Skip to content

Commit

Permalink
setup_rlimits() should be called before giving up root privileges
Browse files Browse the repository at this point in the history 
Some Linux kernels between Linux 4.14 and 4.15 (more specifically
between commits 04e35f4495dd560db30c25efca4eecae8ec8c375 and
779f4e1c6c7c661db40dfebd6dd6bda7b5f88aa3) reset the hard limit
on stack size to the default 8 MB, overriding a possible higher
limit set up by PAM.

On such kernels, isolate was unable to set up the default ulimited
stack and died. I move setting of the resource limits before giving
up root privileges, so even a hard limit will be increased if needed.
  • Loading branch information
@gollux
gollux committed Dec 27, 2017
1 parent e770b0a commit 39b55fc
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion isolate.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -580,9 +580,9 @@ box_inside(void *arg)
reset_signals();
cg_enter();
setup_root();
setup_rlimits();
setup_credentials();
setup_fds();
setup_rlimits();
char **env = setup_environment();

if (set_cwd && chdir(set_cwd))
Expand Down

0 comments on commit 39b55fc

Please sign in to comment.