summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/daemon/daemon-conf.c84
-rw-r--r--src/daemon/daemon-conf.h22
-rw-r--r--src/daemon/daemon.conf.in10
-rw-r--r--src/daemon/main.c37
-rw-r--r--todo2
5 files changed, 153 insertions, 2 deletions
diff --git a/src/daemon/daemon-conf.c b/src/daemon/daemon-conf.c
index 2577578cc..12ee08001 100644
--- a/src/daemon/daemon-conf.c
+++ b/src/daemon/daemon-conf.c
@@ -73,6 +73,20 @@ static const pa_daemon_conf default_conf = {
.config_file = NULL,
.use_pid_file = 1,
.system_instance = 0
+#ifdef HAVE_SYS_RESOURCE_H
+ , .rlimit_as = { .value = 0, .is_set = 0 },
+ .rlimit_core = { .value = 0, .is_set = 0 },
+ .rlimit_data = { .value = 0, .is_set = 0 },
+ .rlimit_fsize = { .value = 0, .is_set = 0 },
+ .rlimit_nofile = { .value = 25, .is_set = 1 },
+ .rlimit_stack = { .value = 0, .is_set = 0 }
+#ifdef RLIMIT_NPROC
+ , .rlimit_nproc = { .value = 0, .is_set = 0 }
+#endif
+#ifdef RLIMIT_MEMLOCK
+ , .rlimit_memlock = { .value = 0, .is_set = 1 }
+#endif
+#endif
};
pa_daemon_conf* pa_daemon_conf_new(void) {
@@ -184,6 +198,30 @@ static int parse_resample_method(const char *filename, unsigned line, const char
return 0;
}
+static int parse_rlimit(const char *filename, unsigned line, const char *lvalue, const char *rvalue, void *data, PA_GCC_UNUSED void *userdata) {
+ pa_rlimit *r = data;
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(r);
+
+ if (rvalue[strspn(rvalue, "\t ")] == 0) {
+ /* Empty string */
+ r->is_set = 0;
+ r->value = 0;
+ } else {
+ int32_t k;
+ if (pa_atoi(rvalue, &k) < 0) {
+ pa_log(__FILE__": [%s:%u] Inavalid rlimit '%s'.", filename, line, rvalue);
+ return -1;
+ }
+ r->is_set = k >= 0;
+ r->value = k >= 0 ? (rlim_t) k : 0;
+ }
+
+ return 0;
+}
+
int pa_daemon_conf_load(pa_daemon_conf *c, const char *filename) {
int r = -1;
FILE *f = NULL;
@@ -204,6 +242,20 @@ int pa_daemon_conf_load(pa_daemon_conf *c, const char *filename) {
{ "resample-method", parse_resample_method, NULL },
{ "use-pid-file", pa_config_parse_bool, NULL },
{ "system-instance", pa_config_parse_bool, NULL },
+#ifdef HAVE_SYS_RESOURCE_H
+ { "rlimit-as", parse_rlimit, NULL },
+ { "rlimit-core", parse_rlimit, NULL },
+ { "rlimit-data", parse_rlimit, NULL },
+ { "rlimit-fsize", parse_rlimit, NULL },
+ { "rlimit-nofile", parse_rlimit, NULL },
+ { "rlimit-stack", parse_rlimit, NULL },
+#ifdef RLIMIT_NPROC
+ { "rlimit-nproc", parse_rlimit, NULL },
+#endif
+#ifdef RLIMIT_MEMLOCK
+ { "rlimit-memlock", parse_rlimit, NULL },
+#endif
+#endif
{ NULL, NULL, NULL },
};
@@ -222,6 +274,24 @@ int pa_daemon_conf_load(pa_daemon_conf *c, const char *filename) {
table[12].data = c;
table[13].data = &c->use_pid_file;
table[14].data = &c->system_instance;
+#ifdef HAVE_SYS_RESOURCE_H
+ table[15].data = &c->rlimit_as;
+ table[16].data = &c->rlimit_core;
+ table[17].data = &c->rlimit_data;
+ table[18].data = &c->rlimit_fsize;
+ table[19].data = &c->rlimit_nofile;
+ table[20].data = &c->rlimit_stack;
+#ifdef RLIMIT_NPROC
+ table[21].data = &c->rlimit_nproc;
+#endif
+#ifdef RLIMIT_MEMLOCK
+#ifndef RLIMIT_NPROC
+#error "Houston, we have a numbering problem!"
+#endif
+ table[22].data = &c->rlimit_memlock;
+#endif
+#endif
+
pa_xfree(c->config_file);
c->config_file = NULL;
@@ -289,6 +359,20 @@ char *pa_daemon_conf_dump(pa_daemon_conf *c) {
pa_strbuf_printf(s, "resample-method = %s\n", pa_resample_method_to_string(c->resample_method));
pa_strbuf_printf(s, "use-pid-file = %i\n", c->use_pid_file);
pa_strbuf_printf(s, "system-instance = %i\n", !!c->system_instance);
+#ifdef HAVE_SYS_RESOURCE_H
+ pa_strbuf_printf(s, "rlimit-as = %li\n", c->rlimit_as.is_set ? (long int) c->rlimit_as.value : -1);
+ pa_strbuf_printf(s, "rlimit-core = %li\n", c->rlimit_core.is_set ? (long int) c->rlimit_core.value : -1);
+ pa_strbuf_printf(s, "rlimit-data = %li\n", c->rlimit_data.is_set ? (long int) c->rlimit_data.value : -1);
+ pa_strbuf_printf(s, "rlimit-fsize = %li\n", c->rlimit_fsize.is_set ? (long int) c->rlimit_fsize.value : -1);
+ pa_strbuf_printf(s, "rlimit-nofile = %li\n", c->rlimit_nofile.is_set ? (long int) c->rlimit_nofile.value : -1);
+ pa_strbuf_printf(s, "rlimit-stack = %li\n", c->rlimit_stack.is_set ? (long int) c->rlimit_stack.value : -1);
+#ifdef RLIMIT_NPROC
+ pa_strbuf_printf(s, "rlimit-nproc = %li\n", c->rlimit_nproc.is_set ? (long int) c->rlimit_nproc.value : -1);
+#endif
+#ifdef RLIMIT_MEMLOCK
+ pa_strbuf_printf(s, "rlimit-memlock = %li\n", c->rlimit_memlock.is_set ? (long int) c->rlimit_memlock.value : -1);
+#endif
+#endif
return pa_strbuf_tostring_free(s);
}
diff --git a/src/daemon/daemon-conf.h b/src/daemon/daemon-conf.h
index bfea73583..a09773f14 100644
--- a/src/daemon/daemon-conf.h
+++ b/src/daemon/daemon-conf.h
@@ -24,6 +24,10 @@
#include <pulsecore/log.h>
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+
/* The actual command to execute */
typedef enum pa_daemon_conf_cmd {
PA_CMD_DAEMON, /* the default */
@@ -35,6 +39,13 @@ typedef enum pa_daemon_conf_cmd {
PA_CMD_CHECK
} pa_daemon_conf_cmd_t;
+#ifdef HAVE_SYS_RESOURCE_H
+typedef struct pa_rlimit {
+ rlim_t value;
+ int is_set;
+} pa_rlimit;
+#endif
+
/* A structure containing configuration data for the PulseAudio server . */
typedef struct pa_daemon_conf {
pa_daemon_conf_cmd_t cmd;
@@ -53,6 +64,17 @@ typedef struct pa_daemon_conf {
pa_log_level_t log_level;
int resample_method;
char *config_file;
+
+#ifdef HAVE_SYS_RESOURCE_H
+ pa_rlimit rlimit_as, rlimit_core, rlimit_data, rlimit_fsize, rlimit_nofile, rlimit_stack;
+#ifdef RLIMIT_NPROC
+ pa_rlimit rlimit_nproc;
+#endif
+#ifdef RLIMIT_MEMLOCK
+ pa_rlimit rlimit_memlock;
+#endif
+#endif
+
} pa_daemon_conf;
/* Allocate a new structure and fill it with sane defaults */
diff --git a/src/daemon/daemon.conf.in b/src/daemon/daemon.conf.in
index 30628969e..787405f8f 100644
--- a/src/daemon/daemon.conf.in
+++ b/src/daemon/daemon.conf.in
@@ -81,3 +81,13 @@
## Run the daemon as system-wide instance, requires root priviliges
; system-instance = 0
+
+## Resource limits, see getrlimit(2) for more information
+; rlimit-as = -1
+; rlimit-core = -1
+; rlimit-data = -1
+; rlimit-fsize = -1
+; rlimit-nofile = 25
+; rlimit-stack = -1
+; rlimit-nproc = -1
+; rlimit-memlock = 25
diff --git a/src/daemon/main.c b/src/daemon/main.c
index 63452f6f5..517d99845 100644
--- a/src/daemon/main.c
+++ b/src/daemon/main.c
@@ -258,6 +258,37 @@ static int create_runtime_dir(void) {
return 0;
}
+#ifdef HAVE_SYS_RESOURCE_H
+
+static void set_one_rlimit(const pa_rlimit *r, int resource, const char *name) {
+ struct rlimit rl;
+ assert(r);
+
+ if (!r->is_set)
+ return;
+
+ rl.rlim_cur = rl.rlim_max = r->value;
+
+ if (setrlimit(resource, &rl) < 0)
+ pa_log_warn(__FILE__": setrlimit(%s, (%u, %u)) failed: %s", name, (unsigned) r->value, (unsigned) r->value, pa_cstrerror(errno));
+}
+
+static void set_all_rlimits(const pa_daemon_conf *conf) {
+ set_one_rlimit(&conf->rlimit_as, RLIMIT_AS, "RLIMIT_AS");
+ set_one_rlimit(&conf->rlimit_core, RLIMIT_CORE, "RLIMIT_CORE");
+ set_one_rlimit(&conf->rlimit_data, RLIMIT_DATA, "RLIMIT_DATA");
+ set_one_rlimit(&conf->rlimit_fsize, RLIMIT_FSIZE, "RLIMIT_FSIZE");
+ set_one_rlimit(&conf->rlimit_nofile, RLIMIT_NOFILE, "RLIMIT_NOFILE");
+ set_one_rlimit(&conf->rlimit_stack, RLIMIT_STACK, "RLIMIT_STACK");
+#ifdef RLIMIT_NPROC
+ set_one_rlimit(&conf->rlimit_nproc, RLIMIT_NPROC, "RLIMIT_NPROC");
+#endif
+#ifdef RLIMIT_MEMLOCK
+ set_one_rlimit(&conf->rlimit_memlock, RLIMIT_MEMLOCK, "RLIMIT_MEMLOCK");
+#endif
+}
+#endif
+
int main(int argc, char *argv[]) {
pa_core *c;
pa_strbuf *buf = NULL;
@@ -335,7 +366,7 @@ int main(int argc, char *argv[]) {
if (suid_root)
pa_drop_root();
-
+
if (conf->dl_search_path)
lt_dlsetsearchpath(conf->dl_search_path);
@@ -502,6 +533,10 @@ int main(int argc, char *argv[]) {
valid_pid_file = 1;
}
+#ifdef HAVE_SYS_RESOURCE_H
+ set_all_rlimits(conf);
+#endif
+
#ifdef SIGPIPE
signal(SIGPIPE, SIG_IGN);
#endif
diff --git a/todo b/todo
index 0173ccd92..cdc973733 100644
--- a/todo
+++ b/todo
@@ -35,7 +35,7 @@ Post 0.9.0:
- key rings for auth
- challenge response auth
- sasl auth
-- setrlimit
+- IP ACLs
Long term:
- pass meta info for hearing impaired