if (!context->rlimit[i])
continue;
- if (setrlimit(i, context->rlimit[i]) < 0) {
+ if (setrlimit_closest(i, context->rlimit[i]) < 0) {
err = -errno;
r = EXIT_LIMITS;
goto fail_child;
execv(path, l);
_exit(EXIT_FAILURE);
}
+
+int setrlimit_closest(int resource, const struct rlimit *rlim) {
+ struct rlimit highest, fixed;
+
+ assert(rlim);
+
+ if (setrlimit(resource, rlim) >= 0)
+ return 0;
+
+ if (errno != EPERM)
+ return -errno;
+
+ /* So we failed to set the desired setrlimit, then let's try
+ * to get as close as we can */
+ assert_se(getrlimit(resource, &highest) == 0);
+
+ fixed.rlim_cur = MIN(rlim->rlim_cur, highest.rlim_max);
+ fixed.rlim_max = MIN(rlim->rlim_max, highest.rlim_max);
+
+ if (setrlimit(resource, &fixed) < 0)
+ return -errno;
+
+ return 0;
+}
#include <limits.h>
#include <sys/stat.h>
#include <dirent.h>
+#include <sys/resource.h>
#include "macro.h"
int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *path, ...);
+int setrlimit_closest(int resource, const struct rlimit *rlim);
+
#endif
projects / systemd / commitdiff