diff options
author | davidn <davidn@FreeBSD.org> | 1997-01-19 16:49:13 +0000 |
---|---|---|
committer | davidn <davidn@FreeBSD.org> | 1997-01-19 16:49:13 +0000 |
commit | 557de278bcc6a33e6842306495187985a682f3f2 (patch) | |
tree | 20e28f16629360989ab47f63ef37b9ac0b2f6f30 /sbin/init/init.c | |
parent | ccc345ffe508058dd560cb5a884721ac8147709c (diff) | |
download | FreeBSD-src-557de278bcc6a33e6842306495187985a682f3f2.zip FreeBSD-src-557de278bcc6a33e6842306495187985a682f3f2.tar.gz |
Impose login_cap resource limits on processes started by init.
/etc/rc started with "daemon" settings.
"window=" started with "default" settings
gettys started with "default" settings.
This should open the way to junk kernel options MAX_{OPEN,CHILD}
and the corresponding sysctl vars.
Diffstat (limited to 'sbin/init/init.c')
-rw-r--r-- | sbin/init/init.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/sbin/init/init.c b/sbin/init/init.c index 7e73558..cd3fc99 100644 --- a/sbin/init/init.c +++ b/sbin/init/init.c @@ -72,6 +72,14 @@ static char sccsid[] = "@(#)init.c 8.1 (Berkeley) 7/15/93"; #include <pwd.h> #endif +#ifdef LOGIN_CAP +#include <login_cap.h> +#define RESOURCE_RC "daemon" +#define RESOURCE_WINDOW "default" +#define RESOURCE_GETTY "default" +static void setprocresources __P((const char *)); +#endif + #include "pathnames.h" /* @@ -736,6 +744,10 @@ runcom() sigprocmask(SIG_SETMASK, &sa.sa_mask, (sigset_t *) 0); +#ifdef LOGIN_CAP + setprocresources(RESOURCE_RC); +#endif + execv(_PATH_BSHELL, argv); stall("can't exec %s for %s: %m", _PATH_BSHELL, _PATH_RUNCOM); _exit(1); /* force single user mode */ @@ -1070,6 +1082,9 @@ start_window_system(sp) if (setsid() < 0) emergency("setsid failed (window) %m"); +#ifdef LOGIN_CAP + setprocresources(RESOURCE_WINDOW); +#endif if (sp->se_type) { /* Don't use malloc after fork */ strcpy(term, "TERM="); @@ -1132,6 +1147,9 @@ start_getty(sp) sigemptyset(&mask); sigprocmask(SIG_SETMASK, &mask, (sigset_t *) 0); +#ifdef LOGIN_CAP + setprocresources(RESOURCE_GETTY); +#endif if (sp->se_type) { /* Don't use malloc after fork */ strcpy(term, "TERM="); @@ -1434,3 +1452,16 @@ strk (char *p) } return q; } + +#ifdef LOGIN_CAP +static void +setprocresources(const char *cname) +{ + login_cap_t *lc = login_getclassbyname(cname, NULL); + if (lc != NULL) { + setusercontext(lc, NULL, 0, LOGIN_SETPRIORITY|LOGIN_SETRESOURCES); + login_close(lc); + } +} +#endif + |