Improvements to limits.h header

- Directly initialize member fields
- Reword comments

PiperOrigin-RevId: 354093192
Change-Id: I19852c3f2bd1b05ed280102b0bed1ea62d8c4adc
This commit is contained in:
Christian Blichmann 2021-01-27 08:04:53 -08:00 committed by Copybara-Service
parent fb1822b579
commit a617f4e8f0

View File

@ -29,14 +29,7 @@ namespace sandbox2 {
class Limits final { class Limits final {
public: public:
Limits() { Limits() = default;
set_rlimit_as(kIniRLimAS);
set_rlimit_cpu(kIniRLimCPU);
set_rlimit_fsize(kIniRLimFSIZE);
set_rlimit_nofile(kIniRLimNOFILE);
set_rlimit_core(kIniRLimCORE);
set_walltime_limit(absl::Seconds(kIniWallTimeLimit));
}
Limits(const Limits&) = delete; Limits(const Limits&) = delete;
Limits& operator=(const Limits&) = delete; Limits& operator=(const Limits&) = delete;
@ -51,8 +44,7 @@ class Limits final {
return *this; return *this;
} }
Limits& set_rlimit_as(uint64_t value) { Limits& set_rlimit_as(uint64_t value) {
rlimit_as_.rlim_cur = value; rlimit_as_ = MakeRlimit64(value);
rlimit_as_.rlim_max = value;
return *this; return *this;
} }
@ -62,8 +54,7 @@ class Limits final {
return *this; return *this;
} }
Limits& set_rlimit_cpu(uint64_t value) { Limits& set_rlimit_cpu(uint64_t value) {
rlimit_cpu_.rlim_cur = value; rlimit_cpu_ = MakeRlimit64(value);
rlimit_cpu_.rlim_max = value;
return *this; return *this;
} }
@ -73,8 +64,7 @@ class Limits final {
return *this; return *this;
} }
Limits& set_rlimit_fsize(uint64_t value) { Limits& set_rlimit_fsize(uint64_t value) {
rlimit_fsize_.rlim_cur = value; rlimit_fsize_ = MakeRlimit64(value);
rlimit_fsize_.rlim_max = value;
return *this; return *this;
} }
@ -84,8 +74,7 @@ class Limits final {
return *this; return *this;
} }
Limits& set_rlimit_nofile(uint64_t value) { Limits& set_rlimit_nofile(uint64_t value) {
rlimit_nofile_.rlim_cur = value; rlimit_nofile_ = MakeRlimit64(value);
rlimit_nofile_.rlim_max = value;
return *this; return *this;
} }
@ -95,8 +84,7 @@ class Limits final {
return *this; return *this;
} }
Limits& set_rlimit_core(uint64_t value) { Limits& set_rlimit_core(uint64_t value) {
rlimit_core_.rlim_cur = value; rlimit_core_ = MakeRlimit64(value);
rlimit_core_.rlim_max = value;
return *this; return *this;
} }
@ -113,42 +101,36 @@ class Limits final {
absl::Duration wall_time_limit() const { return wall_time_limit_; } absl::Duration wall_time_limit() const { return wall_time_limit_; }
private: private:
// Initial values for limits. Fields of rlimit64 are defined as __u64, constexpr rlimit64 MakeRlimit64(uint64_t value) {
// so we use uint64_t here. return {.rlim_cur = value, .rlim_max = value};
static constexpr uint64_t kIniRLimAS = RLIM64_INFINITY; }
// 1024 seconds of real CPU time for each sandboxed process.
static constexpr uint64_t kIniRLimCPU = (1ULL << 10); // Address space size of a process, if big enough (say, above 512M), this
// 8GiB - Maximum size of individual files that can be created by each // will be a rough approximation of the maximum RAM usage by the sandboxed
// sandboxed process. // process.
static constexpr uint64_t kIniRLimFSIZE = (8ULL << 30); rlimit64 rlimit_as_ = MakeRlimit64(RLIM64_INFINITY);
// 1024 file descriptors which can be used by each sandboxed process.
static constexpr uint64_t kIniRLimNOFILE = (1ULL << 10); // CPU time, measured in seconds. This limit might be triggered faster than
// No core files are allowed by default // the wall-time limit, if many threads are used.
static constexpr uint64_t kIniRLimCORE = (0); rlimit64 rlimit_cpu_ = MakeRlimit64(1024 /* seconds */);
// 120s - this is wall-time limit. Depending on the sandboxed load, this one,
// or the RLIMIT_CPU limit might be triggered faster // Total number of bytes that can be written to the filesystem by the process
// cf. (https://en.wikipedia.org/wiki/Time_(Unix)#Real_time_vs_CPU_time) // (creating empty files is not considered writing).
static constexpr time_t kIniWallTimeLimit = (120ULL); rlimit64 rlimit_fsize_ = MakeRlimit64(8ULL << 30 /* 8GiB */);
// Address space size of a process, if big enough (say, above 512M), it's a
// crude representation of maximum RAM size used by the sandboxed process.
rlimit64 rlimit_as_;
// CPU time, might be triggered faster than the wall-time limit, if many
// threads are used.
rlimit64 rlimit_cpu_;
// Number of bytes which can be written to the FS by the process (just
// creating empty files is always allowed).
rlimit64 rlimit_fsize_;
// Number of NEW file descriptors which can be obtained by a process. 0 // Number of NEW file descriptors which can be obtained by a process. 0
// means that no new descriptors (files, sockets) can be created. // means that no new descriptors (files, sockets) can be created.
rlimit64 rlimit_nofile_; rlimit64 rlimit_nofile_ = MakeRlimit64(1024);
// Size of a core file which is allowed to be created. Should be 0, unless
// you know what you are doing.
rlimit64 rlimit_core_;
// Getter for the client_limits_ structure.
// Wall-time limit (local to Monitor). // Size of a core file which is allowed to be created. The default value of
absl::Duration wall_time_limit_; // zero disables the creation of core files. Unless you have special
// requirements, this should not be changed.
rlimit64 rlimit_core_ = MakeRlimit64(0);
// Wall-time limit (local to Monitor). Depending on the sandboxed load, this
// one, or RLIMIT_CPU limit might be triggered faster (see
// https://en.wikipedia.org/wiki/Time_(Unix)#Real_time_vs_CPU_time).
absl::Duration wall_time_limit_ = absl::Seconds(120);
}; };
} // namespace sandbox2 } // namespace sandbox2