1 .\" Copyright (c) 1992 Drew Eckhardt, March 28, 1992
2 .\" and Copyright (c) 2002, 2004, 2005, 2008, 2010 Michael Kerrisk
4 .\" SPDX-License-Identifier: Linux-man-pages-copyleft
6 .\" Modified by Michael Haardt <michael@moria.de>
7 .\" Modified 1993-07-23 by Rik Faith <faith@cs.unc.edu>
8 .\" Modified 1996-01-13 by Arnt Gulbrandsen <agulbra@troll.no>
9 .\" Modified 1996-01-22 by aeb, following a remark by
10 .\" Tigran Aivazian <tigran@sco.com>
11 .\" Modified 1996-04-14 by aeb, following a remark by
12 .\" Robert Bihlmeyer <robbe@orcus.ping.at>
13 .\" Modified 1996-10-22 by Eric S. Raymond <esr@thyrsus.com>
14 .\" Modified 2001-05-04 by aeb, following a remark by
15 .\" HÃ¥vard Lygre <hklygre@online.no>
16 .\" Modified 2001-04-17 by Michael Kerrisk <mtk.manpages@gmail.com>
17 .\" Modified 2002-06-13 by Michael Kerrisk <mtk.manpages@gmail.com>
18 .\" Added note on nonstandard behavior when SIGCHLD is ignored.
19 .\" Modified 2002-07-09 by Michael Kerrisk <mtk.manpages@gmail.com>
20 .\" Enhanced descriptions of 'resource' values
21 .\" Modified 2003-11-28 by aeb, added RLIMIT_CORE
22 .\" Modified 2004-03-26 by aeb, added RLIMIT_AS
23 .\" Modified 2004-06-16 by Michael Kerrisk <mtk.manpages@gmail.com>
24 .\" Added notes on CAP_SYS_RESOURCE
26 .\" 2004-11-16 -- mtk: the getrlimit.2 page, which formally included
27 .\" coverage of getrusage(2), has been split, so that the latter
28 .\" is now covered in its own getrusage.2.
30 .\" Modified 2004-11-16, mtk: A few other minor changes
31 .\" Modified 2004-11-23, mtk
32 .\" Added notes on RLIMIT_MEMLOCK, RLIMIT_NPROC, and RLIMIT_RSS
33 .\" to "CONFORMING TO"
34 .\" Modified 2004-11-25, mtk
35 .\" Rewrote discussion on RLIMIT_MEMLOCK to incorporate kernel
37 .\" Added note on RLIMIT_CPU error in older kernels
38 .\" 2004-11-03, mtk, Added RLIMIT_SIGPENDING
39 .\" 2005-07-13, mtk, documented RLIMIT_MSGQUEUE limit.
40 .\" 2005-07-28, mtk, Added descriptions of RLIMIT_NICE and RLIMIT_RTPRIO
41 .\" 2008-05-07, mtk / Peter Zijlstra, Added description of RLIMIT_RTTIME
42 .\" 2010-11-06, mtk: Added documentation of prlimit()
44 .TH GETRLIMIT 2 2021-03-22 "Linux" "Linux Programmer's Manual"
46 getrlimit, setrlimit, prlimit \- get/set resource limits
49 .RI ( libc ", " \-lc )
52 .B #include <sys/resource.h>
54 .BI "int getrlimit(int " resource ", struct rlimit *" rlim );
55 .BI "int setrlimit(int " resource ", const struct rlimit *" rlim );
57 .BI "int prlimit(pid_t " pid ", int " resource ", const struct rlimit *" new_limit ,
58 .BI " struct rlimit *" old_limit );
62 Feature Test Macro Requirements for glibc (see
63 .BR feature_test_macros (7)):
75 system calls get and set resource limits.
76 Each resource has an associated soft and hard limit, as defined by the
83 rlim_t rlim_cur; /* Soft limit */
84 rlim_t rlim_max; /* Hard limit (ceiling for rlim_cur) */
89 The soft limit is the value that the kernel enforces for the
90 corresponding resource.
91 The hard limit acts as a ceiling for the soft limit:
92 an unprivileged process may set only its soft limit to a value in the
93 range from 0 up to the hard limit, and (irreversibly) lower its hard limit.
94 A privileged process (under Linux: one with the
96 capability in the initial user namespace)
97 may make arbitrary changes to either limit value.
101 denotes no limit on a resource (both in the structure returned by
103 and in the structure passed to
108 argument must be one of:
111 This is the maximum size of the process's virtual memory
113 The limit is specified in bytes, and is rounded down to the system page size.
114 .\" since 2.0.27 / 2.1.12
115 This limit affects calls to
120 which fail with the error
122 upon exceeding this limit.
123 In addition, automatic stack expansion fails
126 that kills the process if no alternate stack
127 has been made available via
128 .BR sigaltstack (2)).
129 Since the value is a \fIlong\fP, on machines with a 32-bit \fIlong\fP
130 either this limit is at most 2\ GiB, or this resource is unlimited.
133 This is the maximum size of a
137 in bytes that the process may dump.
138 When 0 no core dump files are created.
139 When nonzero, larger dumps are truncated to this size.
142 This is a limit, in seconds,
143 on the amount of CPU time that the process can consume.
144 When the process reaches the soft limit, it is sent a
147 The default action for this signal is to terminate the process.
148 However, the signal can be caught, and the handler can return control to
150 If the process continues to consume CPU time, it will be sent
152 once per second until the hard limit is reached, at which time
155 (This latter point describes Linux behavior.
156 Implementations vary in how they treat processes which continue to
157 consume CPU time after reaching the soft limit.
158 Portable applications that need to catch this signal should
159 perform an orderly termination upon first receipt of
163 This is the maximum size
164 of the process's data segment (initialized data,
165 uninitialized data, and heap).
166 The limit is specified in bytes, and is rounded down to the system page size.
167 This limit affects calls to
170 and (since Linux 4.7)
172 .\" commits 84638335900f1995495838fe1bd4870c43ec1f67
173 .\" ("mm: rework virtual memory accounting"),
174 .\" f4fcd55841fc9e46daac553b39361572453c2b88
175 .\" (mm: enable RLIMIT_DATA by default with workaround for valgrind).
176 which fail with the error
178 upon encountering the soft limit of this resource.
181 This is the maximum size in bytes of files that the process may create.
182 Attempts to extend a file beyond this limit result in delivery of a
185 By default, this signal terminates a process, but a process can
186 catch this signal instead, in which case the relevant system call (e.g.,
192 .BR RLIMIT_LOCKS " (Linux 2.4.0 to 2.4.24)"
193 .\" to be precise: Linux 2.4.0-test9; no longer in 2.4.25 / 2.5.65
194 This is a limit on the combined number of
198 leases that this process may establish.
201 This is the maximum number of bytes of memory that may be locked
203 This limit is in effect rounded down to the nearest multiple
204 of the system page size.
212 Since Linux 2.6.9, it also affects the
215 operation, where it sets a maximum on the total bytes in
216 shared memory segments (see
218 that may be locked by the real user ID of the calling process.
222 locks are accounted for separately from the per-process memory
229 a process can lock bytes up to this limit in each of these
232 In Linux kernels before 2.6.9, this limit controlled the amount of
233 memory that could be locked by a privileged process.
234 Since Linux 2.6.9, no limits are placed on the amount of memory
235 that a privileged process may lock, and this limit instead governs
236 the amount of memory that an unprivileged process may lock.
238 .BR RLIMIT_MSGQUEUE " (since Linux 2.6.8)"
239 This is a limit on the number of bytes that can be allocated
240 for POSIX message queues for the real user ID of the calling process.
241 This limit is enforced for
243 Each message queue that the user creates counts (until it is removed)
244 against this limit according to the formula:
249 bytes = attr.mq_maxmsg * sizeof(struct msg_msg) +
250 min(attr.mq_maxmsg, MQ_PRIO_MAX) *
251 sizeof(struct posix_msg_tree_node)+
253 attr.mq_maxmsg * attr.mq_msgsize;
254 /* For message data */
257 Linux 3.4 and earlier:
260 bytes = attr.mq_maxmsg * sizeof(struct msg_msg *) +
262 attr.mq_maxmsg * attr.mq_msgsize;
263 /* For message data */
270 structure specified as the fourth argument to
275 .I posix_msg_tree_node
276 structures are kernel-internal structures.
278 The "overhead" addend in the formula accounts for overhead
279 bytes required by the implementation
280 and ensures that the user cannot
281 create an unlimited number of zero-length messages (such messages
282 nevertheless each consume some system memory for bookkeeping overhead).
284 .BR RLIMIT_NICE " (since Linux 2.6.12, but see BUGS below)"
285 This specifies a ceiling to which the process's nice value can be raised using
289 The actual ceiling for the nice value is calculated as
290 .IR "20\ \-\ rlim_cur" .
291 The useful range for this limit is thus from 1
292 (corresponding to a nice value of 19) to 40
293 (corresponding to a nice value of \-20).
294 This unusual choice of range was necessary
295 because negative numbers cannot be specified
296 as resource limit values, since they typically have special meanings.
299 typically is the same as \-1.
300 For more detail on the nice value, see
304 This specifies a value one greater than the maximum file descriptor number
305 that can be opened by this process.
311 to exceed this limit yield the error
313 (Historically, this limit was named
318 this limit also defines the maximum number of file descriptors that
319 an unprivileged process (one without the
321 capability) may have "in flight" to other processes,
322 by being passed across UNIX domain sockets.
323 This limit applies to the
326 For further details, see
330 This is a limit on the number of extant process
331 (or, more precisely on Linux, threads)
332 for the real user ID of the calling process.
333 So long as the current number of processes belonging to this
334 process's real user ID is greater than or equal to this limit,
341 limit is not enforced for processes that have either the
346 or run with real user ID 0.
349 This is a limit (in bytes) on the process's resident set
350 (the number of virtual pages resident in RAM).
351 This limit has effect only in Linux 2.4.x, x < 30, and there
352 affects only calls to
356 .\" As at kernel 2.6.12, this limit still does nothing in 2.6 though
357 .\" talk of making it do something has surfaced from time to time in LKML
360 .BR RLIMIT_RTPRIO " (since Linux 2.6.12, but see BUGS)"
361 This specifies a ceiling on the real-time priority that may be set for
363 .BR sched_setscheduler (2)
365 .BR sched_setparam (2).
367 For further details on real-time scheduling policies, see
370 .BR RLIMIT_RTTIME " (since Linux 2.6.25)"
371 This is a limit (in microseconds)
372 on the amount of CPU time that a process scheduled
373 under a real-time scheduling policy may consume without making a blocking
375 For the purpose of this limit,
376 each time a process makes a blocking system call,
377 the count of its consumed CPU time is reset to zero.
378 The CPU time count is not reset if the process continues trying to
379 use the CPU but is preempted, its time slice expires, or it calls
382 Upon reaching the soft limit, the process is sent a
385 If the process catches or ignores this signal and
386 continues consuming CPU time, then
388 will be generated once each second until the hard limit is reached,
389 at which point the process is sent a
393 The intended use of this limit is to stop a runaway
394 real-time process from locking up the system.
396 For further details on real-time scheduling policies, see
399 .BR RLIMIT_SIGPENDING " (since Linux 2.6.8)"
400 This is a limit on the number of signals
401 that may be queued for the real user ID of the calling process.
402 Both standard and real-time signals are counted for the purpose of
404 However, the limit is enforced only for
406 it is always possible to use
408 to queue one instance of any of the signals that are not already
409 queued to the process.
410 .\" This replaces the /proc/sys/kernel/rtsig-max system-wide limit
411 .\" that was present in kernels <= 2.6.7. MTK Dec 04
414 This is the maximum size of the process stack, in bytes.
415 Upon reaching this limit, a
418 To handle this signal, a process must employ an alternate signal stack
419 .RB ( sigaltstack (2)).
422 this limit also determines the amount of space used for the process's
423 command-line arguments and environment variables; for details, see
426 .\" commit c022a0acad534fd5f5d5f17280f6d4d135e74e81
427 .\" Author: Jiri Slaby <jslaby@suse.cz>
428 .\" Date: Tue May 4 18:03:50 2010 +0200
430 .\" rlimits: implement prlimit64 syscall
432 .\" commit 6a1d5e2c85d06da35cdfd93f1a27675bfdc3ad8c
433 .\" Author: Jiri Slaby <jslaby@suse.cz>
434 .\" Date: Wed Mar 24 17:06:58 2010 +0100
436 .\" rlimits: add rlimit64 structure
440 system call combines and extends the functionality of
444 It can be used to both set and get the resource limits of an arbitrary process.
448 argument has the same meaning as for
455 argument is not NULL, then the
457 structure to which it points is used to set new values for
458 the soft and hard limits for
462 argument is not NULL, then a successful call to
464 places the previous soft and hard limits for
468 structure pointed to by
473 argument specifies the ID of the process on which the call is to operate.
476 is 0, then the call applies to the calling process.
477 To set or get the resources of a process other than itself,
478 the caller must have the
480 capability in the user namespace of the process
481 whose resource limits are being changed, or the
482 real, effective, and saved set user IDs of the target process
483 must match the real user ID of the caller
485 the real, effective, and saved set group IDs of the target process
486 must match the real group ID of the caller.
487 .\" FIXME . this permission check is strange
488 .\" Asked about this on LKML, 7 Nov 2010
489 .\" "Inconsistent credential checking in prlimit() syscall"
491 On success, these system calls return 0.
492 On error, \-1 is returned, and
494 is set to indicate the error.
498 A pointer argument points to a location
499 outside the accessible address space.
502 The value specified in
511 .IR rlim\->rlim_max .
514 An unprivileged process tried to raise the hard limit; the
516 capability is required to do this.
519 The caller tried to increase the hard
521 limit above the maximum defined by
522 .I /proc/sys/fs/nr_open
528 The calling process did not have permission to set limits
529 for the process specified by
533 Could not find a process with the ID specified in
538 system call is available since Linux 2.6.36.
539 Library support is available since glibc 2.13.
541 For an explanation of the terms used in this section, see
549 Interface Attribute Value
554 T} Thread safety MT-Safe
562 POSIX.1-2001, POSIX.1-2008, SVr4, 4.3BSD.
570 derive from BSD and are not specified in POSIX.1;
571 they are present on the BSDs and Linux, but on few other implementations.
573 derives from BSD and is not specified in POSIX.1;
574 it is nevertheless present on most implementations.
575 .BR RLIMIT_MSGQUEUE ,
583 A child process created via
585 inherits its parent's resource limits.
586 Resource limits are preserved across
589 Resource limits are per-process attributes that are shared
590 by all of the threads in a process.
592 Lowering the soft limit for a resource below the process's
593 current consumption of that resource will succeed
594 (but will prevent the process from further increasing
595 its consumption of the resource).
597 One can set the resource limits of the shell using the built-in
603 The shell's resource limits are inherited by the processes that
604 it creates to execute commands.
606 Since Linux 2.6.24, the resource limits of any process can be inspected via
607 .IR /proc/ pid /limits ;
611 Ancient systems provided a
613 function with a similar purpose to
615 For backward compatibility, glibc also provides
617 All new applications should be written using
619 .SS C library/kernel ABI differences
620 Since version 2.13, the glibc
624 wrapper functions no longer invoke the corresponding system calls,
627 for the reasons described in BUGS.
629 The name of the glibc wrapper function is
631 the underlying system call is
634 In older Linux kernels, the
638 signals delivered when a process encountered the soft and hard
640 limits were delivered one (CPU) second later than they should have been.
641 This was fixed in kernel 2.6.8.
643 In 2.6.x kernels before 2.6.17, a
645 limit of 0 is wrongly treated as "no limit" (like
647 Since Linux 2.6.17, setting a limit of 0 does have an effect,
648 but is actually treated as a limit of 1 second.
649 .\" see http://marc.theaimsgroup.com/?l=linux-kernel&m=114008066530167&w=2
651 A kernel bug means that
652 .\" See https://lwn.net/Articles/145008/
654 does not work in kernel 2.6.12; the problem is fixed in kernel 2.6.13.
656 In kernel 2.6.12, there was an off-by-one mismatch
657 between the priority ranges returned by
661 This had the effect that the actual ceiling for the nice value
663 .IR "19\ \-\ rlim_cur" .
664 This was fixed in kernel 2.6.13.
665 .\" see http://marc.theaimsgroup.com/?l=linux-kernel&m=112256338703880&w=2
668 .\" The relevant patch, sent to LKML, seems to be
669 .\" http://thread.gmane.org/gmane.linux.kernel/273462
670 .\" From: Roland McGrath <roland <at> redhat.com>
671 .\" Subject: [PATCH 7/7] make RLIMIT_CPU/SIGXCPU per-process
672 .\" Date: 2005-01-23 23:27:46 GMT
673 if a process reaches its soft
675 limit and has a handler installed for
677 then, in addition to invoking the signal handler,
678 the kernel increases the soft limit by one second.
679 This behavior repeats if the process continues to consume CPU time,
680 until the hard limit is reached,
681 at which point the process is killed.
682 Other implementations
683 .\" Tested Solaris 10, FreeBSD 9, OpenBSD 5.0
686 soft limit in this manner,
687 and the Linux behavior is probably not standards conformant;
688 portable applications should avoid relying on this Linux-specific behavior.
689 .\" FIXME . https://bugzilla.kernel.org/show_bug.cgi?id=50951
692 limit exhibits the same behavior when the soft limit is encountered.
694 Kernels before 2.4.22 did not diagnose the error
701 .IR rlim\->rlim_max .
702 .\" d3561f78fd379a7110e46c87964ba7aa4120235c
704 Linux doesn't return an error when an attempt to set
706 has failed, for compatibility reasons.
708 .SS Representation of """large""" resource limit values on 32-bit platforms
713 wrapper functions use a 64-bit
715 data type, even on 32-bit platforms.
718 data type used in the
722 system calls is a (32-bit)
723 .IR "unsigned long" .
724 .\" Linux still uses long for limits internally:
725 .\" c022a0acad534fd5f5d5f17280f6d4d135e74e81
726 .\" kernel/sys.c:do_prlimit() still uses struct rlimit which
727 .\" uses kernel_ulong_t for its members, i.e. 32-bit on 32-bit kernel.
728 Furthermore, in Linux,
729 the kernel represents resource limits on 32-bit platforms as
730 .IR "unsigned long" .
731 However, a 32-bit data type is not wide enough.
732 .\" https://bugzilla.kernel.org/show_bug.cgi?id=5042
733 .\" http://sources.redhat.com/bugzilla/show_bug.cgi?id=12201
734 The most pertinent limit here is
736 which specifies the maximum size to which a file can grow:
737 to be useful, this limit must be represented using a type
738 that is as wide as the type used to
739 represent file offsets\(emthat is, as wide as a 64-bit
741 (assuming a program compiled with
742 .IR _FILE_OFFSET_BITS=64 ).
744 To work around this kernel limitation,
745 if a program tried to set a resource limit to a value larger than
746 can be represented in a 32-bit
747 .IR "unsigned long" ,
750 wrapper function silently converted the limit value to
752 In other words, the requested resource limit setting was silently ignored.
755 .\" https://www.sourceware.org/bugzilla/show_bug.cgi?id=12201
756 glibc works around the limitations of the
760 system calls by implementing
764 as wrapper functions that call
767 The program below demonstrates the use of
770 .\" SRC BEGIN (getrlimit.c)
773 #define _FILE_OFFSET_BITS 64
777 #include <sys/resource.h>
780 #define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \e
784 main(int argc, char *argv[])
786 struct rlimit old, new;
790 if (!(argc == 2 || argc == 4)) {
791 fprintf(stderr, "Usage: %s <pid> [<new\-soft\-limit> "
792 "<new\-hard\-limit>]\en", argv[0]);
796 pid = atoi(argv[1]); /* PID of target process */
800 new.rlim_cur = atoi(argv[2]);
801 new.rlim_max = atoi(argv[3]);
805 /* Set CPU time limit of target process; retrieve and display
808 if (prlimit(pid, RLIMIT_CPU, newp, &old) == \-1)
809 errExit("prlimit\-1");
810 printf("Previous limits: soft=%jd; hard=%jd\en",
811 (intmax_t) old.rlim_cur, (intmax_t) old.rlim_max);
813 /* Retrieve and display new CPU time limit */
815 if (prlimit(pid, RLIMIT_CPU, NULL, &old) == \-1)
816 errExit("prlimit\-2");
817 printf("New limits: soft=%jd; hard=%jd\en",
818 (intmax_t) old.rlim_cur, (intmax_t) old.rlim_max);
840 .BR capabilities (7),