// Copyright 2019 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // The sandbox2::Limits class defined various client- and sandbox- side limits // which are applied to the execution process of sandboxees. #ifndef SANDBOXED_API_SANDBOX2_LIMITS_H_ #define SANDBOXED_API_SANDBOX2_LIMITS_H_ #include #include #include #include "absl/base/macros.h" #include "absl/time/time.h" namespace sandbox2 { class Limits final { public: Limits() = default; Limits(const Limits&) = delete; Limits& operator=(const Limits&) = delete; // Rlimit-s getters/setters. // // Use RLIM64_INFINITY for unlimited values, but remember that some of those // cannot exceed system limits (e.g. RLIMIT_NOFILE). const rlimit64& rlimit_as() const { return rlimit_as_; } Limits& set_rlimit_as(const rlimit64& value) { rlimit_as_ = value; return *this; } Limits& set_rlimit_as(uint64_t value) { rlimit_as_ = MakeRlimit64(value); return *this; } const rlimit64& rlimit_cpu() const { return rlimit_cpu_; } Limits& set_rlimit_cpu(const rlimit64& value) { rlimit_cpu_ = value; return *this; } Limits& set_rlimit_cpu(uint64_t value) { rlimit_cpu_ = MakeRlimit64(value); return *this; } const rlimit64& rlimit_fsize() const { return rlimit_fsize_; } Limits& set_rlimit_fsize(const rlimit64& value) { rlimit_fsize_ = value; return *this; } Limits& set_rlimit_fsize(uint64_t value) { rlimit_fsize_ = MakeRlimit64(value); return *this; } const rlimit64& rlimit_nofile() const { return rlimit_nofile_; } Limits& set_rlimit_nofile(const rlimit64& value) { rlimit_nofile_ = value; return *this; } Limits& set_rlimit_nofile(uint64_t value) { rlimit_nofile_ = MakeRlimit64(value); return *this; } const rlimit64& rlimit_core() const { return rlimit_core_; } Limits& set_rlimit_core(const rlimit64& value) { rlimit_core_ = value; return *this; } Limits& set_rlimit_core(uint64_t value) { rlimit_core_ = MakeRlimit64(value); return *this; } // Sets a wall time limit on an executor before running it. Set to // absl::ZeroDuration() to disarm. The walltime limit is a timeout duration // (e.g. 10 secs) not a deadline (e.g. 12:00). This can be useful in a simple // scenario to set a wall limit before running the sandboxee, run the // sandboxee, and expect it to finish within the limit. For an example, see // examples/crc4. Limits& set_walltime_limit(absl::Duration value) { wall_time_limit_ = value; return *this; } absl::Duration wall_time_limit() const { return wall_time_limit_; } private: constexpr rlimit64 MakeRlimit64(uint64_t value) { return {.rlim_cur = value, .rlim_max = value}; } // Address space size of a process, if big enough (say, above 512M), this // will be a rough approximation of the maximum RAM usage by the sandboxed // process. rlimit64 rlimit_as_ = MakeRlimit64(RLIM64_INFINITY); // CPU time, measured in seconds. This limit might be triggered faster than // the wall-time limit, if many threads are used. rlimit64 rlimit_cpu_ = MakeRlimit64(1024 /* seconds */); // Total number of bytes that can be written to the filesystem by the process // (creating empty files is not considered writing). rlimit64 rlimit_fsize_ = MakeRlimit64(8ULL << 30 /* 8GiB */); // Number of NEW file descriptors which can be obtained by a process. 0 // means that no new descriptors (files, sockets) can be created. rlimit64 rlimit_nofile_ = MakeRlimit64(1024); // Size of a core file which is allowed to be created. The default value of // zero disables the creation of core files. Unless you have special // requirements, this should not be changed. rlimit64 rlimit_core_ = MakeRlimit64(0); // Wall-time limit (local to Monitor). Depending on the sandboxed load, this // one, or RLIMIT_CPU limit might be triggered faster (see // https://en.wikipedia.org/wiki/Time_(Unix)#Real_time_vs_CPU_time). absl::Duration wall_time_limit_ = absl::Seconds(120); }; } // namespace sandbox2 #endif // SANDBOXED_API_SANDBOX2_LIMITS_H_