chiark / gitweb /
~ianmdlvl / elogind.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: c51cbfd)
timesyncd: set RLIMIT_NPROC to 2
authorLennart Poettering <lennart@poettering.net>
Tue, 27 Jan 2015 01:33:46 +0000 (02:33 +0100)
committerLennart Poettering <lennart@poettering.net>
Tue, 27 Jan 2015 01:33:46 +0000 (02:33 +0100)
This way timesyncd cannot be used to fork().

Note that it generally is not safe to use RLIMIT_NPROC, since it breaks
running the same daemon in multiple containers if they do not use user
namespacing. However, timesyncd is excepted from running in a container
anyway, hence it is safe in this case.

src/timesync/timesyncd.c patch | blob | history

diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c
index f7e089fc0c5eda841ef18e42375581d403cfcbbe..2a73dac033c8fe1570febd1ac2fb16a3e1fdb26c 100644 (file)
--- a/src/timesync/timesyncd.c
+++ b/src/timesync/timesyncd.c
@@ -113,6 +113,10 @@ int main(int argc, char *argv[]) {
         if (r < 0)
                 goto finish;
 
+        /* We need one process for ourselves, plus one thread for the asynchronous resolver */
+        if (setrlimit(RLIMIT_NPROC, &RLIMIT_MAKE_CONST(2)) < 0)
+                log_warning_errno(errno, "Failed to lower RLIMIT_NPROC to 2: %m");
+
         assert_se(sigprocmask_many(SIG_BLOCK, SIGTERM, SIGINT, -1) == 0);
 
         r = manager_new(&m);
Unnamed repository; edit this file 'description' to name the repository.