timesyncd: set RLIMIT_NPROC to 2
This way timesyncd cannot be used to fork(). Note that it generally is not safe to use RLIMIT_NPROC, since it breaks running the same daemon in multiple containers if they do not use user namespacing. However, timesyncd is excepted from running in a container anyway, hence it is safe in this case.
This commit is contained in:
parent
c51cbfdcc7
commit
7e26029ff3
|
@ -113,6 +113,10 @@ int main(int argc, char *argv[]) {
|
|||
if (r < 0)
|
||||
goto finish;
|
||||
|
||||
/* We need one process for ourselves, plus one thread for the asynchronous resolver */
|
||||
if (setrlimit(RLIMIT_NPROC, &RLIMIT_MAKE_CONST(2)) < 0)
|
||||
log_warning_errno(errno, "Failed to lower RLIMIT_NPROC to 2: %m");
|
||||
|
||||
assert_se(sigprocmask_many(SIG_BLOCK, SIGTERM, SIGINT, -1) == 0);
|
||||
|
||||
r = manager_new(&m);
|
||||
|
|
Loading…
Reference in New Issue