sandbox: do not reset RLIMIT_CORE

alpeng-jump · alpeng-jump · commit f9336b7836d5 · 2025-07-17T14:12:08.000Z
diff --git a/src/util/sandbox/fd_sandbox.c b/src/util/sandbox/fd_sandbox.c
@@ -386,7 +386,8 @@ struct rlimit_setting {
 void
 fd_sandbox_private_set_rlimits( ulong rlimit_file_cnt,
                                 ulong rlimit_address_space,
-                                ulong rlimit_data ) {
+                                ulong rlimit_data,
+                                int dumpable ) {
   struct rlimit_setting rlimits[] = {
     { .resource=RLIMIT_NOFILE,     .limit=rlimit_file_cnt },
     /* The man page for setrlimit(2) states about RLIMIT_NICE:
@@ -425,6 +426,7 @@ fd_sandbox_private_set_rlimits( ulong rlimit_file_cnt,
   };
 
   for( ulong i=0UL; i<sizeof(rlimits)/sizeof(rlimits[ 0 ]); i++ ) {
+    if( dumpable && rlimits[i].resource == RLIMIT_CORE ) continue;
     struct rlimit limit = { .rlim_cur=rlimits[ i ].limit, .rlim_max=rlimits[ i ].limit };
     if( -1==setrlimit( rlimits[ i ].resource, &limit ) ) FD_LOG_ERR(( "setrlimit(%u) failed (%i-%s)", rlimits[ i ].resource, errno, fd_io_strerror( errno ) ));
   }
@@ -664,7 +666,7 @@ fd_sandbox_private_enter_no_seccomp( uint        desired_uid,
   fd_sandbox_private_landlock_restrict_self( allow_connect );
 
   /* And trim all the resource limits down to zero. */
-  fd_sandbox_private_set_rlimits( rlimit_file_cnt, rlimit_address_space, rlimit_data );
+  fd_sandbox_private_set_rlimits( rlimit_file_cnt, rlimit_address_space, rlimit_data, dumpable );
 
   /* And drop all the capabilities we have in the new user namespace. */
   fd_sandbox_private_drop_caps( cap_last_cap );
diff --git a/src/util/sandbox/fd_sandbox_private.h b/src/util/sandbox/fd_sandbox_private.h
@@ -134,12 +134,15 @@ fd_sandbox_private_pivot_root( void );
    rlimit_file_cnt argument, RLIMIT_AS which is restricted to the
    provided rlimit_address_space argument, RLIMIT_DATA which is
    restricted to the provided rlimit_data argument, and RLIMIT_CPU,
-   RLIMIT_FSIZE, and RLIMIT_RSS which are left as they are (unlimited). */
+   RLIMIT_FSIZE, and RLIMIT_RSS which are left as they are (unlimited).
+
+   If the dumpable bit is set to 1, RLIMIT_CORE is left unchanged. */
 
 void
 fd_sandbox_private_set_rlimits( ulong rlimit_file_cnt,
                                 ulong rlimit_address_space,
-                                ulong rlimit_data );
+                                ulong rlimit_data,
+                                int   dumpable );
 
 /* Read the value of cap_last_cap from /proc/sys/kernel/cap_last_cap
    and return it.  Any error reading or parsing the file will log an
diff --git a/src/util/sandbox/test_sandbox.c b/src/util/sandbox/test_sandbox.c
@@ -391,7 +391,7 @@ test_resource_limits_inner( void ) {
 
   TEST_FORK_EXIT_CODE( (void)0, 0 );
 
-  fd_sandbox_private_set_rlimits( 0UL, 0UL, 0UL );
+  fd_sandbox_private_set_rlimits( 0UL, 0UL, 0UL, 0 );
 
   for( ulong i=0UL; i<sizeof( rlimits )/sizeof( rlimits[ 0 ] ); i++ ) {
     struct rlimit rlim;
