From 7e26029ff36d6112bd8c3273327c97708f9ee61e Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 27 Jan 2015 02:33:46 +0100
Subject: [PATCH] timesyncd: set RLIMIT_NPROC to 2

This way timesyncd cannot be used to fork().

Note that it generally is not safe to use RLIMIT_NPROC, since it breaks
running the same daemon in multiple containers if they do not use user
namespacing. However, timesyncd is excepted from running in a container
anyway, hence it is safe in this case.
---
 src/timesync/timesyncd.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c
index f7e089fc0c..2a73dac033 100644
--- a/src/timesync/timesyncd.c
+++ b/src/timesync/timesyncd.c
@@ -113,6 +113,10 @@ int main(int argc, char *argv[]) {
         if (r < 0)
                 goto finish;
 
+        /* We need one process for ourselves, plus one thread for the asynchronous resolver */
+        if (setrlimit(RLIMIT_NPROC, &RLIMIT_MAKE_CONST(2)) < 0)
+                log_warning_errno(errno, "Failed to lower RLIMIT_NPROC to 2: %m");
+
         assert_se(sigprocmask_many(SIG_BLOCK, SIGTERM, SIGINT, -1) == 0);
 
         r = manager_new(&m);