timesyncd: set RLIMIT_NPROC to 2

This way timesyncd cannot be used to fork().

Note that it generally is not safe to use RLIMIT_NPROC, since it breaks
running the same daemon in multiple containers if they do not use user
namespacing. However, timesyncd is excepted from running in a container
anyway, hence it is safe in this case.

1 files changed, 4 insertions, 0 deletions

diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c
index f7e089fc0c..2a73dac033 100644
--- a/src/timesync/timesyncd.c
+++ b/src/timesync/timesyncd.c
@@ -113,6 +113,10 @@ int main(int argc, char *argv[]) {
         if (r < 0)
                 goto finish;
 
+        /* We need one process for ourselves, plus one thread for the asynchronous resolver */
+        if (setrlimit(RLIMIT_NPROC, &RLIMIT_MAKE_CONST(2)) < 0)
+                log_warning_errno(errno, "Failed to lower RLIMIT_NPROC to 2: %m");
+
         assert_se(sigprocmask_many(SIG_BLOCK, SIGTERM, SIGINT, -1) == 0);
 
         r = manager_new(&m);