sandbox: enforce rlimit restrictions before connect

Basic pre-connect sandbox: disable the ability for the xmppipe process to fork.
2024-11-13 13:10:32 +00:00 · 2017-04-13 10:02:29 -04:00 · 2017-04-13 10:02:29 -04:00 · 6aa2cb528e
commit 6aa2cb528e
parent 90c57630b6
1 changed files with 7 additions and 0 deletions
--- a/src/xmppipe_sandbox_rlimit.c
+++ b/src/xmppipe_sandbox_rlimit.c
@ -21,6 +21,13 @@
    int
 xmppipe_sandbox_init(xmppipe_state_t *state)
 {
+    struct rlimit rl_zero = {0};
+
+#ifdef RLIMIT_NPROC
+    if (setrlimit(RLIMIT_NPROC, &rl_zero) < 0)
+        return -1;
+#endif
+
    return 0;
 }