mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Improvements to limits.h
header
- Directly initialize member fields - Reword comments PiperOrigin-RevId: 354093192 Change-Id: I19852c3f2bd1b05ed280102b0bed1ea62d8c4adc
This commit is contained in:
parent
fb1822b579
commit
a617f4e8f0
|
@ -29,14 +29,7 @@ namespace sandbox2 {
|
||||||
|
|
||||||
class Limits final {
|
class Limits final {
|
||||||
public:
|
public:
|
||||||
Limits() {
|
Limits() = default;
|
||||||
set_rlimit_as(kIniRLimAS);
|
|
||||||
set_rlimit_cpu(kIniRLimCPU);
|
|
||||||
set_rlimit_fsize(kIniRLimFSIZE);
|
|
||||||
set_rlimit_nofile(kIniRLimNOFILE);
|
|
||||||
set_rlimit_core(kIniRLimCORE);
|
|
||||||
set_walltime_limit(absl::Seconds(kIniWallTimeLimit));
|
|
||||||
}
|
|
||||||
|
|
||||||
Limits(const Limits&) = delete;
|
Limits(const Limits&) = delete;
|
||||||
Limits& operator=(const Limits&) = delete;
|
Limits& operator=(const Limits&) = delete;
|
||||||
|
@ -51,8 +44,7 @@ class Limits final {
|
||||||
return *this;
|
return *this;
|
||||||
}
|
}
|
||||||
Limits& set_rlimit_as(uint64_t value) {
|
Limits& set_rlimit_as(uint64_t value) {
|
||||||
rlimit_as_.rlim_cur = value;
|
rlimit_as_ = MakeRlimit64(value);
|
||||||
rlimit_as_.rlim_max = value;
|
|
||||||
return *this;
|
return *this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -62,8 +54,7 @@ class Limits final {
|
||||||
return *this;
|
return *this;
|
||||||
}
|
}
|
||||||
Limits& set_rlimit_cpu(uint64_t value) {
|
Limits& set_rlimit_cpu(uint64_t value) {
|
||||||
rlimit_cpu_.rlim_cur = value;
|
rlimit_cpu_ = MakeRlimit64(value);
|
||||||
rlimit_cpu_.rlim_max = value;
|
|
||||||
return *this;
|
return *this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -73,8 +64,7 @@ class Limits final {
|
||||||
return *this;
|
return *this;
|
||||||
}
|
}
|
||||||
Limits& set_rlimit_fsize(uint64_t value) {
|
Limits& set_rlimit_fsize(uint64_t value) {
|
||||||
rlimit_fsize_.rlim_cur = value;
|
rlimit_fsize_ = MakeRlimit64(value);
|
||||||
rlimit_fsize_.rlim_max = value;
|
|
||||||
return *this;
|
return *this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -84,8 +74,7 @@ class Limits final {
|
||||||
return *this;
|
return *this;
|
||||||
}
|
}
|
||||||
Limits& set_rlimit_nofile(uint64_t value) {
|
Limits& set_rlimit_nofile(uint64_t value) {
|
||||||
rlimit_nofile_.rlim_cur = value;
|
rlimit_nofile_ = MakeRlimit64(value);
|
||||||
rlimit_nofile_.rlim_max = value;
|
|
||||||
return *this;
|
return *this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -95,8 +84,7 @@ class Limits final {
|
||||||
return *this;
|
return *this;
|
||||||
}
|
}
|
||||||
Limits& set_rlimit_core(uint64_t value) {
|
Limits& set_rlimit_core(uint64_t value) {
|
||||||
rlimit_core_.rlim_cur = value;
|
rlimit_core_ = MakeRlimit64(value);
|
||||||
rlimit_core_.rlim_max = value;
|
|
||||||
return *this;
|
return *this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -113,42 +101,36 @@ class Limits final {
|
||||||
absl::Duration wall_time_limit() const { return wall_time_limit_; }
|
absl::Duration wall_time_limit() const { return wall_time_limit_; }
|
||||||
|
|
||||||
private:
|
private:
|
||||||
// Initial values for limits. Fields of rlimit64 are defined as __u64,
|
constexpr rlimit64 MakeRlimit64(uint64_t value) {
|
||||||
// so we use uint64_t here.
|
return {.rlim_cur = value, .rlim_max = value};
|
||||||
static constexpr uint64_t kIniRLimAS = RLIM64_INFINITY;
|
}
|
||||||
// 1024 seconds of real CPU time for each sandboxed process.
|
|
||||||
static constexpr uint64_t kIniRLimCPU = (1ULL << 10);
|
// Address space size of a process, if big enough (say, above 512M), this
|
||||||
// 8GiB - Maximum size of individual files that can be created by each
|
// will be a rough approximation of the maximum RAM usage by the sandboxed
|
||||||
// sandboxed process.
|
// process.
|
||||||
static constexpr uint64_t kIniRLimFSIZE = (8ULL << 30);
|
rlimit64 rlimit_as_ = MakeRlimit64(RLIM64_INFINITY);
|
||||||
// 1024 file descriptors which can be used by each sandboxed process.
|
|
||||||
static constexpr uint64_t kIniRLimNOFILE = (1ULL << 10);
|
// CPU time, measured in seconds. This limit might be triggered faster than
|
||||||
// No core files are allowed by default
|
// the wall-time limit, if many threads are used.
|
||||||
static constexpr uint64_t kIniRLimCORE = (0);
|
rlimit64 rlimit_cpu_ = MakeRlimit64(1024 /* seconds */);
|
||||||
// 120s - this is wall-time limit. Depending on the sandboxed load, this one,
|
|
||||||
// or the RLIMIT_CPU limit might be triggered faster
|
// Total number of bytes that can be written to the filesystem by the process
|
||||||
// cf. (https://en.wikipedia.org/wiki/Time_(Unix)#Real_time_vs_CPU_time)
|
// (creating empty files is not considered writing).
|
||||||
static constexpr time_t kIniWallTimeLimit = (120ULL);
|
rlimit64 rlimit_fsize_ = MakeRlimit64(8ULL << 30 /* 8GiB */);
|
||||||
|
|
||||||
// Address space size of a process, if big enough (say, above 512M), it's a
|
|
||||||
// crude representation of maximum RAM size used by the sandboxed process.
|
|
||||||
rlimit64 rlimit_as_;
|
|
||||||
// CPU time, might be triggered faster than the wall-time limit, if many
|
|
||||||
// threads are used.
|
|
||||||
rlimit64 rlimit_cpu_;
|
|
||||||
// Number of bytes which can be written to the FS by the process (just
|
|
||||||
// creating empty files is always allowed).
|
|
||||||
rlimit64 rlimit_fsize_;
|
|
||||||
// Number of NEW file descriptors which can be obtained by a process. 0
|
// Number of NEW file descriptors which can be obtained by a process. 0
|
||||||
// means that no new descriptors (files, sockets) can be created.
|
// means that no new descriptors (files, sockets) can be created.
|
||||||
rlimit64 rlimit_nofile_;
|
rlimit64 rlimit_nofile_ = MakeRlimit64(1024);
|
||||||
// Size of a core file which is allowed to be created. Should be 0, unless
|
|
||||||
// you know what you are doing.
|
|
||||||
rlimit64 rlimit_core_;
|
|
||||||
// Getter for the client_limits_ structure.
|
|
||||||
|
|
||||||
// Wall-time limit (local to Monitor).
|
// Size of a core file which is allowed to be created. The default value of
|
||||||
absl::Duration wall_time_limit_;
|
// zero disables the creation of core files. Unless you have special
|
||||||
|
// requirements, this should not be changed.
|
||||||
|
rlimit64 rlimit_core_ = MakeRlimit64(0);
|
||||||
|
|
||||||
|
// Wall-time limit (local to Monitor). Depending on the sandboxed load, this
|
||||||
|
// one, or RLIMIT_CPU limit might be triggered faster (see
|
||||||
|
// https://en.wikipedia.org/wiki/Time_(Unix)#Real_time_vs_CPU_time).
|
||||||
|
absl::Duration wall_time_limit_ = absl::Seconds(120);
|
||||||
};
|
};
|
||||||
|
|
||||||
} // namespace sandbox2
|
} // namespace sandbox2
|
||||||
|
|
Loading…
Reference in New Issue
Block a user