call setrlimit() before we drop privs.

2015-04-09 10:06:18 +02:00 · 2015-04-09 10:06:18 +02:00 · b0ff041709
parent 5f1238c2dc
commit b0ff041709
1 changed files with 7 additions and 7 deletions
--- a/src/worker.c
+++ b/src/worker.c
@ -197,6 +197,13 @@ kore_worker_entry(struct kore_worker *kw)
 			fatal("cannot chdir(): %s", errno_s);
 	}

+	rl.rlim_cur = worker_rlimit_nofiles;
+	rl.rlim_max = worker_rlimit_nofiles;
+	if (setrlimit(RLIMIT_NOFILE, &rl) == -1) {
+		kore_log(LOG_ERR, "setrlimit(RLIMIT_NOFILE, %d): %s",
+		    worker_rlimit_nofiles, errno_s);
+	}
+
 	if (getuid() != pw->pw_uid) {
 		if (setgroups(1, &pw->pw_gid) ||
 #ifdef __MACH__
@ -209,13 +216,6 @@ kore_worker_entry(struct kore_worker *kw)
 			fatal("unable to drop privileges");
 	}

-	rl.rlim_cur = worker_rlimit_nofiles;
-	rl.rlim_max = worker_rlimit_nofiles;
-	if (setrlimit(RLIMIT_NOFILE, &rl) == -1) {
-		kore_log(LOG_ERR, "setrlimit(RLIMIT_NOFILE, %d): %s",
-		    worker_rlimit_nofiles, errno_s);
-	}
-
 	(void)snprintf(buf, sizeof(buf), "kore [wrk %d]", kw->id);
 	kore_platform_proctitle(buf);
 	kore_platform_worker_setcpu(kw);