summaryrefslogtreecommitdiff
path: root/src/nspawn/nspawn-setuid.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/nspawn/nspawn-setuid.c')
-rw-r--r--src/nspawn/nspawn-setuid.c5
1 files changed, 1 insertions, 4 deletions
diff --git a/src/nspawn/nspawn-setuid.c b/src/nspawn/nspawn-setuid.c
index e396d66441..5772d96b2f 100644
--- a/src/nspawn/nspawn-setuid.c
+++ b/src/nspawn/nspawn-setuid.c
@@ -12,7 +12,6 @@
#include "mkdir.h"
#include "nspawn-setuid.h"
#include "process-util.h"
-#include "rlimit-util.h"
#include "signal-util.h"
#include "string-util.h"
#include "strv.h"
@@ -29,7 +28,7 @@ static int spawn_getent(const char *database, const char *key, pid_t *rpid) {
if (pipe2(pipe_fds, O_CLOEXEC) < 0)
return log_error_errno(errno, "Failed to allocate pipe: %m");
- r = safe_fork("(getent)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
+ r = safe_fork("(getent)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE, &pid);
if (r < 0) {
safe_close_pair(pipe_fds);
return r;
@@ -44,8 +43,6 @@ static int spawn_getent(const char *database, const char *key, pid_t *rpid) {
(void) close_all_fds(NULL, 0);
- (void) rlimit_nofile_safe();
-
execle("/usr/bin/getent", "getent", database, key, NULL, &empty_env);
execle("/bin/getent", "getent", database, key, NULL, &empty_env);
_exit(EXIT_FAILURE);