diff options
-rw-r--r-- | src/daemon/daemon-conf.c | 84 | ||||
-rw-r--r-- | src/daemon/daemon-conf.h | 22 | ||||
-rw-r--r-- | src/daemon/daemon.conf.in | 10 | ||||
-rw-r--r-- | src/daemon/main.c | 37 | ||||
-rw-r--r-- | todo | 2 |
5 files changed, 153 insertions, 2 deletions
diff --git a/src/daemon/daemon-conf.c b/src/daemon/daemon-conf.c index 2577578cc..12ee08001 100644 --- a/src/daemon/daemon-conf.c +++ b/src/daemon/daemon-conf.c @@ -73,6 +73,20 @@ static const pa_daemon_conf default_conf = { .config_file = NULL, .use_pid_file = 1, .system_instance = 0 +#ifdef HAVE_SYS_RESOURCE_H + , .rlimit_as = { .value = 0, .is_set = 0 }, + .rlimit_core = { .value = 0, .is_set = 0 }, + .rlimit_data = { .value = 0, .is_set = 0 }, + .rlimit_fsize = { .value = 0, .is_set = 0 }, + .rlimit_nofile = { .value = 25, .is_set = 1 }, + .rlimit_stack = { .value = 0, .is_set = 0 } +#ifdef RLIMIT_NPROC + , .rlimit_nproc = { .value = 0, .is_set = 0 } +#endif +#ifdef RLIMIT_MEMLOCK + , .rlimit_memlock = { .value = 0, .is_set = 1 } +#endif +#endif }; pa_daemon_conf* pa_daemon_conf_new(void) { @@ -184,6 +198,30 @@ static int parse_resample_method(const char *filename, unsigned line, const char return 0; } +static int parse_rlimit(const char *filename, unsigned line, const char *lvalue, const char *rvalue, void *data, PA_GCC_UNUSED void *userdata) { + pa_rlimit *r = data; + assert(filename); + assert(lvalue); + assert(rvalue); + assert(r); + + if (rvalue[strspn(rvalue, "\t ")] == 0) { + /* Empty string */ + r->is_set = 0; + r->value = 0; + } else { + int32_t k; + if (pa_atoi(rvalue, &k) < 0) { + pa_log(__FILE__": [%s:%u] Inavalid rlimit '%s'.", filename, line, rvalue); + return -1; + } + r->is_set = k >= 0; + r->value = k >= 0 ? (rlim_t) k : 0; + } + + return 0; +} + int pa_daemon_conf_load(pa_daemon_conf *c, const char *filename) { int r = -1; FILE *f = NULL; @@ -204,6 +242,20 @@ int pa_daemon_conf_load(pa_daemon_conf *c, const char *filename) { { "resample-method", parse_resample_method, NULL }, { "use-pid-file", pa_config_parse_bool, NULL }, { "system-instance", pa_config_parse_bool, NULL }, +#ifdef HAVE_SYS_RESOURCE_H + { "rlimit-as", parse_rlimit, NULL }, + { "rlimit-core", parse_rlimit, NULL }, + { "rlimit-data", parse_rlimit, NULL }, + { "rlimit-fsize", parse_rlimit, NULL }, + { "rlimit-nofile", parse_rlimit, NULL }, + { "rlimit-stack", parse_rlimit, NULL }, +#ifdef RLIMIT_NPROC + { "rlimit-nproc", parse_rlimit, NULL }, +#endif +#ifdef RLIMIT_MEMLOCK + { "rlimit-memlock", parse_rlimit, NULL }, +#endif +#endif { NULL, NULL, NULL }, }; @@ -222,6 +274,24 @@ int pa_daemon_conf_load(pa_daemon_conf *c, const char *filename) { table[12].data = c; table[13].data = &c->use_pid_file; table[14].data = &c->system_instance; +#ifdef HAVE_SYS_RESOURCE_H + table[15].data = &c->rlimit_as; + table[16].data = &c->rlimit_core; + table[17].data = &c->rlimit_data; + table[18].data = &c->rlimit_fsize; + table[19].data = &c->rlimit_nofile; + table[20].data = &c->rlimit_stack; +#ifdef RLIMIT_NPROC + table[21].data = &c->rlimit_nproc; +#endif +#ifdef RLIMIT_MEMLOCK +#ifndef RLIMIT_NPROC +#error "Houston, we have a numbering problem!" +#endif + table[22].data = &c->rlimit_memlock; +#endif +#endif + pa_xfree(c->config_file); c->config_file = NULL; @@ -289,6 +359,20 @@ char *pa_daemon_conf_dump(pa_daemon_conf *c) { pa_strbuf_printf(s, "resample-method = %s\n", pa_resample_method_to_string(c->resample_method)); pa_strbuf_printf(s, "use-pid-file = %i\n", c->use_pid_file); pa_strbuf_printf(s, "system-instance = %i\n", !!c->system_instance); +#ifdef HAVE_SYS_RESOURCE_H + pa_strbuf_printf(s, "rlimit-as = %li\n", c->rlimit_as.is_set ? (long int) c->rlimit_as.value : -1); + pa_strbuf_printf(s, "rlimit-core = %li\n", c->rlimit_core.is_set ? (long int) c->rlimit_core.value : -1); + pa_strbuf_printf(s, "rlimit-data = %li\n", c->rlimit_data.is_set ? (long int) c->rlimit_data.value : -1); + pa_strbuf_printf(s, "rlimit-fsize = %li\n", c->rlimit_fsize.is_set ? (long int) c->rlimit_fsize.value : -1); + pa_strbuf_printf(s, "rlimit-nofile = %li\n", c->rlimit_nofile.is_set ? (long int) c->rlimit_nofile.value : -1); + pa_strbuf_printf(s, "rlimit-stack = %li\n", c->rlimit_stack.is_set ? (long int) c->rlimit_stack.value : -1); +#ifdef RLIMIT_NPROC + pa_strbuf_printf(s, "rlimit-nproc = %li\n", c->rlimit_nproc.is_set ? (long int) c->rlimit_nproc.value : -1); +#endif +#ifdef RLIMIT_MEMLOCK + pa_strbuf_printf(s, "rlimit-memlock = %li\n", c->rlimit_memlock.is_set ? (long int) c->rlimit_memlock.value : -1); +#endif +#endif return pa_strbuf_tostring_free(s); } diff --git a/src/daemon/daemon-conf.h b/src/daemon/daemon-conf.h index bfea73583..a09773f14 100644 --- a/src/daemon/daemon-conf.h +++ b/src/daemon/daemon-conf.h @@ -24,6 +24,10 @@ #include <pulsecore/log.h> +#ifdef HAVE_SYS_RESOURCE_H +#include <sys/resource.h> +#endif + /* The actual command to execute */ typedef enum pa_daemon_conf_cmd { PA_CMD_DAEMON, /* the default */ @@ -35,6 +39,13 @@ typedef enum pa_daemon_conf_cmd { PA_CMD_CHECK } pa_daemon_conf_cmd_t; +#ifdef HAVE_SYS_RESOURCE_H +typedef struct pa_rlimit { + rlim_t value; + int is_set; +} pa_rlimit; +#endif + /* A structure containing configuration data for the PulseAudio server . */ typedef struct pa_daemon_conf { pa_daemon_conf_cmd_t cmd; @@ -53,6 +64,17 @@ typedef struct pa_daemon_conf { pa_log_level_t log_level; int resample_method; char *config_file; + +#ifdef HAVE_SYS_RESOURCE_H + pa_rlimit rlimit_as, rlimit_core, rlimit_data, rlimit_fsize, rlimit_nofile, rlimit_stack; +#ifdef RLIMIT_NPROC + pa_rlimit rlimit_nproc; +#endif +#ifdef RLIMIT_MEMLOCK + pa_rlimit rlimit_memlock; +#endif +#endif + } pa_daemon_conf; /* Allocate a new structure and fill it with sane defaults */ diff --git a/src/daemon/daemon.conf.in b/src/daemon/daemon.conf.in index 30628969e..787405f8f 100644 --- a/src/daemon/daemon.conf.in +++ b/src/daemon/daemon.conf.in @@ -81,3 +81,13 @@ ## Run the daemon as system-wide instance, requires root priviliges ; system-instance = 0 + +## Resource limits, see getrlimit(2) for more information +; rlimit-as = -1 +; rlimit-core = -1 +; rlimit-data = -1 +; rlimit-fsize = -1 +; rlimit-nofile = 25 +; rlimit-stack = -1 +; rlimit-nproc = -1 +; rlimit-memlock = 25 diff --git a/src/daemon/main.c b/src/daemon/main.c index 63452f6f5..517d99845 100644 --- a/src/daemon/main.c +++ b/src/daemon/main.c @@ -258,6 +258,37 @@ static int create_runtime_dir(void) { return 0; } +#ifdef HAVE_SYS_RESOURCE_H + +static void set_one_rlimit(const pa_rlimit *r, int resource, const char *name) { + struct rlimit rl; + assert(r); + + if (!r->is_set) + return; + + rl.rlim_cur = rl.rlim_max = r->value; + + if (setrlimit(resource, &rl) < 0) + pa_log_warn(__FILE__": setrlimit(%s, (%u, %u)) failed: %s", name, (unsigned) r->value, (unsigned) r->value, pa_cstrerror(errno)); +} + +static void set_all_rlimits(const pa_daemon_conf *conf) { + set_one_rlimit(&conf->rlimit_as, RLIMIT_AS, "RLIMIT_AS"); + set_one_rlimit(&conf->rlimit_core, RLIMIT_CORE, "RLIMIT_CORE"); + set_one_rlimit(&conf->rlimit_data, RLIMIT_DATA, "RLIMIT_DATA"); + set_one_rlimit(&conf->rlimit_fsize, RLIMIT_FSIZE, "RLIMIT_FSIZE"); + set_one_rlimit(&conf->rlimit_nofile, RLIMIT_NOFILE, "RLIMIT_NOFILE"); + set_one_rlimit(&conf->rlimit_stack, RLIMIT_STACK, "RLIMIT_STACK"); +#ifdef RLIMIT_NPROC + set_one_rlimit(&conf->rlimit_nproc, RLIMIT_NPROC, "RLIMIT_NPROC"); +#endif +#ifdef RLIMIT_MEMLOCK + set_one_rlimit(&conf->rlimit_memlock, RLIMIT_MEMLOCK, "RLIMIT_MEMLOCK"); +#endif +} +#endif + int main(int argc, char *argv[]) { pa_core *c; pa_strbuf *buf = NULL; @@ -335,7 +366,7 @@ int main(int argc, char *argv[]) { if (suid_root) pa_drop_root(); - + if (conf->dl_search_path) lt_dlsetsearchpath(conf->dl_search_path); @@ -502,6 +533,10 @@ int main(int argc, char *argv[]) { valid_pid_file = 1; } +#ifdef HAVE_SYS_RESOURCE_H + set_all_rlimits(conf); +#endif + #ifdef SIGPIPE signal(SIGPIPE, SIG_IGN); #endif @@ -35,7 +35,7 @@ Post 0.9.0: - key rings for auth - challenge response auth - sasl auth -- setrlimit +- IP ACLs Long term: - pass meta info for hearing impaired |