src/lib/restrict-process-size.c

	restrict-process-size.c revision 9a3183f291439451b4d5d680c537d189e4d6b42a
2e37d45867d081db150ab78dad303b9077aea24fTimo Sirainen/* Copyright (c) 2002-2011 Dovecot authors, see the included COPYING file */
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen#include "lib.h"
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen#include "restrict-process-size.h"
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen#include <unistd.h>
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainenvoid restrict_process_size(rlim_t bytes)
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen{
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen    struct rlimit rlim;
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen    rlim.rlim_max = rlim.rlim_cur = bytes;
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen    if (setrlimit(RLIMIT_DATA, &rlim) < 0) {
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen        i_fatal("setrlimit(RLIMIT_DATA, %llu): %m",
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen            (unsigned long long)bytes);
c0bb6a113c3e5f6af18fbd1b53caa134d20481b8Timo Sirainen    }
e9d0f2284f3a82b9852e52787866cba6b9adbcb6Timo Sirainen
e9d0f2284f3a82b9852e52787866cba6b9adbcb6Timo Sirainen#ifdef HAVE_RLIMIT_AS
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen    if (setrlimit(RLIMIT_AS, &rlim) < 0) {
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen        i_fatal("setrlimit(RLIMIT_AS, %llu): %m",
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen            (unsigned long long)bytes);
c0bb6a113c3e5f6af18fbd1b53caa134d20481b8Timo Sirainen    }
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen#endif
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen}
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainenvoid restrict_process_count(rlim_t count ATTR_UNUSED)
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen{
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen#ifdef HAVE_RLIMIT_NPROC
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen    struct rlimit rlim;
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen    rlim.rlim_max = rlim.rlim_cur = count;
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen    if (setrlimit(RLIMIT_NPROC, &rlim) < 0) {
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen        i_fatal("setrlimit(RLIMIT_NPROC, %llu): %m",
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen            (unsigned long long)count);
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen    }
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen#endif
cfbab67e839000b57f32308dd26f9807b5dbe8e3Timo Sirainen}
b3f03a6a9232d4e5a8682eff8d37bbcf41c487ecTimo Sirainen
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainenvoid restrict_fd_limit(rlim_t count)
b3f03a6a9232d4e5a8682eff8d37bbcf41c487ecTimo Sirainen{
b3f03a6a9232d4e5a8682eff8d37bbcf41c487ecTimo Sirainen#ifdef HAVE_SETRLIMIT
b3f03a6a9232d4e5a8682eff8d37bbcf41c487ecTimo Sirainen    struct rlimit rlim;
b3f03a6a9232d4e5a8682eff8d37bbcf41c487ecTimo Sirainen
b3f03a6a9232d4e5a8682eff8d37bbcf41c487ecTimo Sirainen    rlim.rlim_cur = rlim.rlim_max = count;
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen    if (setrlimit(RLIMIT_NOFILE, &rlim) < 0) {
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen        i_error("setrlimit(RLIMIT_NOFILE, %llu): %m",
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen            (unsigned long long)count);
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen    }
b3f03a6a9232d4e5a8682eff8d37bbcf41c487ecTimo Sirainen#endif
b3f03a6a9232d4e5a8682eff8d37bbcf41c487ecTimo Sirainen}
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen
799291e076f181e56599c93b06282156ab695fd6Timo Sirainenint restrict_get_core_limit(rlim_t *limit_r)
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen{
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen#ifdef HAVE_RLIMIT_CORE
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen    struct rlimit rlim;
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen    if (getrlimit(RLIMIT_CORE, &rlim) < 0) {
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen        i_error("getrlimit(RLIMIT_CORE) failed: %m");
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen        return -1;
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen    }
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen    *limit_r = rlim.rlim_cur;
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen    return 0;
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen#else
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen    return -1;
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen#endif
799291e076f181e56599c93b06282156ab695fd6Timo Sirainen}
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainenint restrict_get_process_limit(rlim_t *limit_r)
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen{
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen#ifdef HAVE_RLIMIT_NPROC
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen    struct rlimit rlim;
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen    if (getrlimit(RLIMIT_NPROC, &rlim) < 0) {
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen        i_error("getrlimit(RLIMIT_NPROC) failed: %m");
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen        return -1;
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen    }
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen    *limit_r = rlim.rlim_cur;
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen    return 0;
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen#else
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen    return -1;
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen#endif
9ebd0c59de5f8240c0dbc58773fe5679391199dbTimo Sirainen}
9a3183f291439451b4d5d680c537d189e4d6b42aTimo Sirainen
9a3183f291439451b4d5d680c537d189e4d6b42aTimo Sirainenint restrict_get_fd_limit(rlim_t *limit_r)
9a3183f291439451b4d5d680c537d189e4d6b42aTimo Sirainen{
9a3183f291439451b4d5d680c537d189e4d6b42aTimo Sirainen    struct rlimit rlim;
9a3183f291439451b4d5d680c537d189e4d6b42aTimo Sirainen
9a3183f291439451b4d5d680c537d189e4d6b42aTimo Sirainen    if (getrlimit(RLIMIT_NOFILE, &rlim) < 0) {
9a3183f291439451b4d5d680c537d189e4d6b42aTimo Sirainen        i_error("getrlimit(RLIMIT_NOFILE) failed: %m");
9a3183f291439451b4d5d680c537d189e4d6b42aTimo Sirainen        return -1;
9a3183f291439451b4d5d680c537d189e4d6b42aTimo Sirainen    }
9a3183f291439451b4d5d680c537d189e4d6b42aTimo Sirainen    *limit_r = rlim.rlim_cur;
9a3183f291439451b4d5d680c537d189e4d6b42aTimo Sirainen    return 0;
9a3183f291439451b4d5d680c537d189e4d6b42aTimo Sirainen}