join: add support for rlimit options

2026-05-15 06:06:02 -06:00 · 2021-09-22 20:12:58 +02:00 · 2021-09-22 20:12:58 +02:00 · 921c9cc153
commit 921c9cc153
parent 7a1dd38c51
3 changed files with 46 additions and 6 deletions
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@ -551,10 +551,6 @@ void join(pid_t pid, int argc, char **argv, int index) {
 		if (cfg.cpus)	// not available for uid 0
 			set_cpu_affinity();

-		// set nice value
-		if (arg_nice)
-			set_nice(cfg.nice);
-
 		// add x11 display
 		if (display) {
 			char *display_str;
@ -573,6 +569,11 @@ void join(pid_t pid, int argc, char **argv, int index) {
 			dbus_set_system_bus_env();
 #endif

+		// set nice and rlimits
+		if (arg_nice)
+			set_nice(cfg.nice);
+		set_rlimits();
+
 		start_application(0, shfd, NULL);

 		__builtin_unreachable();
--- a/test/environment/environment.sh
+++ b/test/environment/environment.sh
@ -112,14 +112,17 @@ echo "TESTING: rlimit (test/environment/rlimit.exp)"
 echo "TESTING: rlimit profile (test/environment/rlimit-profile.exp)"
 ./rlimit-profile.exp

+echo "TESTING: rlimit join (test/environment/rlimit-join.exp)"
+./rlimit-join.exp
+
 echo "TESTING: rlimit errors (test/environment/rlimit-bad.exp)"
 ./rlimit-bad.exp

 echo "TESTING: rlimit errors profile (test/environment/rlimit-bad-profile.exp)"
 ./rlimit-bad-profile.exp

-echo "TESTING: deterministic exit code (test/environment/deterministic-exit-code.exp"
+echo "TESTING: deterministic exit code (test/environment/deterministic-exit-code.exp)"
 ./deterministic-exit-code.exp

-echo "TESTING: retain umask (test/environment/umask.exp"
+echo "TESTING: retain umask (test/environment/umask.exp)"
 (umask 123 && ./umask.exp)
--- a/test/environment/rlimit-join.exp
+++ b/test/environment/rlimit-join.exp
@ -0,0 +1,36 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2021 Firejail Authors
+# License GPL v2
+
+set timeout 10
+cd /home
+spawn $env(SHELL)
+match_max 100000
+
+send --  "firejail --noprofile --name=\"rlimit testing\"\r"
+expect {
+	timeout {puts "TESTING ERROR 0\n";exit}
+	"Child process initialized"
+}
+sleep 1
+
+spawn $env(SHELL)
+send --  "firejail --rlimit-nofile=1234 --join=\"rlimit testing\"\r"
+expect {
+	timeout {puts "TESTING ERROR 1\n";exit}
+	"Switching to pid"
+}
+sleep 1
+
+send -- "cat /proc/self/limits\r"
+expect {
+	timeout {puts "TESTING ERROR 2\n";exit}
+	"Max open files            1234                 1234"
+}
+after 100
+
+send -- "exit\r"
+after 100
+
+puts "\nall done\n"