Skip to content

Commit a6629d6

Browse files
millertmillert
committed
Ignore a failure to restore the RLIMIT_CORE resource limit.
Linux containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY if we set the limit to zero, even for root. This is not a problem outside the container. --HG-- branch : 1.8
1 parent fcab8fe commit a6629d6

File tree

1 file changed

+61
-10
lines changed

1 file changed

+61
-10
lines changed

src/limits.c

Lines changed: 61 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -114,13 +114,21 @@ disable_coredump(void)
114114

115115
if (getrlimit(RLIMIT_CORE, &corelimit) == -1)
116116
sudo_warn("getrlimit(RLIMIT_CORE)");
117+
sudo_debug_printf(SUDO_DEBUG_INFO, "RLIMIT_CORE [%lld, %lld] -> [0, 0]",
118+
(long long)corelimit.rlim_cur, (long long)corelimit.rlim_max);
117119
if (setrlimit(RLIMIT_CORE, &rl) == -1)
118120
sudo_warn("setrlimit(RLIMIT_CORE)");
119121
#ifdef __linux__
120122
/* On Linux, also set PR_SET_DUMPABLE to zero (reset by execve). */
121-
if ((dumpflag = prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) == -1)
123+
if ((dumpflag = prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) == -1) {
124+
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
125+
"prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)");
122126
dumpflag = 0;
123-
(void) prctl(PR_SET_DUMPABLE, 0, 0, 0, 0);
127+
}
128+
if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) == -1) {
129+
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
130+
"prctl(PR_SET_DUMPABLE, %d, 0, 0, 0)", dumpflag);
131+
}
124132
#endif /* __linux__ */
125133
coredump_disabled = true;
126134

@@ -136,10 +144,20 @@ restore_coredump(void)
136144
debug_decl(restore_coredump, SUDO_DEBUG_UTIL)
137145

138146
if (coredump_disabled) {
139-
if (setrlimit(RLIMIT_CORE, &corelimit) == -1)
140-
sudo_warn("setrlimit(RLIMIT_CORE)");
147+
/*
148+
* Linux containers don't allow RLIMIT_CORE to be set back to
149+
* RLIM_INFINITY if we set the limit to zero, even for root.
150+
*/
151+
if (setrlimit(RLIMIT_CORE, &corelimit) == -1) {
152+
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
153+
"setrlimit(RLIMIT_CORE, [%lld, %lld])",
154+
(long long)corelimit.rlim_cur, (long long)corelimit.rlim_max);
155+
}
141156
#ifdef __linux__
142-
(void) prctl(PR_SET_DUMPABLE, dumpflag, 0, 0, 0);
157+
if (prctl(PR_SET_DUMPABLE, dumpflag, 0, 0, 0) == -1) {
158+
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
159+
"prctl(PR_SET_DUMPABLE, %d, 0, 0, 0)", dumpflag);
160+
}
143161
#endif /* __linux__ */
144162
}
145163
debug_return;
@@ -162,8 +180,14 @@ unlimit_nproc(void)
162180

163181
if (getrlimit(RLIMIT_NPROC, &nproclimit) != 0)
164182
sudo_warn("getrlimit(RLIMIT_NPROC)");
183+
sudo_debug_printf(SUDO_DEBUG_INFO, "RLIMIT_NPROC [%lld, %lld] -> [inf, inf]",
184+
(long long)nproclimit.rlim_cur, (long long)nproclimit.rlim_max);
165185
if (setrlimit(RLIMIT_NPROC, &rl) == -1) {
166186
rl.rlim_cur = rl.rlim_max = nproclimit.rlim_max;
187+
sudo_debug_printf(SUDO_DEBUG_INFO,
188+
"RLIMIT_NPROC [%lld, %lld] -> [%lld, %lld]",
189+
(long long)nproclimit.rlim_cur, (long long)nproclimit.rlim_max,
190+
(long long)rl.rlim_cur, (long long)rl.rlim_max);
167191
if (setrlimit(RLIMIT_NPROC, &rl) != 0)
168192
sudo_warn("setrlimit(RLIMIT_NPROC)");
169193
}
@@ -180,8 +204,11 @@ restore_nproc(void)
180204
#ifdef __linux__
181205
debug_decl(restore_nproc, SUDO_DEBUG_UTIL)
182206

183-
if (setrlimit(RLIMIT_NPROC, &nproclimit) != 0)
184-
sudo_warn("setrlimit(RLIMIT_NPROC)");
207+
if (setrlimit(RLIMIT_NPROC, &nproclimit) != 0) {
208+
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
209+
"setrlimit(RLIMIT_NPROC, [%lld, %lld])",
210+
(long long)nproclimit.rlim_cur, (long long)nproclimit.rlim_max);
211+
}
185212

186213
debug_return;
187214
#endif /* __linux__ */
@@ -203,6 +230,11 @@ unlimit_sudo(void)
203230
struct saved_limit *lim = &saved_limits[idx];
204231
if (getrlimit(lim->resource, &lim->oldlimit) == -1)
205232
continue;
233+
sudo_debug_printf(SUDO_DEBUG_INFO,
234+
"getrlimit(lim->name) -> [%lld, %lld]",
235+
(long long)lim->oldlimit.rlim_cur,
236+
(long long)lim->oldlimit.rlim_max);
237+
206238
lim->saved = true;
207239
if (lim->newlimit.rlim_cur != RLIM_INFINITY) {
208240
/* Don't reduce the soft resource limit. */
@@ -217,13 +249,28 @@ unlimit_sudo(void)
217249
lim->newlimit.rlim_max = lim->oldlimit.rlim_max;
218250
}
219251
if ((rc = setrlimit(lim->resource, &lim->newlimit)) == -1) {
220-
if (lim->fallback != NULL)
221-
rc = setrlimit(lim->resource, lim->fallback);
252+
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
253+
"setrlimit(%s, [%lld, %lld])", lim->name,
254+
(long long)lim->newlimit.rlim_cur,
255+
(long long)lim->newlimit.rlim_max);
256+
if (lim->fallback != NULL) {
257+
if ((rc = setrlimit(lim->resource, lim->fallback)) == -1) {
258+
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
259+
"setrlimit(%s, [%lld, %lld])", lim->name,
260+
(long long)lim->fallback->rlim_cur,
261+
(long long)lim->fallback->rlim_max);
262+
}
263+
}
222264
if (rc == -1) {
223265
/* Try setting new rlim_cur to old rlim_max. */
224266
lim->newlimit.rlim_cur = lim->oldlimit.rlim_max;
225267
lim->newlimit.rlim_max = lim->oldlimit.rlim_max;
226-
rc = setrlimit(lim->resource, &lim->newlimit);
268+
if ((rc = setrlimit(lim->resource, &lim->newlimit)) == -1) {
269+
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
270+
"setrlimit(%s, [%lld, %lld])", lim->name,
271+
(long long)lim->newlimit.rlim_cur,
272+
(long long)lim->newlimit.rlim_max);
273+
}
227274
}
228275
if (rc == -1)
229276
sudo_warn("setrlimit(%s)", lim->name);
@@ -254,6 +301,10 @@ restore_limits(void)
254301
if (rc != -1 || errno != EINVAL)
255302
break;
256303

304+
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
305+
"setrlimit(%s, [%lld, %lld])", lim->name,
306+
(long long)rl.rlim_cur, (long long)rl.rlim_max);
307+
257308
/*
258309
* Soft limit could be lower than current resource usage.
259310
* This can be an issue on NetBSD with RLIMIT_STACK and ASLR.

0 commit comments

Comments
 (0)