dovecot-2.1: restrict_process_size() API changes.

dovecot at dovecot.org dovecot at dovecot.org
Wed Nov 9 18:23:33 EET 2011 

details:   http://hg.dovecot.org/dovecot-2.1/rev/523f34bffc94
changeset: 13689:523f34bffc94
user:      Timo Sirainen <tss at iki.fi>
date:      Wed Nov 09 18:30:27 2011 +0200
description:
restrict_process_size() API changes.

diffstat:

 src/lib/restrict-process-size.c |  69 ++++++++++++++++++++++++----------------
 src/lib/restrict-process-size.h |  11 ++++--
 src/login-common/main.c         |   2 +-
 src/master/service-process.c    |   2 +-
 4 files changed, 51 insertions(+), 33 deletions(-)

diffs (146 lines):

diff -r 33ecba7f10cc -r 523f34bffc94 src/lib/restrict-process-size.c
--- a/src/lib/restrict-process-size.c	Wed Nov 09 18:20:51 2011 +0200
+++ b/src/lib/restrict-process-size.c	Wed Nov 09 18:30:27 2011 +0200
@@ -5,48 +5,47 @@
 
 #include <unistd.h>
 
-void restrict_process_size(unsigned int size ATTR_UNUSED,
-			   unsigned int max_processes ATTR_UNUSED)
+void restrict_process_size(rlim_t bytes)
 {
-#ifdef HAVE_SETRLIMIT
 	struct rlimit rlim;
 
-#ifdef HAVE_RLIMIT_NPROC
-	if (max_processes < INT_MAX) {
-		rlim.rlim_max = rlim.rlim_cur = max_processes;
-		if (setrlimit(RLIMIT_NPROC, &rlim) < 0)
-			i_fatal("setrlimit(RLIMIT_NPROC, %u): %m", size);
+	rlim.rlim_max = rlim.rlim_cur = bytes;
+	if (setrlimit(RLIMIT_DATA, &rlim) < 0) {
+		i_fatal("setrlimit(RLIMIT_DATA, %llu): %m",
+			(unsigned long long)bytes);
 	}
-#endif
-
-	if (size > 0 && size < INT_MAX/1024/1024) {
-		rlim.rlim_max = rlim.rlim_cur = size*1024*1024;
-
-		if (setrlimit(RLIMIT_DATA, &rlim) < 0)
-			i_fatal("setrlimit(RLIMIT_DATA, %u): %m", size);
 
 #ifdef HAVE_RLIMIT_AS
-		if (setrlimit(RLIMIT_AS, &rlim) < 0)
-			i_fatal("setrlimit(RLIMIT_AS, %u): %m", size);
-#endif
-	}
-#else
-	if (size != 0) {
-		i_warning("Can't restrict process size: "
-			  "setrlimit() not supported by system. "
-			  "Set the limit to 0 to hide this warning.");
+	if (setrlimit(RLIMIT_AS, &rlim) < 0) {
+		i_fatal("setrlimit(RLIMIT_AS, %llu): %m",
+			(unsigned long long)bytes);
 	}
 #endif
 }
 
-void restrict_fd_limit(unsigned int count)
+void restrict_process_count(rlim_t count ATTR_UNUSED)
+{
+#ifdef HAVE_RLIMIT_NPROC
+	struct rlimit rlim;
+
+	rlim.rlim_max = rlim.rlim_cur = count;
+	if (setrlimit(RLIMIT_NPROC, &rlim) < 0) {
+		i_fatal("setrlimit(RLIMIT_NPROC, %llu): %m",
+			(unsigned long long)count);
+	}
+#endif
+}
+
+void restrict_fd_limit(rlim_t count)
 {
 #ifdef HAVE_SETRLIMIT
 	struct rlimit rlim;
 
 	rlim.rlim_cur = rlim.rlim_max = count;
-	if (setrlimit(RLIMIT_NOFILE, &rlim) < 0)
-		i_error("setrlimit(RLIMIT_NOFILE, %u): %m", count);
+	if (setrlimit(RLIMIT_NOFILE, &rlim) < 0) {
+		i_error("setrlimit(RLIMIT_NOFILE, %llu): %m",
+			(unsigned long long)count);
+	}
 #endif
 }
 
@@ -65,3 +64,19 @@
 	return -1;
 #endif
 }
+
+int restrict_get_process_limit(rlim_t *limit_r)
+{
+#ifdef HAVE_RLIMIT_NPROC
+	struct rlimit rlim;
+
+	if (getrlimit(RLIMIT_NPROC, &rlim) < 0) {
+		i_error("getrlimit(RLIMIT_NPROC) failed: %m");
+		return -1;
+	}
+	*limit_r = rlim.rlim_cur;
+	return 0;
+#else
+	return -1;
+#endif
+}
diff -r 33ecba7f10cc -r 523f34bffc94 src/lib/restrict-process-size.h
--- a/src/lib/restrict-process-size.h	Wed Nov 09 18:20:51 2011 +0200
+++ b/src/lib/restrict-process-size.h	Wed Nov 09 18:30:27 2011 +0200
@@ -6,13 +6,16 @@
 #  include <sys/resource.h>
 #endif
 
-/* Restrict max. process size. The size is in megabytes, setting it to
-   (unsigned int)-1 sets it unlimited. */
-void restrict_process_size(unsigned int size, unsigned int max_processes);
+/* Restrict max. process size. */
+void restrict_process_size(rlim_t bytes);
+/* Restrict max. number of processes. */
+void restrict_process_count(rlim_t count);
 /* Set fd limit to count. */
-void restrict_fd_limit(unsigned int count);
+void restrict_fd_limit(rlim_t count);
 
 /* Get the core dump size limit. Returns 0 if ok, -1 if lookup failed. */
 int restrict_get_core_limit(rlim_t *limit_r);
+/* Get the process count limit. Returns 0 if ok, -1 if lookup failed. */
+int restrict_get_process_limit(rlim_t *limit_r);
 
 #endif
diff -r 33ecba7f10cc -r 523f34bffc94 src/login-common/main.c
--- a/src/login-common/main.c	Wed Nov 09 18:20:51 2011 +0200
+++ b/src/login-common/main.c	Wed Nov 09 18:30:27 2011 +0200
@@ -291,7 +291,7 @@
 static void main_init(const char *login_socket)
 {
 	/* make sure we can't fork() */
-	restrict_process_size((unsigned int)-1, 1);
+	restrict_process_count(1);
 
 	if (restrict_access_get_current_chroot() == NULL) {
 		if (chdir("login") < 0)
diff -r 33ecba7f10cc -r 523f34bffc94 src/master/service-process.c
--- a/src/master/service-process.c	Wed Nov 09 18:20:51 2011 +0200
+++ b/src/master/service-process.c	Wed Nov 09 18:30:27 2011 +0200
@@ -157,7 +157,7 @@
 	unsigned int len;
 
 	if (service->vsz_limit != 0)
-		restrict_process_size(service->vsz_limit/1024/1024, -1U);
+		restrict_process_size(service->vsz_limit);
 
 	restrict_access_init(&rset);
 	rset.uid = service->uid;

More information about the dovecot-cvs mailing list