add support to set resource limits for the daemon and set some of them to some sane...

git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1116 fefdeb5f-60dc-0310-8127-8f9354f1896f

diff --git a/src/daemon/daemon-conf.c b/src/daemon/daemon-conf.c
index 2577578ccdc8738e6504b7d050ed291ecf09914a..12ee080017a3755e65fad1cba52fd6233ca8b0d4 100644 (file)
--- a/src/daemon/daemon-conf.c
+++ b/src/daemon/daemon-conf.c
@@ -73,6 +73,20 @@ static const pa_daemon_conf default_conf = {
     .config_file = NULL,
     .use_pid_file = 1,
     .system_instance = 0
+#ifdef HAVE_SYS_RESOURCE_H
+    , .rlimit_as = { .value = 0, .is_set = 0 },
+    .rlimit_core = { .value = 0, .is_set = 0 },
+    .rlimit_data = { .value = 0, .is_set = 0 },
+    .rlimit_fsize = { .value = 0, .is_set = 0 },
+    .rlimit_nofile = { .value = 25, .is_set = 1 },
+    .rlimit_stack = { .value = 0, .is_set = 0 }
+#ifdef RLIMIT_NPROC
+    , .rlimit_nproc = { .value = 0, .is_set = 0 }
+#endif
+#ifdef RLIMIT_MEMLOCK
+    , .rlimit_memlock = { .value = 0, .is_set = 1 }
+#endif
+#endif
 };
 
 pa_daemon_conf* pa_daemon_conf_new(void) {
@@ -184,6 +198,30 @@ static int parse_resample_method(const char *filename, unsigned line, const char
     return 0;
 }
 
+static int parse_rlimit(const char *filename, unsigned line, const char *lvalue, const char *rvalue, void *data, PA_GCC_UNUSED void *userdata) {
+    pa_rlimit *r = data;
+    assert(filename);
+    assert(lvalue);
+    assert(rvalue);
+    assert(r);
+
+    if (rvalue[strspn(rvalue, "\t ")] == 0) {
+        /* Empty string */
+        r->is_set = 0;
+        r->value = 0;
+    } else {
+        int32_t k;
+        if (pa_atoi(rvalue, &k) < 0) {
+            pa_log(__FILE__": [%s:%u] Inavalid rlimit '%s'.", filename, line, rvalue);
+            return -1;
+        }
+        r->is_set = k >= 0;
+        r->value = k >= 0 ? (rlim_t) k : 0;
+    }
+
+    return 0;
+}
+
 int pa_daemon_conf_load(pa_daemon_conf *c, const char *filename) {
     int r = -1;
     FILE *f = NULL;
@@ -204,6 +242,20 @@ int pa_daemon_conf_load(pa_daemon_conf *c, const char *filename) {
         { "resample-method",         parse_resample_method,   NULL },
         { "use-pid-file",            pa_config_parse_bool,    NULL },
         { "system-instance",         pa_config_parse_bool,    NULL },
+#ifdef HAVE_SYS_RESOURCE_H
+        { "rlimit-as",               parse_rlimit,            NULL },
+        { "rlimit-core",             parse_rlimit,            NULL },
+        { "rlimit-data",             parse_rlimit,            NULL },
+        { "rlimit-fsize",            parse_rlimit,            NULL },
+        { "rlimit-nofile",           parse_rlimit,            NULL },
+        { "rlimit-stack",            parse_rlimit,            NULL },
+#ifdef RLIMIT_NPROC
+        { "rlimit-nproc",            parse_rlimit,            NULL },
+#endif
+#ifdef RLIMIT_MEMLOCK
+        { "rlimit-memlock",          parse_rlimit,            NULL },
+#endif
+#endif
         { NULL,                      NULL,                    NULL },
     };
     
@@ -222,6 +274,24 @@ int pa_daemon_conf_load(pa_daemon_conf *c, const char *filename) {
     table[12].data = c;
     table[13].data = &c->use_pid_file;
     table[14].data = &c->system_instance;
+#ifdef HAVE_SYS_RESOURCE_H
+    table[15].data = &c->rlimit_as;
+    table[16].data = &c->rlimit_core;
+    table[17].data = &c->rlimit_data;
+    table[18].data = &c->rlimit_fsize;
+    table[19].data = &c->rlimit_nofile;
+    table[20].data = &c->rlimit_stack;
+#ifdef RLIMIT_NPROC
+    table[21].data = &c->rlimit_nproc;
+#endif
+#ifdef RLIMIT_MEMLOCK
+#ifndef RLIMIT_NPROC
+#error "Houston, we have a numbering problem!"
+#endif
+    table[22].data = &c->rlimit_memlock;
+#endif
+#endif
+    
     
     pa_xfree(c->config_file);
     c->config_file = NULL;
@@ -289,6 +359,20 @@ char *pa_daemon_conf_dump(pa_daemon_conf *c) {
     pa_strbuf_printf(s, "resample-method = %s\n", pa_resample_method_to_string(c->resample_method));
     pa_strbuf_printf(s, "use-pid-file = %i\n", c->use_pid_file);
     pa_strbuf_printf(s, "system-instance = %i\n", !!c->system_instance);
+#ifdef HAVE_SYS_RESOURCE_H
+    pa_strbuf_printf(s, "rlimit-as = %li\n", c->rlimit_as.is_set ? (long int) c->rlimit_as.value : -1);
+    pa_strbuf_printf(s, "rlimit-core = %li\n", c->rlimit_core.is_set ? (long int) c->rlimit_core.value : -1);
+    pa_strbuf_printf(s, "rlimit-data = %li\n", c->rlimit_data.is_set ? (long int) c->rlimit_data.value : -1);
+    pa_strbuf_printf(s, "rlimit-fsize = %li\n", c->rlimit_fsize.is_set ? (long int) c->rlimit_fsize.value : -1);
+    pa_strbuf_printf(s, "rlimit-nofile = %li\n", c->rlimit_nofile.is_set ? (long int) c->rlimit_nofile.value : -1);
+    pa_strbuf_printf(s, "rlimit-stack = %li\n", c->rlimit_stack.is_set ? (long int) c->rlimit_stack.value : -1);
+#ifdef RLIMIT_NPROC
+    pa_strbuf_printf(s, "rlimit-nproc = %li\n", c->rlimit_nproc.is_set ? (long int) c->rlimit_nproc.value : -1);
+#endif
+#ifdef RLIMIT_MEMLOCK
+    pa_strbuf_printf(s, "rlimit-memlock = %li\n", c->rlimit_memlock.is_set ? (long int) c->rlimit_memlock.value : -1);
+#endif
+#endif
     
     return pa_strbuf_tostring_free(s);
 }

diff --git a/src/daemon/daemon-conf.h b/src/daemon/daemon-conf.h
index bfea735833bcc1f473eca5d55d0add56515b315f..a09773f14ce7cba9e304507d52be3fa977e2c04d 100644 (file)
--- a/src/daemon/daemon-conf.h
+++ b/src/daemon/daemon-conf.h
@@ -24,6 +24,10 @@
 
 #include <pulsecore/log.h>
 
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+
 /* The actual command to execute */
 typedef enum pa_daemon_conf_cmd {
     PA_CMD_DAEMON,  /* the default */
@@ -35,6 +39,13 @@ typedef enum pa_daemon_conf_cmd {
     PA_CMD_CHECK
 } pa_daemon_conf_cmd_t;
 
+#ifdef HAVE_SYS_RESOURCE_H
+typedef struct pa_rlimit {
+    rlim_t value;
+    int is_set;
+} pa_rlimit;
+#endif
+
 /* A structure containing configuration data for the PulseAudio server . */
 typedef struct pa_daemon_conf {
     pa_daemon_conf_cmd_t cmd;
@@ -53,6 +64,17 @@ typedef struct pa_daemon_conf {
     pa_log_level_t log_level;
     int resample_method;
     char *config_file;
+    
+#ifdef HAVE_SYS_RESOURCE_H
+    pa_rlimit rlimit_as, rlimit_core, rlimit_data, rlimit_fsize, rlimit_nofile, rlimit_stack;
+#ifdef RLIMIT_NPROC
+    pa_rlimit rlimit_nproc;
+#endif
+#ifdef RLIMIT_MEMLOCK
+    pa_rlimit rlimit_memlock;
+#endif
+#endif
+    
 } pa_daemon_conf;
 
 /* Allocate a new structure and fill it with sane defaults */

diff --git a/src/daemon/daemon.conf.in b/src/daemon/daemon.conf.in
index 30628969e877ba73b7c2adc969164a1f64301a0b..787405f8f143e60d8429601172dd726287e80295 100644 (file)
--- a/src/daemon/daemon.conf.in
+++ b/src/daemon/daemon.conf.in
@@ -81,3 +81,13 @@
 
 ## Run the daemon as system-wide instance, requires root priviliges
 ; system-instance = 0
+
+## Resource limits, see getrlimit(2) for more information
+; rlimit-as = -1
+; rlimit-core = -1
+; rlimit-data = -1
+; rlimit-fsize = -1
+; rlimit-nofile = 25
+; rlimit-stack = -1
+; rlimit-nproc = -1
+; rlimit-memlock = 25

diff --git a/src/daemon/main.c b/src/daemon/main.c
index 63452f6f58428df4cf81d9ccdb3c665d6c2bf04b..517d99845d382442a81e451d2eaa03deb78fc37d 100644 (file)
--- a/src/daemon/main.c
+++ b/src/daemon/main.c
@@ -258,6 +258,37 @@ static int create_runtime_dir(void) {
     return 0;
 }
 
+#ifdef HAVE_SYS_RESOURCE_H
+
+static void set_one_rlimit(const pa_rlimit *r, int resource, const char *name) {
+    struct rlimit rl;
+    assert(r);
+
+    if (!r->is_set)
+        return;
+
+    rl.rlim_cur = rl.rlim_max = r->value;
+
+    if (setrlimit(resource, &rl) < 0)
+        pa_log_warn(__FILE__": setrlimit(%s, (%u, %u)) failed: %s", name, (unsigned) r->value, (unsigned) r->value, pa_cstrerror(errno));
+}
+
+static void set_all_rlimits(const pa_daemon_conf *conf) {
+    set_one_rlimit(&conf->rlimit_as, RLIMIT_AS, "RLIMIT_AS");
+    set_one_rlimit(&conf->rlimit_core, RLIMIT_CORE, "RLIMIT_CORE");
+    set_one_rlimit(&conf->rlimit_data, RLIMIT_DATA, "RLIMIT_DATA");
+    set_one_rlimit(&conf->rlimit_fsize, RLIMIT_FSIZE, "RLIMIT_FSIZE");
+    set_one_rlimit(&conf->rlimit_nofile, RLIMIT_NOFILE, "RLIMIT_NOFILE");
+    set_one_rlimit(&conf->rlimit_stack, RLIMIT_STACK, "RLIMIT_STACK");
+#ifdef RLIMIT_NPROC
+    set_one_rlimit(&conf->rlimit_nproc, RLIMIT_NPROC, "RLIMIT_NPROC");
+#endif
+#ifdef RLIMIT_MEMLOCK
+    set_one_rlimit(&conf->rlimit_memlock, RLIMIT_MEMLOCK, "RLIMIT_MEMLOCK");
+#endif
+}
+#endif
+
 int main(int argc, char *argv[]) {
     pa_core *c;
     pa_strbuf *buf = NULL;
@@ -335,7 +366,7 @@ int main(int argc, char *argv[]) {
 
     if (suid_root)
         pa_drop_root();
-    
+
     if (conf->dl_search_path)
         lt_dlsetsearchpath(conf->dl_search_path);
 
@@ -502,6 +533,10 @@ int main(int argc, char *argv[]) {
         valid_pid_file = 1;
     }
 
+#ifdef HAVE_SYS_RESOURCE_H
+    set_all_rlimits(conf);
+#endif
+    
 #ifdef SIGPIPE
     signal(SIGPIPE, SIG_IGN);
 #endif

diff --git a/todo b/todo
index 0173ccd92bfb55bc8a54d648b86c5a208ca00d35..cdc9737333fd84b6fd37ebf11d8ecffa37a94f04 100644 (file)
--- a/todo
+++ b/todo
@@ -35,7 +35,7 @@ Post 0.9.0:
 - key rings for auth
 - challenge response auth
 - sasl auth 
-- setrlimit
+- IP ACLs
 
 Long term:
 - pass meta info for hearing impaired