From 2035b2236d3b1f76c749c642a43e03c85eae76e6 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sun, 26 Jan 2014 09:39:53 +1100
Subject:   - (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable 
    RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations,     libc
 will attempt to open additional file descriptors for crypto     offload and
 crash if they cannot be opened.

---
 sandbox-capsicum.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'sandbox-capsicum.c')

diff --git a/sandbox-capsicum.c b/sandbox-capsicum.c
index f648c6ec..ee2a7e79 100644
--- a/sandbox-capsicum.c
+++ b/sandbox-capsicum.c
@@ -75,9 +75,11 @@ ssh_sandbox_child(struct ssh_sandbox *box)
 	if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
 		fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
 			__func__, strerror(errno));
+#ifndef SANDBOX_SKIP_RLIMIT_NOFILE
 	if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
 		fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
 			__func__, strerror(errno));
+#endif
 	if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
 		fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
 			__func__, strerror(errno));
-- 
cgit v1.2.1