diff options
author | startx2017 <vradu.startx@yandex.com> | 2017-10-15 09:00:31 -0400 |
---|---|---|
committer | startx2017 <vradu.startx@yandex.com> | 2017-10-15 09:00:31 -0400 |
commit | 5ee09312da788ebd91184c2be0591da32fbf8e41 (patch) | |
tree | fa866fc47933f83456a0b871df6b16c2efc75445 /src | |
parent | globbing - manpage (diff) | |
download | firejail-5ee09312da788ebd91184c2be0591da32fbf8e41.tar.gz firejail-5ee09312da788ebd91184c2be0591da32fbf8e41.tar.zst firejail-5ee09312da788ebd91184c2be0591da32fbf8e41.zip |
merge --rlimit-as
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 7 | ||||
-rw-r--r-- | src/firejail/rlimit.c | 2 | ||||
-rw-r--r-- | src/firejail/usage.c | 2 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 3 | ||||
-rw-r--r-- | src/man/firejail.txt | 4 |
5 files changed, 16 insertions, 2 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 458bba6f6..584d0c293 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -71,7 +71,7 @@ int arg_rlimit_nofile = 0; // rlimit nofile | |||
71 | int arg_rlimit_nproc = 0; // rlimit nproc | 71 | int arg_rlimit_nproc = 0; // rlimit nproc |
72 | int arg_rlimit_fsize = 0; // rlimit fsize | 72 | int arg_rlimit_fsize = 0; // rlimit fsize |
73 | int arg_rlimit_sigpending = 0; // rlimit fsize | 73 | int arg_rlimit_sigpending = 0; // rlimit fsize |
74 | int arg_rlimit_as = 0; // rlimit as | 74 | int arg_rlimit_as = 0; // rlimit as |
75 | int arg_nogroups = 0; // disable supplementary groups | 75 | int arg_nogroups = 0; // disable supplementary groups |
76 | int arg_nonewprivs = 0; // set the NO_NEW_PRIVS prctl | 76 | int arg_nonewprivs = 0; // set the NO_NEW_PRIVS prctl |
77 | int arg_noroot = 0; // create a new user namespace and disable root user | 77 | int arg_noroot = 0; // create a new user namespace and disable root user |
@@ -1271,6 +1271,11 @@ int main(int argc, char **argv) { | |||
1271 | sscanf(argv[i] + 20, "%llu", &cfg.rlimit_sigpending); | 1271 | sscanf(argv[i] + 20, "%llu", &cfg.rlimit_sigpending); |
1272 | arg_rlimit_sigpending = 1; | 1272 | arg_rlimit_sigpending = 1; |
1273 | } | 1273 | } |
1274 | else if (strncmp(argv[i], "--rlimit-as=", 12) == 0) { | ||
1275 | check_unsigned(argv[i] + 12, "Error: invalid rlimit"); | ||
1276 | sscanf(argv[i] + 12, "%llu", &cfg.rlimit_as); | ||
1277 | arg_rlimit_as = 1; | ||
1278 | } | ||
1274 | else if (strncmp(argv[i], "--ipc-namespace", 15) == 0) | 1279 | else if (strncmp(argv[i], "--ipc-namespace", 15) == 0) |
1275 | arg_ipc = 1; | 1280 | arg_ipc = 1; |
1276 | else if (strncmp(argv[i], "--cpu=", 6) == 0) | 1281 | else if (strncmp(argv[i], "--cpu=", 6) == 0) |
diff --git a/src/firejail/rlimit.c b/src/firejail/rlimit.c index ec5fb3791..e5720a22b 100644 --- a/src/firejail/rlimit.c +++ b/src/firejail/rlimit.c | |||
@@ -78,7 +78,7 @@ void set_rlimits(void) { | |||
78 | #ifdef HAVE_GCOV | 78 | #ifdef HAVE_GCOV |
79 | __gcov_dump(); | 79 | __gcov_dump(); |
80 | #endif | 80 | #endif |
81 | if (setrlimit(RLIMIT_AS, &rl) == -1) | 81 | if (setrlimit(RLIMIT_AS, &rl) == -1) |
82 | errExit("setrlimit"); | 82 | errExit("setrlimit"); |
83 | if (arg_debug) | 83 | if (arg_debug) |
84 | printf("Config rlimit: maximum virtual memory %llu\n", cfg.rlimit_as); | 84 | printf("Config rlimit: maximum virtual memory %llu\n", cfg.rlimit_as); |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 28b5cc8a4..f3b3aace5 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -169,6 +169,8 @@ void usage(void) { | |||
169 | printf(" --quiet - turn off Firejail's output.\n"); | 169 | printf(" --quiet - turn off Firejail's output.\n"); |
170 | printf(" --read-only=filename - set directory or file read-only..\n"); | 170 | printf(" --read-only=filename - set directory or file read-only..\n"); |
171 | printf(" --read-write=filename - set directory or file read-write.\n"); | 171 | printf(" --read-write=filename - set directory or file read-write.\n"); |
172 | printf(" --rlimit-as=number - set the maximum size of the process's virtual memory\n"); | ||
173 | printf("\t(address space) in bytes.\n"); | ||
172 | printf(" --rlimit-fsize=number - set the maximum file size that can be created\n"); | 174 | printf(" --rlimit-fsize=number - set the maximum file size that can be created\n"); |
173 | printf("\tby a process.\n"); | 175 | printf("\tby a process.\n"); |
174 | printf(" --rlimit-nofile=number - set the maximum number of files that can be\n"); | 176 | printf(" --rlimit-nofile=number - set the maximum number of files that can be\n"); |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 5825d3427..185420ba4 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -382,6 +382,9 @@ place the sandbox in an existing control group. | |||
382 | Examples: | 382 | Examples: |
383 | 383 | ||
384 | .TP | 384 | .TP |
385 | \fBrlimit-as 123456789012 | ||
386 | Set he maximum size of the process's virtual memory to 123456789012 bytes. | ||
387 | .TP | ||
385 | \fBrlimit-fsize 1024 | 388 | \fBrlimit-fsize 1024 |
386 | Set the maximum file size that can be created by a process to 1024 bytes. | 389 | Set the maximum file size that can be created by a process to 1024 bytes. |
387 | .TP | 390 | .TP |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 54a332e7f..7ba09ba8a 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1540,6 +1540,10 @@ $ firejail --read-only=~/test --read-write=~/test/a | |||
1540 | 1540 | ||
1541 | 1541 | ||
1542 | .TP | 1542 | .TP |
1543 | \fB\-\-rlimit-as=number | ||
1544 | Set the maximum size of the process's virtual memory (address space) in bytes. | ||
1545 | |||
1546 | .TP | ||
1543 | \fB\-\-rlimit-fsize=number | 1547 | \fB\-\-rlimit-fsize=number |
1544 | Set the maximum file size that can be created by a process. | 1548 | Set the maximum file size that can be created by a process. |
1545 | .TP | 1549 | .TP |