#include <unistd.h>
-void restrict_process_size(unsigned int size ATTR_UNUSED,
- unsigned int max_processes ATTR_UNUSED)
+void restrict_process_size(rlim_t bytes)
{
-#ifdef HAVE_SETRLIMIT
struct rlimit rlim;
-#ifdef HAVE_RLIMIT_NPROC
- if (max_processes < INT_MAX) {
- rlim.rlim_max = rlim.rlim_cur = max_processes;
- if (setrlimit(RLIMIT_NPROC, &rlim) < 0)
- i_fatal("setrlimit(RLIMIT_NPROC, %u): %m", size);
+ rlim.rlim_max = rlim.rlim_cur = bytes;
+ if (setrlimit(RLIMIT_DATA, &rlim) < 0) {
+ i_fatal("setrlimit(RLIMIT_DATA, %llu): %m",
+ (unsigned long long)bytes);
}
-#endif
-
- if (size > 0 && size < INT_MAX/1024/1024) {
- rlim.rlim_max = rlim.rlim_cur = size*1024*1024;
-
- if (setrlimit(RLIMIT_DATA, &rlim) < 0)
- i_fatal("setrlimit(RLIMIT_DATA, %u): %m", size);
#ifdef HAVE_RLIMIT_AS
- if (setrlimit(RLIMIT_AS, &rlim) < 0)
- i_fatal("setrlimit(RLIMIT_AS, %u): %m", size);
-#endif
+ if (setrlimit(RLIMIT_AS, &rlim) < 0) {
+ i_fatal("setrlimit(RLIMIT_AS, %llu): %m",
+ (unsigned long long)bytes);
}
-#else
- if (size != 0) {
- i_warning("Can't restrict process size: "
- "setrlimit() not supported by system. "
- "Set the limit to 0 to hide this warning.");
+#endif
+}
+
+void restrict_process_count(rlim_t count ATTR_UNUSED)
+{
+#ifdef HAVE_RLIMIT_NPROC
+ struct rlimit rlim;
+
+ rlim.rlim_max = rlim.rlim_cur = count;
+ if (setrlimit(RLIMIT_NPROC, &rlim) < 0) {
+ i_fatal("setrlimit(RLIMIT_NPROC, %llu): %m",
+ (unsigned long long)count);
}
#endif
}
-void restrict_fd_limit(unsigned int count)
+void restrict_fd_limit(rlim_t count)
{
#ifdef HAVE_SETRLIMIT
struct rlimit rlim;
rlim.rlim_cur = rlim.rlim_max = count;
- if (setrlimit(RLIMIT_NOFILE, &rlim) < 0)
- i_error("setrlimit(RLIMIT_NOFILE, %u): %m", count);
+ if (setrlimit(RLIMIT_NOFILE, &rlim) < 0) {
+ i_error("setrlimit(RLIMIT_NOFILE, %llu): %m",
+ (unsigned long long)count);
+ }
#endif
}
return -1;
#endif
}
+
+int restrict_get_process_limit(rlim_t *limit_r)
+{
+#ifdef HAVE_RLIMIT_NPROC
+ struct rlimit rlim;
+
+ if (getrlimit(RLIMIT_NPROC, &rlim) < 0) {
+ i_error("getrlimit(RLIMIT_NPROC) failed: %m");
+ return -1;
+ }
+ *limit_r = rlim.rlim_cur;
+ return 0;
+#else
+ return -1;
+#endif
+}
# include <sys/resource.h>
#endif
-/* Restrict max. process size. The size is in megabytes, setting it to
- (unsigned int)-1 sets it unlimited. */
-void restrict_process_size(unsigned int size, unsigned int max_processes);
+/* Restrict max. process size. */
+void restrict_process_size(rlim_t bytes);
+/* Restrict max. number of processes. */
+void restrict_process_count(rlim_t count);
/* Set fd limit to count. */
-void restrict_fd_limit(unsigned int count);
+void restrict_fd_limit(rlim_t count);
/* Get the core dump size limit. Returns 0 if ok, -1 if lookup failed. */
int restrict_get_core_limit(rlim_t *limit_r);
+/* Get the process count limit. Returns 0 if ok, -1 if lookup failed. */
+int restrict_get_process_limit(rlim_t *limit_r);
#endif
projects / thirdparty / dovecot / core.git / commitdiff
