dovecot-2.1: restrict_access*(): If setuid() fails with EAGAIN, ...

dovecot at dovecot.org dovecot at dovecot.org
Wed Nov 9 18:23:33 EET 2011 

details:   http://hg.dovecot.org/dovecot-2.1/rev/33ecba7f10cc
changeset: 13688:33ecba7f10cc
user:      Timo Sirainen <tss at iki.fi>
date:      Wed Nov 09 18:20:51 2011 +0200
description:
restrict_access*(): If setuid() fails with EAGAIN, suggest ulimit -u being the problem.

diffstat:

 src/lib/restrict-access.c |  35 ++++++++++++++++++++++-------------
 1 files changed, 22 insertions(+), 13 deletions(-)

diffs (52 lines):

diff -r 9bdc40e2d1c6 -r 33ecba7f10cc src/lib/restrict-access.c
--- a/src/lib/restrict-access.c	Wed Nov 09 18:14:04 2011 +0200
+++ b/src/lib/restrict-access.c	Wed Nov 09 18:20:51 2011 +0200
@@ -236,6 +236,26 @@
 	}
 }
 
+static const char *
+get_setuid_error_str(const struct restrict_access_settings *set)
+{
+	string_t *str = t_str_new(128);
+
+	str_printfa(str, "setuid(%s", get_uid_str(set->uid));
+	if (set->uid_source != NULL)
+		str_printfa(str, " from %s", set->uid_source);
+	str_printfa(str, ") failed with euid=%s: %m ",
+		    get_uid_str(geteuid()));
+	if (errno == EAGAIN) {
+		str_append(str, "(ulimit -u reached)");
+	} else {
+		str_printfa(str, "(This binary should probably be called with "
+			    "process user set to %s instead of %s)",
+			    get_uid_str(set->uid), get_uid_str(geteuid()));
+	}
+	return str_c(str);
+}
+
 void restrict_access(const struct restrict_access_settings *set,
 		     const char *home, bool disallow_root)
 {
@@ -303,19 +323,8 @@
 
 	/* uid last */
 	if (set->uid != (uid_t)-1) {
-		if (setuid(set->uid) != 0) {
-			string_t *str = t_str_new(128);
-
-			str_printfa(str, "setuid(%s", get_uid_str(set->uid));
-			if (set->uid_source != NULL)
-				str_printfa(str, " from %s", set->uid_source);
-			str_printfa(str, ") failed with euid=%s: %m "
-				"(This binary should probably be called with "
-				"process user set to %s instead of %s)",
-				get_uid_str(geteuid()),
-				get_uid_str(set->uid), get_uid_str(geteuid()));
-			i_fatal("%s", str_c(str));
-		}
+		if (setuid(set->uid) != 0)
+			i_fatal("%s", get_setuid_error_str(set));
 	}
 
 	/* verify that we actually dropped the privileges */

More information about the dovecot-cvs mailing list