 if (set_systemd_exec_pid) {
                         r = setenv_systemd_exec_pid(false);
                         if (r < 0)
@@ -493,7 +490,7 @@ int fork_agent(const char *name, const int except[], size_t n_except, pid_t *ret
         r = safe_fork_full(name,
                            except,
                            n_except,
-                           FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG,
+                           FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS|FORK_REOPEN_LOG|FORK_RLIMIT_NOFILE_SAFE,
                            ret_pid);
         if (r < 0)
                 return r;
@@ -537,8 +534,6 @@ int fork_agent(const char *name, const int except[], size_t n_except, pid_t *ret
                 }
         }
 
-        (void) rlimit_nofile_safe();
-
         /* Count arguments */
         va_start(ap, path);
         for (n = 0; va_arg(ap, char*); n++)

diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
index 6d47a2a49de99fd044acce2f53439e716a809d8a..ec4ad30824def8c5755d1b92b4912789649d741a 100644 (file)
--- a/src/udev/udev-event.c
+++ b/src/udev/udev-event.c
@@ -23,7 +23,6 @@
 #include "parse-util.h"
 #include "path-util.h"
 #include "process-util.h"
-#include "rlimit-util.h"
 #include "signal-util.h"
 #include "stdio-util.h"
 #include "string-util.h"
@@ -811,7 +810,7 @@ int udev_event_spawn(
 
         log_device_debug(event->dev, "Starting '%s'", cmd);
 
-        r = safe_fork("(spawn)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
+        r = safe_fork("(spawn)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE, &pid);
         if (r < 0)
                 return log_device_error_errno(event->dev, r,
                                               "Failed to fork() to execute command '%s': %m", cmd);
@@ -820,7 +819,6 @@ int udev_event_spawn(
                         _exit(EXIT_FAILURE);
 
                 (void) close_all_fds(NULL, 0);
-                (void) rlimit_nofile_safe();
 
                 DEVICE_TRACE_POINT(spawn_exec, event->dev, cmd);