1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00

Merge pull request #28968 from DaanDeMeyer/rlimit

Limit rlim_max in rlimit_nofile_safe() to nr_open
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2023-08-27 16:06:58 +02:00 committed by GitHub
commit 6f420b5f75
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 2 deletions

View File

@ -395,7 +395,11 @@ int rlimit_nofile_safe(void) {
if (rl.rlim_cur <= FD_SETSIZE) if (rl.rlim_cur <= FD_SETSIZE)
return 0; return 0;
rl.rlim_cur = FD_SETSIZE; /* So we might have inherited a hard limit that's larger than the kernel's maximum limit as stored in
* /proc/sys/fs/nr_open. If we pass this hard limit unmodified to setrlimit(), we'll get EPERM. To
* make sure that doesn't happen, let's limit our hard limit to the value from nr_open. */
rl.rlim_max = MIN(rl.rlim_max, (rlim_t) read_nr_open());
rl.rlim_cur = MIN((rlim_t) FD_SETSIZE, rl.rlim_max);
if (setrlimit(RLIMIT_NOFILE, &rl) < 0) if (setrlimit(RLIMIT_NOFILE, &rl) < 0)
return log_debug_errno(errno, "Failed to lower RLIMIT_NOFILE's soft limit to " RLIM_FMT ": %m", rl.rlim_cur); return log_debug_errno(errno, "Failed to lower RLIMIT_NOFILE's soft limit to " RLIM_FMT ": %m", rl.rlim_cur);

View File

@ -603,7 +603,7 @@ int make_filesystem(
/*except_fds=*/ NULL, /*except_fds=*/ NULL,
/*n_except_fds=*/ 0, /*n_except_fds=*/ 0,
FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_WAIT| FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_WAIT|
FORK_CLOSE_ALL_FDS|FORK_REARRANGE_STDIO|FORK_NEW_MOUNTNS, FORK_CLOSE_ALL_FDS|FORK_REARRANGE_STDIO|FORK_NEW_MOUNTNS|FORK_REOPEN_LOG,
/*ret_pid=*/ NULL); /*ret_pid=*/ NULL);
if (r < 0) if (r < 0)
return r; return r;