Impose login_cap resource limits on processes started by init.

/etc/rc started with "daemon" settings. "window=" started with "default" settings gettys started with "default" settings. This should open the way to junk kernel options MAX_{OPEN,CHILD} and the corresponding sysctl vars.
author: davidn <davidn@FreeBSD.org> 1997-01-19 16:49:13 +0000
committer: davidn <davidn@FreeBSD.org> 1997-01-19 16:49:13 +0000
commit: 557de278bcc6a33e6842306495187985a682f3f2 (patch)
tree: 20e28f16629360989ab47f63ef37b9ac0b2f6f30 /sbin/init
parent: ccc345ffe508058dd560cb5a884721ac8147709c (diff)
download: FreeBSD-src-557de278bcc6a33e6842306495187985a682f3f2.zip
FreeBSD-src-557de278bcc6a33e6842306495187985a682f3f2.tar.gz
2 files changed, 32 insertions, 1 deletions
diff --git a/sbin/init/Makefile b/sbin/init/Makefile
index eb5a356..f566f88 100644
--- a/sbin/init/Makefile
+++ b/sbin/init/Makefile
@@ -5,7 +5,7 @@ PROG=	init
 MAN8=	init.8
 BINMODE=500
 INSTALLFLAGS=-fschg
-CFLAGS+=-DDEBUGSHELL -DSECURE
+CFLAGS+=-DDEBUGSHELL -DSECURE -DLOGIN_CAP
 
 .if exists(../../secure) && !defined(NOCRYPT) && !defined(NOSECURE)
 DISTRIBUTION=des
diff --git a/sbin/init/init.c b/sbin/init/init.c
index 7e73558..cd3fc99 100644
--- a/sbin/init/init.c
+++ b/sbin/init/init.c
@@ -72,6 +72,14 @@ static char sccsid[] = "@(#)init.c	8.1 (Berkeley) 7/15/93";
 #include <pwd.h>
 #endif
 
+#ifdef LOGIN_CAP
+#include <login_cap.h>
+#define RESOURCE_RC	"daemon"
+#define RESOURCE_WINDOW "default"
+#define RESOURCE_GETTY	"default"
+static void setprocresources __P((const char *));
+#endif
+
 #include "pathnames.h"
 
 /*
@@ -736,6 +744,10 @@ runcom()
 
 		sigprocmask(SIG_SETMASK, &sa.sa_mask, (sigset_t *) 0);
 
+#ifdef LOGIN_CAP
+		setprocresources(RESOURCE_RC);
+#endif
+
 		execv(_PATH_BSHELL, argv);
 		stall("can't exec %s for %s: %m", _PATH_BSHELL, _PATH_RUNCOM);
 		_exit(1);	/* force single user mode */
@@ -1070,6 +1082,9 @@ start_window_system(sp)
 	if (setsid() < 0)
 		emergency("setsid failed (window) %m");
 
+#ifdef LOGIN_CAP
+	setprocresources(RESOURCE_WINDOW);
+#endif
 	if (sp->se_type) {
 		/* Don't use malloc after fork */
 		strcpy(term, "TERM=");
@@ -1132,6 +1147,9 @@ start_getty(sp)
 	sigemptyset(&mask);
 	sigprocmask(SIG_SETMASK, &mask, (sigset_t *) 0);
 
+#ifdef LOGIN_CAP
+	setprocresources(RESOURCE_GETTY);
+#endif
 	if (sp->se_type) {
 		/* Don't use malloc after fork */
 		strcpy(term, "TERM=");
@@ -1434,3 +1452,16 @@ strk (char *p)
     }
     return q;
 }
+
+#ifdef LOGIN_CAP
+static void
+setprocresources(const char *cname)
+{
+  login_cap_t *lc = login_getclassbyname(cname, NULL);
+  if (lc != NULL) {
+    setusercontext(lc, NULL, 0, LOGIN_SETPRIORITY|LOGIN_SETRESOURCES);
+    login_close(lc);
+  }
+}
+#endif
+
author	davidn <davidn@FreeBSD.org>	1997-01-19 16:49:13 +0000
committer	davidn <davidn@FreeBSD.org>	1997-01-19 16:49:13 +0000
commit	557de278bcc6a33e6842306495187985a682f3f2 (patch)
tree	20e28f16629360989ab47f63ef37b9ac0b2f6f30 /sbin/init
parent	ccc345ffe508058dd560cb5a884721ac8147709c (diff)
download	FreeBSD-src-557de278bcc6a33e6842306495187985a682f3f2.zip FreeBSD-src-557de278bcc6a33e6842306495187985a682f3f2.tar.gz