From 6aa2cb528e4dda3319fd54d71bdd359a17e06ccf Mon Sep 17 00:00:00 2001
From: Michael Santos <michael.santos@gmail.com>
Date: Thu, 13 Apr 2017 10:02:29 -0400
Subject: [PATCH] sandbox: enforce rlimit restrictions before connect

Basic pre-connect sandbox: disable the ability for the xmppipe process
to fork.
---
 src/xmppipe_sandbox_rlimit.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/xmppipe_sandbox_rlimit.c b/src/xmppipe_sandbox_rlimit.c
index b8545cf..e59c224 100644
--- a/src/xmppipe_sandbox_rlimit.c
+++ b/src/xmppipe_sandbox_rlimit.c
@@ -21,6 +21,13 @@
     int
 xmppipe_sandbox_init(xmppipe_state_t *state)
 {
+    struct rlimit rl_zero = {0};
+
+#ifdef RLIMIT_NPROC
+    if (setrlimit(RLIMIT_NPROC, &rl_zero) < 0)
+        return -1;
+#endif
+
     return 0;
 }