Mercurial > dovecot > core-2.2
changeset 13688:33ecba7f10cc
restrict_access*(): If setuid() fails with EAGAIN, suggest ulimit -u being the problem.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Wed, 09 Nov 2011 18:20:51 +0200 |
parents | 9bdc40e2d1c6 |
children | 523f34bffc94 |
files | src/lib/restrict-access.c |
diffstat | 1 files changed, 22 insertions(+), 13 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib/restrict-access.c Wed Nov 09 18:14:04 2011 +0200 +++ b/src/lib/restrict-access.c Wed Nov 09 18:20:51 2011 +0200 @@ -236,6 +236,26 @@ } } +static const char * +get_setuid_error_str(const struct restrict_access_settings *set) +{ + string_t *str = t_str_new(128); + + str_printfa(str, "setuid(%s", get_uid_str(set->uid)); + if (set->uid_source != NULL) + str_printfa(str, " from %s", set->uid_source); + str_printfa(str, ") failed with euid=%s: %m ", + get_uid_str(geteuid())); + if (errno == EAGAIN) { + str_append(str, "(ulimit -u reached)"); + } else { + str_printfa(str, "(This binary should probably be called with " + "process user set to %s instead of %s)", + get_uid_str(set->uid), get_uid_str(geteuid())); + } + return str_c(str); +} + void restrict_access(const struct restrict_access_settings *set, const char *home, bool disallow_root) { @@ -303,19 +323,8 @@ /* uid last */ if (set->uid != (uid_t)-1) { - if (setuid(set->uid) != 0) { - string_t *str = t_str_new(128); - - str_printfa(str, "setuid(%s", get_uid_str(set->uid)); - if (set->uid_source != NULL) - str_printfa(str, " from %s", set->uid_source); - str_printfa(str, ") failed with euid=%s: %m " - "(This binary should probably be called with " - "process user set to %s instead of %s)", - get_uid_str(geteuid()), - get_uid_str(set->uid), get_uid_str(geteuid())); - i_fatal("%s", str_c(str)); - } + if (setuid(set->uid) != 0) + i_fatal("%s", get_setuid_error_str(set)); } /* verify that we actually dropped the privileges */