mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-30 15:38:06 +01:00
Support configuring arbitrary limits(1) for any daemon in rc.conf
Usage is ${name}_limits, and the argument is any flags accepted by limits(1), such as `-n 100' (e.g. only allow 100 open files). Approved by: cy Differential Revision: https://reviews.freebsd.org/D14015
This commit is contained in:
parent
072c8a3b39
commit
148ee4c3ff
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=328331
@ -775,6 +775,8 @@ check_startmsgs()
|
||||
#
|
||||
# ${name}_login_class n Login class to use, else "daemon".
|
||||
#
|
||||
# ${name}_limits n limits(1) to apply to ${command}.
|
||||
#
|
||||
# ${rc_arg}_cmd n If set, use this as the method when invoked;
|
||||
# Otherwise, use default command (see below)
|
||||
#
|
||||
@ -952,7 +954,7 @@ run_rc_command()
|
||||
_group=\$${name}_group _groups=\$${name}_groups \
|
||||
_fib=\$${name}_fib _env=\$${name}_env \
|
||||
_prepend=\$${name}_prepend _login_class=\${${name}_login_class:-daemon} \
|
||||
_oomprotect=\$${name}_oomprotect
|
||||
_limits=\$${name}_limits _oomprotect=\$${name}_oomprotect
|
||||
|
||||
if [ -n "$_user" ]; then # unset $_user if running as that user
|
||||
if [ "$_user" = "$(eval $IDCMD)" ]; then
|
||||
@ -1073,7 +1075,7 @@ $command $rc_flags $command_args"
|
||||
fi
|
||||
|
||||
# Prepend default limits
|
||||
_doit="$_cd limits -C $_login_class $_doit"
|
||||
_doit="$_cd limits -C $_login_class $_limits $_doit"
|
||||
|
||||
# run the full command
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user