1 files changed, 62 insertions, 0 deletions
diff --git a/src/firejail/rlimit.c b/src/firejail/rlimit.c
new file mode 100644
index 000000000..6c755a08d
--- /dev/null
+++ b/src/firejail/rlimit.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) 2014, 2015 netblue30 (netblue30@yahoo.com)
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "firejail.h"
+#include <sys/time.h>
+#include <sys/resource.h>
+void set_rlimits(void) {
+        // resource limits
+        struct rlimit rl;
+        if (arg_rlimit_nofile) {
+                rl.rlim_cur = (rlim_t) cfg.rlimit_nofile;
+                rl.rlim_max = (rlim_t) cfg.rlimit_nofile;
+                if (setrlimit(RLIMIT_NOFILE, &rl) == -1)
+                        errExit("setrlimit");
+                if (arg_debug)
+                        printf("Config rlimit: number of open file descriptors %u\n", cfg.rlimit_nofile);
+        }
+        if (arg_rlimit_nproc) {
+                rl.rlim_cur = (rlim_t) cfg.rlimit_nproc;
+                rl.rlim_max = (rlim_t) cfg.rlimit_nproc;
+                if (setrlimit(RLIMIT_NPROC, &rl) == -1)
+                        errExit("setrlimit");
+                if (arg_debug)
+                        printf("Config rlimit: number of processes %u\n", cfg.rlimit_nproc);
+        }
+        
+        if (arg_rlimit_fsize) {
+                rl.rlim_cur = (rlim_t) cfg.rlimit_fsize;
+                rl.rlim_max = (rlim_t) cfg.rlimit_fsize;
+                if (setrlimit(RLIMIT_FSIZE, &rl) == -1)
+                        errExit("setrlimit");
+                if (arg_debug)
+                        printf("Config rlimit: maximum file size %u\n", cfg.rlimit_fsize);
+        }
+        
+        if (arg_rlimit_sigpending) {
+                rl.rlim_cur = (rlim_t) cfg.rlimit_sigpending;
+                rl.rlim_max = (rlim_t) cfg.rlimit_sigpending;
+                if (setrlimit(RLIMIT_SIGPENDING, &rl) == -1)
+                        errExit("setrlimit");
+                if (arg_debug)
+                        printf("Config rlimit: maximum number of signals pending %u\n", cfg.rlimit_sigpending);
+        }
+}

diff --git a/src/firejail/rlimit.c b/src/firejail/rlimit.c new file mode 100644 index 000000000..6c755a08d --- /dev/null +++ b/src/firejail/rlimit.c
@@ -0,0 +1,62 @@
	1	/*
	2	* Copyright (C) 2014, 2015 netblue30 (netblue30@yahoo.com)
	3	*
	4	* This file is part of firejail project
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License as published by
	8	* the Free Software Foundation; either version 2 of the License, or
	9	* (at your option) any later version.
	10	*
	11	* This program is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	* GNU General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU General Public License along
	17	* with this program; if not, write to the Free Software Foundation, Inc.,
	18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	19	*/
	20	#include "firejail.h"
	21	#include <sys/time.h>
	22	#include <sys/resource.h>
	23
	24	void set_rlimits(void) {
	25	// resource limits
	26	struct rlimit rl;
	27	if (arg_rlimit_nofile) {
	28	rl.rlim_cur = (rlim_t) cfg.rlimit_nofile;
	29	rl.rlim_max = (rlim_t) cfg.rlimit_nofile;
	30	if (setrlimit(RLIMIT_NOFILE, &rl) == -1)
	31	errExit("setrlimit");
	32	if (arg_debug)
	33	printf("Config rlimit: number of open file descriptors %u\n", cfg.rlimit_nofile);
	34	}
	35
	36	if (arg_rlimit_nproc) {
	37	rl.rlim_cur = (rlim_t) cfg.rlimit_nproc;
	38	rl.rlim_max = (rlim_t) cfg.rlimit_nproc;
	39	if (setrlimit(RLIMIT_NPROC, &rl) == -1)
	40	errExit("setrlimit");
	41	if (arg_debug)
	42	printf("Config rlimit: number of processes %u\n", cfg.rlimit_nproc);
	43	}
	44
	45	if (arg_rlimit_fsize) {
	46	rl.rlim_cur = (rlim_t) cfg.rlimit_fsize;
	47	rl.rlim_max = (rlim_t) cfg.rlimit_fsize;
	48	if (setrlimit(RLIMIT_FSIZE, &rl) == -1)
	49	errExit("setrlimit");
	50	if (arg_debug)
	51	printf("Config rlimit: maximum file size %u\n", cfg.rlimit_fsize);
	52	}
	53
	54	if (arg_rlimit_sigpending) {
	55	rl.rlim_cur = (rlim_t) cfg.rlimit_sigpending;
	56	rl.rlim_max = (rlim_t) cfg.rlimit_sigpending;
	57	if (setrlimit(RLIMIT_SIGPENDING, &rl) == -1)
	58	errExit("setrlimit");
	59	if (arg_debug)
	60	printf("Config rlimit: maximum number of signals pending %u\n", cfg.rlimit_sigpending);
	61	}
	62	}