rlimit: test if stdout is a file

Fix rlimit process restriction in commit 29d29f21: * fd 1 is opened by the parent: enforce restrictions at startup * enable RLIMIT_FSIZE if fd 2 is not a regular file * fix compile error
12 months ago · 1a180c7655
parent 29d29f21c7
commit 1a180c7655
1 changed files with 12 additions and 5 deletions
--- a/src/restrict_process_rlimit.c
+++ b/src/restrict_process_rlimit.c
@ -17,10 +17,22 @@
 #include <sys/time.h>
 #include <unistd.h>

+#include <sys/stat.h>
+#include <sys/types.h>
+
 #include "xmppipe.h"

 int restrict_process_init(xmppipe_state_t *state) {
  struct rlimit rl_zero = {0};
+  struct stat sb = {0};
+
+  if (fstat(STDOUT_FILENO, &sb) < 0)
+    return -1;
+
+  if (!S_ISREG(sb.st_mode)) {
+    if (setrlimit(RLIMIT_FSIZE, &rl_zero) < 0)
+      return -1;
+  }

  return setrlimit(RLIMIT_NPROC, &rl_zero);
 }
@ -28,11 +40,6 @@ int restrict_process_init(xmppipe_state_t *state) {
 int restrict_process_stdin(xmppipe_state_t *state) {
  struct rlimit rl = {0};

-  if (isatty(STDOUT_FILENO)) {
-    if (setrlimit(RLIMIT_FSIZE, &rl_zero) != 0)
-      return -1;
-  }
-
  rl.rlim_cur = RESTRICT_PROCESS_RLIMIT_NOFILE;
  rl.rlim_max = RESTRICT_PROCESS_RLIMIT_NOFILE;