1use tracing::error;
4
5use crate::ArtiConfig;
6
7#[cfg_attr(feature = "experimental-api", visibility::make(pub))]
16pub(crate) fn use_max_file_limit(config: &ArtiConfig) {
17 match rlimit::increase_nofile_limit(config.system.max_files) {
18 Ok(n) => tracing::debug!("Increased process file limit to {}", n),
19 Err(e) => tor_error::warn_report!(e, "Error while increasing file limit"),
20 }
21}
22
23#[cfg_attr(feature = "experimental-api", visibility::make(pub))]
34#[cfg(feature = "harden")]
35pub(crate) fn enable_process_hardening() -> anyhow::Result<()> {
36 use anyhow::Context as _;
37 use std::sync::atomic::{AtomicBool, Ordering};
38 static ENABLED: AtomicBool = AtomicBool::new(false);
40
41 if ENABLED.swap(true, Ordering::SeqCst) {
42 return Ok(());
44 }
45
46 secmem_proc::harden_process().context("Problem while hardening process")?;
47
48 Ok(())
49}
50
51pub(crate) fn exit_if_root() {
55 if running_as_root() {
56 error!(
57 "You are running Arti as root. You don't need to, and \
58 you probably shouldn't. \
59 To run as root anyway, set application.allow_running_as_root."
60 );
61 std::process::exit(1);
62 }
63}
64
65fn running_as_root() -> bool {
67 #[cfg(target_family = "unix")]
68 unsafe {
69 libc::geteuid() == 0
70 }
71 #[cfg(not(target_family = "unix"))]
72 false
73}
74
75#[cfg(target_family = "unix")]
80pub(crate) fn sighup_stream() -> crate::Result<impl futures::Stream<Item = ()>> {
81 cfg_if::cfg_if! {
82 if #[cfg(feature="tokio")] {
83 use tokio_crate::signal::unix as s;
84 let mut signal = s::signal(s::SignalKind::hangup())?;
85 Ok(futures::stream::poll_fn(move |ctx| signal.poll_recv(ctx)))
86 } else if #[cfg(feature="async-std")] {
87 use async_signal::{Signal, Signals};
88 use futures::stream::StreamExt as _;
89 let signals = Signals::new(&[Signal::Hup])?;
90 Ok(signals.map(|_| ()))
91 } else {
92 Ok(futures::stream::pending())
94 }
95 }
96}