src/lib/restrict-process-size.c

	restrict-process-size.c revision 799291e076f181e56599c93b06282156ab695fd6
76b43e4417bab52e913da39b5f5bc2a130d3f149Timo Sirainen/* Copyright (c) 2002-2008 Dovecot authors, see the included COPYING file */
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen#include "lib.h"
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen#include "restrict-process-size.h"
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen#include <unistd.h>
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen
43d32cbe60fdaef2699d99f1ca259053e9350411Timo Sirainenvoid restrict_process_size(unsigned int size ATTR_UNUSED,
43d32cbe60fdaef2699d99f1ca259053e9350411Timo Sirainen               unsigned int max_processes ATTR_UNUSED)
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen{
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen#ifdef HAVE_SETRLIMIT
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen    struct rlimit rlim;
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen
dc4127f13f2d5cf44577471123ae70b7772b2e8cTimo Sirainen#ifdef HAVE_RLIMIT_NPROC
c0bb6a113c3e5f6af18fbd1b53caa134d20481b8Timo Sirainen    if (max_processes < INT_MAX) {
c0bb6a113c3e5f6af18fbd1b53caa134d20481b8Timo Sirainen        rlim.rlim_max = rlim.rlim_cur = max_processes;
c0bb6a113c3e5f6af18fbd1b53caa134d20481b8Timo Sirainen        if (setrlimit(RLIMIT_NPROC, &rlim) < 0)
c0bb6a113c3e5f6af18fbd1b53caa134d20481b8Timo Sirainen            i_fatal("setrlimit(RLIMIT_NPROC, %u): %m", size);
c0bb6a113c3e5f6af18fbd1b53caa134d20481b8Timo Sirainen    }
dc4127f13f2d5cf44577471123ae70b7772b2e8cTimo Sirainen#endif
dc4127f13f2d5cf44577471123ae70b7772b2e8cTimo Sirainen
c0bb6a113c3e5f6af18fbd1b53caa134d20481b8Timo Sirainen    if (size > 0 && size < INT_MAX/1024/1024) {
c0bb6a113c3e5f6af18fbd1b53caa134d20481b8Timo Sirainen        rlim.rlim_max = rlim.rlim_cur = size*1024*1024;
e9d0f2284f3a82b9852e52787866cba6b9adbcb6Timo Sirainen
c0bb6a113c3e5f6af18fbd1b53caa134d20481b8Timo Sirainen        if (setrlimit(RLIMIT_DATA, &rlim) < 0)
c0bb6a113c3e5f6af18fbd1b53caa134d20481b8Timo Sirainen            i_fatal("setrlimit(RLIMIT_DATA, %u): %m", size);
e9d0f2284f3a82b9852e52787866cba6b9adbcb6Timo Sirainen
e9d0f2284f3a82b9852e52787866cba6b9adbcb6Timo Sirainen#ifdef HAVE_RLIMIT_AS
c0bb6a113c3e5f6af18fbd1b53caa134d20481b8Timo Sirainen        if (setrlimit(RLIMIT_AS, &rlim) < 0)
c0bb6a113c3e5f6af18fbd1b53caa134d20481b8Timo Sirainen            i_fatal("setrlimit(RLIMIT_AS, %u): %m", size);
e9d0f2284f3a82b9852e52787866cba6b9adbcb6Timo Sirainen#endif
c0bb6a113c3e5f6af18fbd1b53caa134d20481b8Timo Sirainen    }
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen#else
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen    if (size != 0) {
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen        i_warning("Can't restrict process size: "
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen              "setrlimit() not supported by system. "
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen              "Set the limit to 0 to hide this warning.");
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen    }
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen#endif
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen}
b3f03a6a9232d4e5a8682eff8d37bbcf41c487ecTimo Sirainen
b3f03a6a9232d4e5a8682eff8d37bbcf41c487ecTimo Sirainenvoid restrict_fd_limit(unsigned int count)
b3f03a6a9232d4e5a8682eff8d37bbcf41c487ecTimo Sirainen{
b3f03a6a9232d4e5a8682eff8d37bbcf41c487ecTimo Sirainen#ifdef HAVE_SETRLIMIT
b3f03a6a9232d4e5a8682eff8d37bbcf41c487ecTimo Sirainen    struct rlimit rlim;
b3f03a6a9232d4e5a8682eff8d37bbcf41c487ecTimo Sirainen
b3f03a6a9232d4e5a8682eff8d37bbcf41c487ecTimo Sirainen    rlim.rlim_cur = rlim.rlim_max = count;
b3f03a6a9232d4e5a8682eff8d37bbcf41c487ecTimo Sirainen    if (setrlimit(RLIMIT_NOFILE, &rlim) < 0)
b3f03a6a9232d4e5a8682eff8d37bbcf41c487ecTimo Sirainen        i_fatal("setrlimit(RLIMIT_NOFILE, %u): %m", count);
b3f03a6a9232d4e5a8682eff8d37bbcf41c487ecTimo Sirainen#endif
b3f03a6a9232d4e5a8682eff8d37bbcf41c487ecTimo Sirainen}
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen
799291e076f181e56599c93b06282156ab695fd6Timo Sirainenint restrict_get_core_limit(rlim_t *limit_r)
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen{
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen#ifdef HAVE_RLIMIT_CORE
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen    struct rlimit rlim;
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen    if (getrlimit(RLIMIT_CORE, &rlim) < 0) {
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen        i_error("getrlimit(RLIMIT_CORE) failed: %m");
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen        return -1;
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen    }
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen    *limit_r = rlim.rlim_cur;
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen    return 0;
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen#else
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen    return -1;
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen#endif
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen}