return r;
}
+
+// PIDs
+
+int pakfire_cgroup_set_pid_limit(struct pakfire_cgroup* cgroup, size_t limit) {
+ int r;
+
+ // Enable PID controller
+ r = pakfire_cgroup_enable_controllers(cgroup, PAKFIRE_CGROUP_CONTROLLER_PIDS);
+ if (r)
+ return r;
+
+ DEBUG(cgroup->pakfire, "%s: Setting PID limit to %zu\n",
+ pakfire_cgroup_name(cgroup), limit);
+
+ // Set value
+ r = pakfire_cgroup_write(cgroup, "pids.max", "%zu\n", limit);
+ if (r)
+ ERROR(cgroup->pakfire, "%s: Could not set PID limit: %m\n",
+ pakfire_cgroup_name(cgroup));
+
+ return r;
+}
int pakfire_cgroup_set_guaranteed_memory(struct pakfire_cgroup* cgroup, size_t mem);
int pakfire_cgroup_set_memory_limit(struct pakfire_cgroup* cgroup, size_t mem);
+// PIDs
+int pakfire_cgroup_set_pid_limit(struct pakfire_cgroup* cgroup, size_t limit);
+
#endif /* PAKFIRE_PRIVATE */
#endif /* PAKFIRE_CGROUP_H */
return r;
}
+static int test_pid_limit(const struct test* t) {
+ struct pakfire_cgroup* cgroup = NULL;
+ struct pakfire_jail* jail = NULL;
+ int r = EXIT_FAILURE;
+
+ const char* argv[] = {
+ "/command", "fork-bomb", NULL,
+ };
+
+ // Create cgroup
+ ASSERT_SUCCESS(pakfire_cgroup_open(&cgroup, t->pakfire, "pakfire-test", 0));
+
+ // Create jail
+ ASSERT_SUCCESS(pakfire_jail_create(&jail, t->pakfire, 0));
+
+ // Connect jail to the cgroup
+ ASSERT_SUCCESS(pakfire_jail_set_cgroup(jail, cgroup));
+
+ // Set a PID limit of 100 processes
+ ASSERT_SUCCESS(pakfire_cgroup_set_pid_limit(cgroup, 100));
+
+ // Try to fork as many processes as possible
+ ASSERT_FAILURE(pakfire_jail_exec(jail, argv, NULL));
+
+ // Success
+ r = EXIT_SUCCESS;
+
+FAIL:
+ if (jail)
+ pakfire_jail_unref(jail);
+ if (cgroup) {
+ pakfire_cgroup_destroy(cgroup);
+ pakfire_cgroup_unref(cgroup);
+ }
+
+ return r;
+}
+
int main(int argc, const char* argv[]) {
testsuite_add_test(test_create);
testsuite_add_test(test_env);
testsuite_add_test(test_launch_into_cgroup);
testsuite_add_test(test_nice);
testsuite_add_test(test_memory_limit);
+ testsuite_add_test(test_pid_limit);
return testsuite_run(argc, argv);
}