mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
d451478e26
PiperOrigin-RevId: 424811734 Change-Id: If5ea692edc56ddc9c99fd478673df41c0246e9cc
140 lines
4.6 KiB
C++
140 lines
4.6 KiB
C++
// Copyright 2019 Google LLC
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// https://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
// The sandbox2::Limits class defined various client- and sandbox- side limits
|
|
// which are applied to the execution process of sandboxees.
|
|
|
|
#ifndef SANDBOXED_API_SANDBOX2_LIMITS_H_
|
|
#define SANDBOXED_API_SANDBOX2_LIMITS_H_
|
|
|
|
#include <sys/resource.h>
|
|
|
|
#include <cstdint>
|
|
#include <ctime>
|
|
|
|
#include "absl/base/macros.h"
|
|
#include "absl/time/time.h"
|
|
|
|
namespace sandbox2 {
|
|
|
|
class Limits final {
|
|
public:
|
|
Limits() = default;
|
|
|
|
Limits(const Limits&) = delete;
|
|
Limits& operator=(const Limits&) = delete;
|
|
|
|
// rlimits getters/setters.
|
|
//
|
|
// Use RLIM64_INFINITY for unlimited values, but remember that some of those
|
|
// cannot exceed system limits (e.g. RLIMIT_NOFILE).
|
|
const rlimit64& rlimit_as() const { return rlimit_as_; }
|
|
Limits& set_rlimit_as(const rlimit64& value) {
|
|
rlimit_as_ = value;
|
|
return *this;
|
|
}
|
|
Limits& set_rlimit_as(uint64_t value) {
|
|
rlimit_as_ = MakeRlimit64(value);
|
|
return *this;
|
|
}
|
|
|
|
const rlimit64& rlimit_cpu() const { return rlimit_cpu_; }
|
|
Limits& set_rlimit_cpu(const rlimit64& value) {
|
|
rlimit_cpu_ = value;
|
|
return *this;
|
|
}
|
|
Limits& set_rlimit_cpu(uint64_t value) {
|
|
rlimit_cpu_ = MakeRlimit64(value);
|
|
return *this;
|
|
}
|
|
|
|
const rlimit64& rlimit_fsize() const { return rlimit_fsize_; }
|
|
Limits& set_rlimit_fsize(const rlimit64& value) {
|
|
rlimit_fsize_ = value;
|
|
return *this;
|
|
}
|
|
Limits& set_rlimit_fsize(uint64_t value) {
|
|
rlimit_fsize_ = MakeRlimit64(value);
|
|
return *this;
|
|
}
|
|
|
|
const rlimit64& rlimit_nofile() const { return rlimit_nofile_; }
|
|
Limits& set_rlimit_nofile(const rlimit64& value) {
|
|
rlimit_nofile_ = value;
|
|
return *this;
|
|
}
|
|
Limits& set_rlimit_nofile(uint64_t value) {
|
|
rlimit_nofile_ = MakeRlimit64(value);
|
|
return *this;
|
|
}
|
|
|
|
const rlimit64& rlimit_core() const { return rlimit_core_; }
|
|
Limits& set_rlimit_core(const rlimit64& value) {
|
|
rlimit_core_ = value;
|
|
return *this;
|
|
}
|
|
Limits& set_rlimit_core(uint64_t value) {
|
|
rlimit_core_ = MakeRlimit64(value);
|
|
return *this;
|
|
}
|
|
|
|
// Sets a wall time limit on an executor before running it. Set to
|
|
// absl::ZeroDuration() to disarm. The walltime limit is a timeout duration
|
|
// (e.g. 10 secs) not a deadline (e.g. 12:00). This can be useful in a simple
|
|
// scenario to set a wall limit before running the sandboxee, run the
|
|
// sandboxee, and expect it to finish within the limit. For an example, see
|
|
// examples/crc4.
|
|
Limits& set_walltime_limit(absl::Duration value) {
|
|
wall_time_limit_ = value;
|
|
return *this;
|
|
}
|
|
absl::Duration wall_time_limit() const { return wall_time_limit_; }
|
|
|
|
private:
|
|
constexpr rlimit64 MakeRlimit64(uint64_t value) {
|
|
return {.rlim_cur = value, .rlim_max = value};
|
|
}
|
|
|
|
// Address space size of a process, if big enough (say, above 512M), this
|
|
// will be a rough approximation of the maximum RAM usage by the sandboxed
|
|
// process.
|
|
rlimit64 rlimit_as_ = MakeRlimit64(RLIM64_INFINITY);
|
|
|
|
// CPU time, measured in seconds. This limit might be triggered faster than
|
|
// the wall-time limit, if many threads are used.
|
|
rlimit64 rlimit_cpu_ = MakeRlimit64(1024 /* seconds */);
|
|
|
|
// Total number of bytes that can be written to the filesystem by the process
|
|
// (creating empty files is not considered writing).
|
|
rlimit64 rlimit_fsize_ = MakeRlimit64(8ULL << 30 /* 8GiB */);
|
|
|
|
// Number of NEW file descriptors which can be obtained by a process. 0
|
|
// means that no new descriptors (files, sockets) can be created.
|
|
rlimit64 rlimit_nofile_ = MakeRlimit64(1024);
|
|
|
|
// Size of a core file which is allowed to be created. The default value of
|
|
// zero disables the creation of core files. Unless you have special
|
|
// requirements, this should not be changed.
|
|
rlimit64 rlimit_core_ = MakeRlimit64(0);
|
|
|
|
// Wall-time limit (local to Monitor). Depending on the sandboxed load, this
|
|
// one, or RLIMIT_CPU limit might be triggered faster (see
|
|
// https://en.wikipedia.org/wiki/Time_(Unix)#Real_time_vs_CPU_time).
|
|
absl::Duration wall_time_limit_ = absl::Seconds(120);
|
|
};
|
|
|
|
} // namespace sandbox2
|
|
|
|
#endif // SANDBOXED_API_SANDBOX2_LIMITS_H_
|