1 .\" Copyright (c) 1992 Drew Eckhardt, March 28, 1992
2 .\" and Copyright (c) 2002, 2004, 2005, 2008, 2010 Michael Kerrisk
4 .\" SPDX-License-Identifier: Linux-man-pages-copyleft
6 .\" Modified by Michael Haardt <michael@moria.de>
7 .\" Modified 1993-07-23 by Rik Faith <faith@cs.unc.edu>
8 .\" Modified 1996-01-13 by Arnt Gulbrandsen <agulbra@troll.no>
9 .\" Modified 1996-01-22 by aeb, following a remark by
10 .\" Tigran Aivazian <tigran@sco.com>
11 .\" Modified 1996-04-14 by aeb, following a remark by
12 .\" Robert Bihlmeyer <robbe@orcus.ping.at>
13 .\" Modified 1996-10-22 by Eric S. Raymond <esr@thyrsus.com>
14 .\" Modified 2001-05-04 by aeb, following a remark by
15 .\" HÃ¥vard Lygre <hklygre@online.no>
16 .\" Modified 2001-04-17 by Michael Kerrisk <mtk.manpages@gmail.com>
17 .\" Modified 2002-06-13 by Michael Kerrisk <mtk.manpages@gmail.com>
18 .\" Added note on nonstandard behavior when SIGCHLD is ignored.
19 .\" Modified 2002-07-09 by Michael Kerrisk <mtk.manpages@gmail.com>
20 .\" Enhanced descriptions of 'resource' values
21 .\" Modified 2003-11-28 by aeb, added RLIMIT_CORE
22 .\" Modified 2004-03-26 by aeb, added RLIMIT_AS
23 .\" Modified 2004-06-16 by Michael Kerrisk <mtk.manpages@gmail.com>
24 .\" Added notes on CAP_SYS_RESOURCE
26 .\" 2004-11-16 -- mtk: the getrlimit.2 page, which formally included
27 .\" coverage of getrusage(2), has been split, so that the latter
28 .\" is now covered in its own getrusage.2.
30 .\" Modified 2004-11-16, mtk: A few other minor changes
31 .\" Modified 2004-11-23, mtk
32 .\" Added notes on RLIMIT_MEMLOCK, RLIMIT_NPROC, and RLIMIT_RSS
33 .\" to "CONFORMING TO"
34 .\" Modified 2004-11-25, mtk
35 .\" Rewrote discussion on RLIMIT_MEMLOCK to incorporate kernel
37 .\" Added note on RLIMIT_CPU error in older kernels
38 .\" 2004-11-03, mtk, Added RLIMIT_SIGPENDING
39 .\" 2005-07-13, mtk, documented RLIMIT_MSGQUEUE limit.
40 .\" 2005-07-28, mtk, Added descriptions of RLIMIT_NICE and RLIMIT_RTPRIO
41 .\" 2008-05-07, mtk / Peter Zijlstra, Added description of RLIMIT_RTTIME
42 .\" 2010-11-06, mtk: Added documentation of prlimit()
44 .TH GETRLIMIT 2 2021-03-22 "Linux man-pages (unreleased)"
46 getrlimit, setrlimit, prlimit \- get/set resource limits
49 .RI ( libc ", " \-lc )
52 .B #include <sys/resource.h>
54 .BI "int getrlimit(int " resource ", struct rlimit *" rlim );
55 .BI "int setrlimit(int " resource ", const struct rlimit *" rlim );
57 .BI "int prlimit(pid_t " pid ", int " resource ", const struct rlimit *" new_limit ,
58 .BI " struct rlimit *" old_limit );
62 Feature Test Macro Requirements for glibc (see
63 .BR feature_test_macros (7)):
75 system calls get and set resource limits.
76 Each resource has an associated soft and hard limit, as defined by the
83 rlim_t rlim_cur; /* Soft limit */
84 rlim_t rlim_max; /* Hard limit (ceiling for rlim_cur) */
89 The soft limit is the value that the kernel enforces for the
90 corresponding resource.
91 The hard limit acts as a ceiling for the soft limit:
92 an unprivileged process may set only its soft limit to a value in the
93 range from 0 up to the hard limit, and (irreversibly) lower its hard limit.
94 A privileged process (under Linux: one with the
96 capability in the initial user namespace)
97 may make arbitrary changes to either limit value.
101 denotes no limit on a resource (both in the structure returned by
103 and in the structure passed to
108 argument must be one of:
111 This is the maximum size of the process's virtual memory
113 The limit is specified in bytes, and is rounded down to the system page size.
114 .\" since 2.0.27 / 2.1.12
115 This limit affects calls to
120 which fail with the error
122 upon exceeding this limit.
123 In addition, automatic stack expansion fails
126 that kills the process if no alternate stack
127 has been made available via
128 .BR sigaltstack (2)).
129 Since the value is a \fIlong\fP, on machines with a 32-bit \fIlong\fP
130 either this limit is at most 2\ GiB, or this resource is unlimited.
133 This is the maximum size of a
137 in bytes that the process may dump.
138 When 0 no core dump files are created.
139 When nonzero, larger dumps are truncated to this size.
142 This is a limit, in seconds,
143 on the amount of CPU time that the process can consume.
144 When the process reaches the soft limit, it is sent a
147 The default action for this signal is to terminate the process.
148 However, the signal can be caught, and the handler can return control to
150 If the process continues to consume CPU time, it will be sent
152 once per second until the hard limit is reached, at which time
155 (This latter point describes Linux behavior.
156 Implementations vary in how they treat processes which continue to
157 consume CPU time after reaching the soft limit.
158 Portable applications that need to catch this signal should
159 perform an orderly termination upon first receipt of
163 This is the maximum size
164 of the process's data segment (initialized data,
165 uninitialized data, and heap).
166 The limit is specified in bytes, and is rounded down to the system page size.
167 This limit affects calls to
170 and (since Linux 4.7)
172 .\" commits 84638335900f1995495838fe1bd4870c43ec1f67
173 .\" ("mm: rework virtual memory accounting"),
174 .\" f4fcd55841fc9e46daac553b39361572453c2b88
175 .\" (mm: enable RLIMIT_DATA by default with workaround for valgrind).
176 which fail with the error
178 upon encountering the soft limit of this resource.
181 This is the maximum size in bytes of files that the process may create.
182 Attempts to extend a file beyond this limit result in delivery of a
185 By default, this signal terminates a process, but a process can
186 catch this signal instead, in which case the relevant system call (e.g.,
192 .BR RLIMIT_LOCKS " (Linux 2.4.0 to 2.4.24)"
193 .\" to be precise: Linux 2.4.0-test9; no longer in 2.4.25 / 2.5.65
194 This is a limit on the combined number of
198 leases that this process may establish.
201 This is the maximum number of bytes of memory that may be locked
203 This limit is in effect rounded down to the nearest multiple
204 of the system page size.
212 Since Linux 2.6.9, it also affects the
215 operation, where it sets a maximum on the total bytes in
216 shared memory segments (see
218 that may be locked by the real user ID of the calling process.
222 locks are accounted for separately from the per-process memory
229 a process can lock bytes up to this limit in each of these
232 In Linux kernels before 2.6.9, this limit controlled the amount of
233 memory that could be locked by a privileged process.
234 Since Linux 2.6.9, no limits are placed on the amount of memory
235 that a privileged process may lock, and this limit instead governs
236 the amount of memory that an unprivileged process may lock.
238 .BR RLIMIT_MSGQUEUE " (since Linux 2.6.8)"
239 This is a limit on the number of bytes that can be allocated
240 for POSIX message queues for the real user ID of the calling process.
241 This limit is enforced for
243 Each message queue that the user creates counts (until it is removed)
244 against this limit according to the formula:
251 bytes = attr.mq_maxmsg * sizeof(struct msg_msg) +
252 MIN(attr.mq_maxmsg, MQ_PRIO_MAX) *
253 sizeof(struct posix_msg_tree_node)+
255 attr.mq_maxmsg * attr.mq_msgsize;
256 /* For message data */
260 Linux 3.4 and earlier:
264 bytes = attr.mq_maxmsg * sizeof(struct msg_msg *) +
266 attr.mq_maxmsg * attr.mq_msgsize;
267 /* For message data */
276 structure specified as the fourth argument to
281 .I posix_msg_tree_node
282 structures are kernel-internal structures.
284 The "overhead" addend in the formula accounts for overhead
285 bytes required by the implementation
286 and ensures that the user cannot
287 create an unlimited number of zero-length messages (such messages
288 nevertheless each consume some system memory for bookkeeping overhead).
290 .BR RLIMIT_NICE " (since Linux 2.6.12, but see BUGS below)"
291 This specifies a ceiling to which the process's nice value can be raised using
295 The actual ceiling for the nice value is calculated as
296 .IR "20\ \-\ rlim_cur" .
297 The useful range for this limit is thus from 1
298 (corresponding to a nice value of 19) to 40
299 (corresponding to a nice value of \-20).
300 This unusual choice of range was necessary
301 because negative numbers cannot be specified
302 as resource limit values, since they typically have special meanings.
305 typically is the same as \-1.
306 For more detail on the nice value, see
310 This specifies a value one greater than the maximum file descriptor number
311 that can be opened by this process.
317 to exceed this limit yield the error
319 (Historically, this limit was named
324 this limit also defines the maximum number of file descriptors that
325 an unprivileged process (one without the
327 capability) may have "in flight" to other processes,
328 by being passed across UNIX domain sockets.
329 This limit applies to the
332 For further details, see
336 This is a limit on the number of extant process
337 (or, more precisely on Linux, threads)
338 for the real user ID of the calling process.
339 So long as the current number of processes belonging to this
340 process's real user ID is greater than or equal to this limit,
347 limit is not enforced for processes that have either the
352 or run with real user ID 0.
355 This is a limit (in bytes) on the process's resident set
356 (the number of virtual pages resident in RAM).
357 This limit has effect only in Linux 2.4.x, x < 30, and there
358 affects only calls to
362 .\" As at kernel 2.6.12, this limit still does nothing in 2.6 though
363 .\" talk of making it do something has surfaced from time to time in LKML
366 .BR RLIMIT_RTPRIO " (since Linux 2.6.12, but see BUGS)"
367 This specifies a ceiling on the real-time priority that may be set for
369 .BR sched_setscheduler (2)
371 .BR sched_setparam (2).
373 For further details on real-time scheduling policies, see
376 .BR RLIMIT_RTTIME " (since Linux 2.6.25)"
377 This is a limit (in microseconds)
378 on the amount of CPU time that a process scheduled
379 under a real-time scheduling policy may consume without making a blocking
381 For the purpose of this limit,
382 each time a process makes a blocking system call,
383 the count of its consumed CPU time is reset to zero.
384 The CPU time count is not reset if the process continues trying to
385 use the CPU but is preempted, its time slice expires, or it calls
388 Upon reaching the soft limit, the process is sent a
391 If the process catches or ignores this signal and
392 continues consuming CPU time, then
394 will be generated once each second until the hard limit is reached,
395 at which point the process is sent a
399 The intended use of this limit is to stop a runaway
400 real-time process from locking up the system.
402 For further details on real-time scheduling policies, see
405 .BR RLIMIT_SIGPENDING " (since Linux 2.6.8)"
406 This is a limit on the number of signals
407 that may be queued for the real user ID of the calling process.
408 Both standard and real-time signals are counted for the purpose of
410 However, the limit is enforced only for
412 it is always possible to use
414 to queue one instance of any of the signals that are not already
415 queued to the process.
416 .\" This replaces the /proc/sys/kernel/rtsig-max system-wide limit
417 .\" that was present in kernels <= 2.6.7. MTK Dec 04
420 This is the maximum size of the process stack, in bytes.
421 Upon reaching this limit, a
424 To handle this signal, a process must employ an alternate signal stack
425 .RB ( sigaltstack (2)).
428 this limit also determines the amount of space used for the process's
429 command-line arguments and environment variables; for details, see
432 .\" commit c022a0acad534fd5f5d5f17280f6d4d135e74e81
433 .\" Author: Jiri Slaby <jslaby@suse.cz>
434 .\" Date: Tue May 4 18:03:50 2010 +0200
436 .\" rlimits: implement prlimit64 syscall
438 .\" commit 6a1d5e2c85d06da35cdfd93f1a27675bfdc3ad8c
439 .\" Author: Jiri Slaby <jslaby@suse.cz>
440 .\" Date: Wed Mar 24 17:06:58 2010 +0100
442 .\" rlimits: add rlimit64 structure
446 system call combines and extends the functionality of
450 It can be used to both set and get the resource limits of an arbitrary process.
454 argument has the same meaning as for
461 argument is not NULL, then the
463 structure to which it points is used to set new values for
464 the soft and hard limits for
468 argument is not NULL, then a successful call to
470 places the previous soft and hard limits for
474 structure pointed to by
479 argument specifies the ID of the process on which the call is to operate.
482 is 0, then the call applies to the calling process.
483 To set or get the resources of a process other than itself,
484 the caller must have the
486 capability in the user namespace of the process
487 whose resource limits are being changed, or the
488 real, effective, and saved set user IDs of the target process
489 must match the real user ID of the caller
491 the real, effective, and saved set group IDs of the target process
492 must match the real group ID of the caller.
493 .\" FIXME . this permission check is strange
494 .\" Asked about this on LKML, 7 Nov 2010
495 .\" "Inconsistent credential checking in prlimit() syscall"
497 On success, these system calls return 0.
498 On error, \-1 is returned, and
500 is set to indicate the error.
504 A pointer argument points to a location
505 outside the accessible address space.
508 The value specified in
517 .IR rlim\->rlim_max .
520 An unprivileged process tried to raise the hard limit; the
522 capability is required to do this.
525 The caller tried to increase the hard
527 limit above the maximum defined by
528 .I /proc/sys/fs/nr_open
534 The calling process did not have permission to set limits
535 for the process specified by
539 Could not find a process with the ID specified in
544 system call is available since Linux 2.6.36.
545 Library support is available since glibc 2.13.
547 For an explanation of the terms used in this section, see
555 Interface Attribute Value
560 T} Thread safety MT-Safe
568 POSIX.1-2001, POSIX.1-2008, SVr4, 4.3BSD.
576 derive from BSD and are not specified in POSIX.1;
577 they are present on the BSDs and Linux, but on few other implementations.
579 derives from BSD and is not specified in POSIX.1;
580 it is nevertheless present on most implementations.
581 .BR RLIMIT_MSGQUEUE ,
589 A child process created via
591 inherits its parent's resource limits.
592 Resource limits are preserved across
595 Resource limits are per-process attributes that are shared
596 by all of the threads in a process.
598 Lowering the soft limit for a resource below the process's
599 current consumption of that resource will succeed
600 (but will prevent the process from further increasing
601 its consumption of the resource).
603 One can set the resource limits of the shell using the built-in
609 The shell's resource limits are inherited by the processes that
610 it creates to execute commands.
612 Since Linux 2.6.24, the resource limits of any process can be inspected via
613 .IR /proc/ pid /limits ;
617 Ancient systems provided a
619 function with a similar purpose to
621 For backward compatibility, glibc also provides
623 All new applications should be written using
625 .SS C library/kernel ABI differences
626 Since version 2.13, the glibc
630 wrapper functions no longer invoke the corresponding system calls,
633 for the reasons described in BUGS.
635 The name of the glibc wrapper function is
637 the underlying system call is
640 In older Linux kernels, the
644 signals delivered when a process encountered the soft and hard
646 limits were delivered one (CPU) second later than they should have been.
647 This was fixed in kernel 2.6.8.
649 In 2.6.x kernels before 2.6.17, a
651 limit of 0 is wrongly treated as "no limit" (like
653 Since Linux 2.6.17, setting a limit of 0 does have an effect,
654 but is actually treated as a limit of 1 second.
655 .\" see http://marc.theaimsgroup.com/?l=linux-kernel&m=114008066530167&w=2
657 A kernel bug means that
658 .\" See https://lwn.net/Articles/145008/
660 does not work in kernel 2.6.12; the problem is fixed in kernel 2.6.13.
662 In kernel 2.6.12, there was an off-by-one mismatch
663 between the priority ranges returned by
667 This had the effect that the actual ceiling for the nice value
669 .IR "19\ \-\ rlim_cur" .
670 This was fixed in kernel 2.6.13.
671 .\" see http://marc.theaimsgroup.com/?l=linux-kernel&m=112256338703880&w=2
674 .\" The relevant patch, sent to LKML, seems to be
675 .\" http://thread.gmane.org/gmane.linux.kernel/273462
676 .\" From: Roland McGrath <roland <at> redhat.com>
677 .\" Subject: [PATCH 7/7] make RLIMIT_CPU/SIGXCPU per-process
678 .\" Date: 2005-01-23 23:27:46 GMT
679 if a process reaches its soft
681 limit and has a handler installed for
683 then, in addition to invoking the signal handler,
684 the kernel increases the soft limit by one second.
685 This behavior repeats if the process continues to consume CPU time,
686 until the hard limit is reached,
687 at which point the process is killed.
688 Other implementations
689 .\" Tested Solaris 10, FreeBSD 9, OpenBSD 5.0
692 soft limit in this manner,
693 and the Linux behavior is probably not standards conformant;
694 portable applications should avoid relying on this Linux-specific behavior.
695 .\" FIXME . https://bugzilla.kernel.org/show_bug.cgi?id=50951
698 limit exhibits the same behavior when the soft limit is encountered.
700 Kernels before 2.4.22 did not diagnose the error
707 .IR rlim\->rlim_max .
708 .\" d3561f78fd379a7110e46c87964ba7aa4120235c
710 Linux doesn't return an error when an attempt to set
712 has failed, for compatibility reasons.
714 .SS Representation of """large""" resource limit values on 32-bit platforms
719 wrapper functions use a 64-bit
721 data type, even on 32-bit platforms.
724 data type used in the
728 system calls is a (32-bit)
729 .IR "unsigned long" .
730 .\" Linux still uses long for limits internally:
731 .\" c022a0acad534fd5f5d5f17280f6d4d135e74e81
732 .\" kernel/sys.c:do_prlimit() still uses struct rlimit which
733 .\" uses kernel_ulong_t for its members, i.e. 32-bit on 32-bit kernel.
734 Furthermore, in Linux,
735 the kernel represents resource limits on 32-bit platforms as
736 .IR "unsigned long" .
737 However, a 32-bit data type is not wide enough.
738 .\" https://bugzilla.kernel.org/show_bug.cgi?id=5042
739 .\" http://sources.redhat.com/bugzilla/show_bug.cgi?id=12201
740 The most pertinent limit here is
742 which specifies the maximum size to which a file can grow:
743 to be useful, this limit must be represented using a type
744 that is as wide as the type used to
745 represent file offsets\(emthat is, as wide as a 64-bit
747 (assuming a program compiled with
748 .IR _FILE_OFFSET_BITS=64 ).
750 To work around this kernel limitation,
751 if a program tried to set a resource limit to a value larger than
752 can be represented in a 32-bit
753 .IR "unsigned long" ,
756 wrapper function silently converted the limit value to
758 In other words, the requested resource limit setting was silently ignored.
761 .\" https://www.sourceware.org/bugzilla/show_bug.cgi?id=12201
762 glibc works around the limitations of the
766 system calls by implementing
770 as wrapper functions that call
773 The program below demonstrates the use of
776 .\" SRC BEGIN (getrlimit.c)
779 #define _FILE_OFFSET_BITS 64
783 #include <sys/resource.h>
786 #define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \e
790 main(int argc, char *argv[])
792 struct rlimit old, new;
796 if (!(argc == 2 || argc == 4)) {
797 fprintf(stderr, "Usage: %s <pid> [<new\-soft\-limit> "
798 "<new\-hard\-limit>]\en", argv[0]);
802 pid = atoi(argv[1]); /* PID of target process */
806 new.rlim_cur = atoi(argv[2]);
807 new.rlim_max = atoi(argv[3]);
811 /* Set CPU time limit of target process; retrieve and display
814 if (prlimit(pid, RLIMIT_CPU, newp, &old) == \-1)
815 errExit("prlimit\-1");
816 printf("Previous limits: soft=%jd; hard=%jd\en",
817 (intmax_t) old.rlim_cur, (intmax_t) old.rlim_max);
819 /* Retrieve and display new CPU time limit */
821 if (prlimit(pid, RLIMIT_CPU, NULL, &old) == \-1)
822 errExit("prlimit\-2");
823 printf("New limits: soft=%jd; hard=%jd\en",
824 (intmax_t) old.rlim_cur, (intmax_t) old.rlim_max);
846 .BR capabilities (7),