ksgi
/
sandbox-darwin.c
75 строк · 1.9 Кб
1/* $Id$ */2/*3* Copyright (c) 2012, 2014 Kristaps Dzonsons <kristaps@bsd.lv>4*5* Permission to use, copy, modify, and distribute this software for any6* purpose with or without fee is hereby granted, provided that the above7* copyright notice and this permission notice appear in all copies.8*9* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES10* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF11* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR12* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES13* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN14* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF15* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.16*/17#include "config.h"18#if HAVE_SANDBOX_INIT20#include <sys/resource.h>22#include <sandbox.h>24#include <stdarg.h>25#include <stdint.h>26#include <stdlib.h>27#include "kcgi.h"29#include "extern.h"30int32ksandbox_darwin_init_child(enum sandtype type)33{34int rc;35char *er;36struct rlimit rl_zero;37rc = type == SAND_WORKER ?39sandbox_init(kSBXProfilePureComputation,40SANDBOX_NAMED, &er) :41sandbox_init(kSBXProfileNoWrite,42SANDBOX_NAMED, &er);43if (rc != 0) {45kutil_warn(NULL, NULL, "sandbox_init: %s", er);46sandbox_free_error(er);47rc = 0;48} else49rc = 1;50rl_zero.rlim_cur = rl_zero.rlim_max = 0;52#if 054/*55* This doesn't play with kutil_openlog.56*/57if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)58kutil_warn(NULL, NULL, "setrlimit");59/*61* FIXME: I've taken out the RLIMIT_NOFILE setrlimit() because62* it causes strange behaviour. On Mac OS X, it fails with63* EPERM no matter what (the same code runs fine when not run as64* a CGI instance).65*/66if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)67kutil_warn(NULL, NULL, "setrlimit");68#endif69if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)70kutil_warn(NULL, NULL, "setrlimit");71return rc;73}74#endif76