merge --rlimit-as

5 files changed, 16 insertions, 2 deletions

diff --git a/src/firejail/main.c b/src/firejail/main.c
index 458bba6f6..584d0c293 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -71,7 +71,7 @@ int arg_rlimit_nofile = 0;			// rlimit nofile
 int arg_rlimit_nproc = 0;                       // rlimit nproc
 int arg_rlimit_fsize = 0;                               // rlimit fsize
 int arg_rlimit_sigpending = 0;                  // rlimit fsize
-int arg_rlimit_as = 0;                                  // rlimit as
+int arg_rlimit_as = 0;                          // rlimit as
 int arg_nogroups = 0;                           // disable supplementary groups
 int arg_nonewprivs = 0;                 // set the NO_NEW_PRIVS prctl
 int arg_noroot = 0;                             // create a new user namespace and disable root user
@@ -1271,6 +1271,11 @@ int main(int argc, char **argv) {
                         sscanf(argv[i] + 20, "%llu", &cfg.rlimit_sigpending);
                         arg_rlimit_sigpending = 1;
                 }
+                else if (strncmp(argv[i], "--rlimit-as=", 12) == 0) {
+                        check_unsigned(argv[i] + 12, "Error: invalid rlimit");
+                        sscanf(argv[i] + 12, "%llu", &cfg.rlimit_as);
+                        arg_rlimit_as = 1;
+                }
                 else if (strncmp(argv[i], "--ipc-namespace", 15) == 0)
                         arg_ipc = 1;
                 else if (strncmp(argv[i], "--cpu=", 6) == 0)
diff --git a/src/firejail/rlimit.c b/src/firejail/rlimit.c
index ec5fb3791..e5720a22b 100644
--- a/src/firejail/rlimit.c
+++ b/src/firejail/rlimit.c
@@ -78,7 +78,7 @@ void set_rlimits(void) {
 #ifdef HAVE_GCOV
                 __gcov_dump();
 #endif
-        if (setrlimit(RLIMIT_AS, &rl) == -1)
+                if (setrlimit(RLIMIT_AS, &rl) == -1)
                         errExit("setrlimit");
                 if (arg_debug)
                         printf("Config rlimit: maximum virtual memory %llu\n", cfg.rlimit_as);
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index 28b5cc8a4..f3b3aace5 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -169,6 +169,8 @@ void usage(void) {
         printf("    --quiet - turn off Firejail's output.\n");
         printf("    --read-only=filename - set directory or file read-only..\n");
         printf("    --read-write=filename - set directory or file read-write.\n");
+        printf("    --rlimit-as=number - set the maximum size of the process's virtual memory\n");
+        printf("\t(address space) in bytes.\n");
         printf("    --rlimit-fsize=number - set the maximum file size that can be created\n");
         printf("\tby a process.\n");
         printf("    --rlimit-nofile=number - set the maximum number of files that can be\n");
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 5825d3427..185420ba4 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -382,6 +382,9 @@ place the sandbox in an existing control group.
 Examples:
 
 .TP
+\fBrlimit-as 123456789012
+Set he maximum size of the process's virtual memory to 123456789012 bytes.
+.TP
 \fBrlimit-fsize 1024
 Set the maximum file size that can be created by a process to 1024 bytes.
 .TP
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 54a332e7f..7ba09ba8a 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1540,6 +1540,10 @@ $ firejail --read-only=~/test --read-write=~/test/a
 
 
 .TP
+\fB\-\-rlimit-as=number
+Set the maximum size of the process's virtual memory (address space) in bytes.
+
+.TP
 \fB\-\-rlimit-fsize=number
 Set the maximum file size that can be created by a process.
 .TP