executor: reapply setuid sandbox for bsd

* Revert "Revert "executor: add setuid sandbox for openbsd"" The problem is the low file descriptor limit. This reverts commit 4093e33b1338f274ae0062f555de9d6af8640d61. * executor/executor make sure the file descriptor limit is sufficient
author: Greg Steuck <blackgnezdo@gmail.com> 2018-12-10 22:39:44 -0800
committer: Dmitry Vyukov <dvyukov@google.com> 2018-12-11 07:39:44 +0100
commit: d90f8af59cdcebab382707098f32c87f950ab5df (patch)
tree: 6a356ee5a90047dd2398fc39c19241af73a4a27c /executor/executor.cc
parent: 4093e33b1338f274ae0062f555de9d6af8640d61 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/executor/executor.cc b/executor/executor.cc
index 6569326d3..d6e7b75b3 100644
--- a/executor/executor.cc
+++ b/executor/executor.cc
@@ -12,6 +12,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/resource.h>
 #include <time.h>
 #include <unistd.h>
 
@@ -422,6 +423,11 @@ int main(int argc, char** argv)
 
 void setup_control_pipes()
 {
+	// Makes sure the file descriptor limit is sufficient.
+	struct rlimit rlim;
+	rlim.rlim_cur = rlim.rlim_max = kMaxFd;
+	setrlimit(RLIMIT_NOFILE, &rlim);
+
 	if (dup2(0, kInPipeFd) < 0)
 		fail("dup2(0, kInPipeFd) failed");
 	if (dup2(1, kOutPipeFd) < 0)
author	Greg Steuck <blackgnezdo@gmail.com>	2018-12-10 22:39:44 -0800
committer	Dmitry Vyukov <dvyukov@google.com>	2018-12-11 07:39:44 +0100
commit	d90f8af59cdcebab382707098f32c87f950ab5df (patch)
tree	6a356ee5a90047dd2398fc39c19241af73a4a27c /executor/executor.cc
parent	4093e33b1338f274ae0062f555de9d6af8640d61 (diff)