Add front-end support for setting resouce limits.

The special value "user" means preserve the invoking user's limit. The value "default" means don't override the default limit for the user as assigned by the system (PAM, loging.conf, userdb, etc).
2021-11-08 18:21:11 -07:00
parent f279df5e18
commit 74ef983f60
4 changed files with 240 additions and 4 deletions
--- a/src/exec.c
+++ b/src/exec.c
@@ -164,6 +164,9 @@ exec_setup(struct command_details *details, int intercept_fd, int errfd)
    if (ISSET(details->flags, CD_OVERRIDE_UMASK))
 	(void) umask(details->umask);

+    /* Apply resource limits specified by the policy, if any. */
+    set_policy_rlimits();
+
    /* Close fds before chroot (need /dev) or uid change (prlimit on Linux). */
    close_fds(details, errfd, intercept_fd);