diff options
| author | gVisor bot <gvisor-bot@google.com> | 2021-06-10 20:59:37 +0000 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2021-06-10 20:59:37 +0000 |
| commit | 249bba1c64138166cd334a2760cbc6a05330710b (patch) | |
| tree | 2a3688d41ad9f34d67efa0c4439925ef9cc91f5b /pkg | |
| parent | 642477cfb1a4965995c2cbe17dea089eb0bd8f22 (diff) | |
| parent | d81fcbf85c771a75bcf6600a02b3d411c6f7e383 (diff) | |
Merge release-20210601.0-43-gd81fcbf85 (automated)
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/sentry/control/proc.go | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/pkg/sentry/control/proc.go b/pkg/sentry/control/proc.go index 367849e75..221e98a01 100644 --- a/pkg/sentry/control/proc.go +++ b/pkg/sentry/control/proc.go @@ -99,6 +99,9 @@ type ExecArgs struct { // PIDNamespace is the pid namespace for the process being executed. PIDNamespace *kernel.PIDNamespace + + // Limits is the limit set for the process being executed. + Limits *limits.LimitSet } // String prints the arguments as a string. @@ -151,6 +154,10 @@ func (proc *Proc) execAsync(args *ExecArgs) (*kernel.ThreadGroup, kernel.ThreadI if pidns == nil { pidns = proc.Kernel.RootPIDNamespace() } + limitSet := args.Limits + if limitSet == nil { + limitSet = limits.NewLimitSet() + } initArgs := kernel.CreateProcessArgs{ Filename: args.Filename, Argv: args.Argv, @@ -161,7 +168,7 @@ func (proc *Proc) execAsync(args *ExecArgs) (*kernel.ThreadGroup, kernel.ThreadI Credentials: creds, FDTable: fdTable, Umask: 0022, - Limits: limits.NewLimitSet(), + Limits: limitSet, MaxSymlinkTraversals: linux.MaxSymlinkTraversals, UTSNamespace: proc.Kernel.RootUTSNamespace(), IPCNamespace: proc.Kernel.RootIPCNamespace(), |