From d90f8af59cdcebab382707098f32c87f950ab5df Mon Sep 17 00:00:00 2001
From: Greg Steuck <blackgnezdo@gmail.com>
Date: Mon, 10 Dec 2018 22:39:44 -0800
Subject: executor: reapply setuid sandbox for bsd

* Revert "Revert "executor: add setuid sandbox for openbsd""

The problem is the low file descriptor limit.

This reverts commit 4093e33b1338f274ae0062f555de9d6af8640d61.

* executor/executor make sure the file descriptor limit is sufficient
---
 executor/executor.cc | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'executor/executor.cc')

diff --git a/executor/executor.cc b/executor/executor.cc
index 6569326d3..d6e7b75b3 100644
--- a/executor/executor.cc
+++ b/executor/executor.cc
@@ -12,6 +12,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/resource.h>
 #include <time.h>
 #include <unistd.h>
 
@@ -422,6 +423,11 @@ int main(int argc, char** argv)
 
 void setup_control_pipes()
 {
+	// Makes sure the file descriptor limit is sufficient.
+	struct rlimit rlim;
+	rlim.rlim_cur = rlim.rlim_max = kMaxFd;
+	setrlimit(RLIMIT_NOFILE, &rlim);
+
 	if (dup2(0, kInPipeFd) < 0)
 		fail("dup2(0, kInPipeFd) failed");
 	if (dup2(1, kOutPipeFd) < 0)
-- 
cgit mrf-deployment