Linux Sandbox: Whitelist prlimit64 when used as getrlimit

Linux Sandbox: Whitelist prlimit64 when used as getrlimit

From http://man7.org/linux/man-pages/man2/getrlimit.2.html:

The Linux-specific prlimit() system call combines and extends the
functionality of setrlimit() and getrlimit().  It can be used to both
set and get the resource limits of an arbitrary process.

Since version 2.13, the glibc getrlimit() and setrlimit() wrapper
functions no longer invoke the corresponding system calls, but
instead employ prlimit(), for the reasons described in BUGS.

If new_limit is not NULL, then the rlimit structure to which it points is
used to set new values.  If it is NULL, then prlimit() acts as getrlimit().

So, allow prlimit() with new_limit=NULL, and pid is the current process
(or 0), so the glib implementation of getrlimit can succeed.

BUG=chromium:662450
TEST=boot on ChromeOS w/ sandbox enabled
 No messages like:
   getrlimit(RLIMIT_NOFILE) failed

NOTRY=true
NOPRESUBMIT=true

Review-Url: https://codereview.chromium.org/2484393004
Cr-Commit-Position: refs/heads/master@{#434872}
(cherry picked from commit 5ce3b357d4cb9906b57f5758ef271cb69dbb664b)

[Daniel Kurtz, 2016-11-30 04:16:32]

The CQ bit was checked by djkurtz@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-30 04:17:14]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-30 04:17:16]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-11-30 04:17:17]

Dry run: CLs for remote refs other than refs/pending/heads/master must contain
NOTRY=true and NOPRESUBMIT=true in order for the CQ to process them

[Daniel Kurtz, 2016-12-02 05:29:05]

Description was changed from

==========
Linux Sandbox: Whitelist prlimit64 when used as getrlimit

From http://man7.org/linux/man-pages/man2/getrlimit.2.html:

The Linux-specific prlimit() system call combines and extends the
functionality of setrlimit() and getrlimit().  It can be used to both
set and get the resource limits of an arbitrary process.

Since version 2.13, the glibc getrlimit() and setrlimit() wrapper
functions no longer invoke the corresponding system calls, but
instead employ prlimit(), for the reasons described in BUGS.

If new_limit is not NULL, then the rlimit structure to which it points is
used to set new values.  If it is NULL, then prlimit() acts as getrlimit().

So, allow prlimit() with new_limit=NULL, and pid is the current process
(or 0), so the glib implementation of getrlimit can succeed.

BUG=chromium:662450
TEST=boot on ChromeOS w/ sandbox enabled
 No messages like:
   getrlimit(RLIMIT_NOFILE) failed

Review-Url: https://codereview.chromium.org/2484393004
Cr-Commit-Position: refs/heads/master@{#434872}
(cherry picked from commit 5ce3b357d4cb9906b57f5758ef271cb69dbb664b)
==========

to

==========
Linux Sandbox: Whitelist prlimit64 when used as getrlimit

From http://man7.org/linux/man-pages/man2/getrlimit.2.html:

The Linux-specific prlimit() system call combines and extends the
functionality of setrlimit() and getrlimit().  It can be used to both
set and get the resource limits of an arbitrary process.

Since version 2.13, the glibc getrlimit() and setrlimit() wrapper
functions no longer invoke the corresponding system calls, but
instead employ prlimit(), for the reasons described in BUGS.

If new_limit is not NULL, then the rlimit structure to which it points is
used to set new values.  If it is NULL, then prlimit() acts as getrlimit().

So, allow prlimit() with new_limit=NULL, and pid is the current process
(or 0), so the glib implementation of getrlimit can succeed.

BUG=chromium:662450
TEST=boot on ChromeOS w/ sandbox enabled
 No messages like:
   getrlimit(RLIMIT_NOFILE) failed

NOTRY=true
NOPRESUBMIT=true

Review-Url: https://codereview.chromium.org/2484393004
Cr-Commit-Position: refs/heads/master@{#434872}
(cherry picked from commit 5ce3b357d4cb9906b57f5758ef271cb69dbb664b)
==========

[djkurtz, 2016-12-06 08:23:16]

djkurtz@google.com changed reviewers:
+ jorgelo@chromium.org, rickyz@chromium.org, rickyz@google.com

[djkurtz, 2016-12-06 08:23:28]

On 2016/12/06 08:23:16, djkurtz wrote:
> mailto:djkurtz@google.com changed reviewers:
> + mailto:jorgelo@chromium.org, mailto:rickyz@chromium.org,
mailto:rickyz@google.com

This still needs an LGTM.

[Jorge Lucangeli Obes, 2016-12-06 14:22:46]

lgtm

[Daniel Kurtz, 2016-12-08 17:28:37]

The CQ bit was checked by djkurtz@chromium.org

[commit-bot: I haz the power, 2016-12-08 17:29:09]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-12-08 17:35:30]

CQ is committing da patch.

Bot data: {"patchset_id": 1, "attempt_start_ts": 1481218117772900, "parent_rev":
"85b47083e9b1d3f1be78c9b8fc3dc42fe902ce1c", "commit_rev":
"ad4674f1733822604a4de71cd4afb88398c6ff19"}

[commit-bot: I haz the power, 2016-12-08 17:35:55]

Description was changed from

==========
Linux Sandbox: Whitelist prlimit64 when used as getrlimit

From http://man7.org/linux/man-pages/man2/getrlimit.2.html:

The Linux-specific prlimit() system call combines and extends the
functionality of setrlimit() and getrlimit().  It can be used to both
set and get the resource limits of an arbitrary process.

Since version 2.13, the glibc getrlimit() and setrlimit() wrapper
functions no longer invoke the corresponding system calls, but
instead employ prlimit(), for the reasons described in BUGS.

If new_limit is not NULL, then the rlimit structure to which it points is
used to set new values.  If it is NULL, then prlimit() acts as getrlimit().

So, allow prlimit() with new_limit=NULL, and pid is the current process
(or 0), so the glib implementation of getrlimit can succeed.

BUG=chromium:662450
TEST=boot on ChromeOS w/ sandbox enabled
 No messages like:
   getrlimit(RLIMIT_NOFILE) failed

NOTRY=true
NOPRESUBMIT=true

Review-Url: https://codereview.chromium.org/2484393004
Cr-Commit-Position: refs/heads/master@{#434872}
(cherry picked from commit 5ce3b357d4cb9906b57f5758ef271cb69dbb664b)
==========

to

==========
Linux Sandbox: Whitelist prlimit64 when used as getrlimit

From http://man7.org/linux/man-pages/man2/getrlimit.2.html:

The Linux-specific prlimit() system call combines and extends the
functionality of setrlimit() and getrlimit().  It can be used to both
set and get the resource limits of an arbitrary process.

Since version 2.13, the glibc getrlimit() and setrlimit() wrapper
functions no longer invoke the corresponding system calls, but
instead employ prlimit(), for the reasons described in BUGS.

If new_limit is not NULL, then the rlimit structure to which it points is
used to set new values.  If it is NULL, then prlimit() acts as getrlimit().

So, allow prlimit() with new_limit=NULL, and pid is the current process
(or 0), so the glib implementation of getrlimit can succeed.

BUG=chromium:662450
TEST=boot on ChromeOS w/ sandbox enabled
 No messages like:
   getrlimit(RLIMIT_NOFILE) failed

NOTRY=true
NOPRESUBMIT=true

Review-Url: https://codereview.chromium.org/2484393004
Cr-Commit-Position: refs/heads/master@{#434872}
(cherry picked from commit 5ce3b357d4cb9906b57f5758ef271cb69dbb664b)
==========

[commit-bot: I haz the power, 2016-12-08 17:35:56]

Committed patchset #1 (id:1)