Resource limit question
I have set a hard limit on memoryuse to 1 (10M). limits (or
ulimit -a) shows the limit but, it doesn't seem to be working.
For example, with the limit set the following bit of code
/* Name: tst.c */
#include
#include
#include
#include
static char x[20*1024*1024];
int main()
{
int i;
struct rlimit limit;
getrlimit(RLIMIT_RSS, &limit);
printf("RSS limit curr, max: %d, %d\n", limit.rlim_cur, limit.rlim_max);
if (! malloc(2000))
printf("malloc not successfull - good\n");
for (i=0; i < sizeof(x); i+=4096)
x[i] = 1;
system("ps gauxww | grep a.out | grep -v grep");
exit(0);
}
compiled as follows:
cc tst.c
give me the output:
RSS limit curr, max: 1024, 1024
weinberg 25601 11.0 16.2 41000 20836 pts/1 S16:25 0:00 ./a.out
Note the RSS limit of 10M. But the code as a data size of
20M to start and mallocs an additional 20M. What am I missing?
P.S. This is a pure potato system. The limit itself is set by
pam_limits from the limits.conf file. I assume that this part
is fine because the "limits" or "ulimit -a" correctly reports
the values set in limits.conf and /var/log/auth.log reports that
pam has read and set the value (with the debug flag set).
Re: Resource limit question
On Sat, Mar 24, 2001 at 04:29:38PM -0500, Martin Weinberg wrote: > > I have set a hard limit on memoryuse to 1 (10M). limits (or > ulimit -a) shows the limit but, it doesn't seem to be working. > For example, with the limit set the following bit of code > > [sniped code] > > > compiled as follows: > >cc tst.c > > give me the output: > > RSS limit curr, max: 1024, 1024 > weinberg 25601 11.0 16.2 41000 20836 pts/1 S16:25 0:00 ./a.out > > Note the RSS limit of 10M. But the code as a data size of > 20M to start and mallocs an additional 20M. What am I missing? that the kernel does not have a proper bean counter so these resource limits don't work. the only way to limit memory usage is to limit `virtual memory' use ulimit -v or the `as' limit in /etc/security/limits.conf. > P.S. This is a pure potato system. The limit itself is set by > pam_limits from the limits.conf file. I assume that this part > is fine because the "limits" or "ulimit -a" correctly reports > the values set in limits.conf and /var/log/auth.log reports that > pam has read and set the value (with the debug flag set). yup, your not doing anything wrong, the kernel is just broken. its unlikely to be fixed until 2.6 either, at the soonest. -- Ethan Benson http://www.alaska.net/~erbenson/ pgpLJe0r9veZ1.pgp Description: PGP signature
Re: Resource limit question
Ethan Benson wrote on Sat, 24 Mar 2001 14:32:44 -0900 >> I have set a hard limit on memoryuse to 1 (10M). limits (or >> ulimit -a) shows the limit but, it doesn't seem to be working. >> For example, with the limit set the following bit of code > >[sniped code] > >> compiled as follows: >> cc tst.c >> give me the output: >> RSS limit curr, max: 1024, 1024 >> weinberg 25601 11.0 16.2 41000 20836 pts/1 S16:25 0:00 ./a.out >> Note the RSS limit of 10M. But the code as a data size of >> 20M to start and mallocs an additional 20M. What am I missing? > >that the kernel does not have a proper bean counter so these resource >limits don't work. > >the only way to limit memory usage is to limit `virtual memory' use >ulimit -v or the `as' limit in /etc/security/limits.conf. Thanks very much for the info! Good to know. I've been assuming that this has been working for years. I do have a vague recollection that "memoryuse" has worked in the past under Linux, no? Do you, by any chance, have a pointer to the kernel documenation/source tree on this? --Martin
Re: Resource limit question
On Sat, Mar 24, 2001 at 07:35:47PM -0500, Martin Weinberg wrote: > Thanks very much for the info! Good to know. I've been assuming that > this has been working for years. I do have a vague recollection that > "memoryuse" has worked in the past under Linux, no? i don't know > Do you, by any chance, have a pointer to the kernel > documenation/source tree on this? linux-kernel mailing list archives. this has been discussed a few times there. usually when someone reinvents an age old DoS like su `cat /dev/urandom` the answer is always `well of course, set resource limits' `but resource limits on linux are broken' -- Ethan Benson http://www.alaska.net/~erbenson/ pgpJi1iqjTJHL.pgp Description: PGP signature
Re: Resource limit question
on Sat, Mar 24, 2001 at 03:41:22PM -0900, Ethan Benson ([EMAIL PROTECTED]) wrote: > On Sat, Mar 24, 2001 at 07:35:47PM -0500, Martin Weinberg wrote: > > Thanks very much for the info! Good to know. I've been assuming that > > this has been working for years. I do have a vague recollection that > > "memoryuse" has worked in the past under Linux, no? > > i don't know > > > Do you, by any chance, have a pointer to the kernel > > documenation/source tree on this? > > linux-kernel mailing list archives. this has been discussed a few > times there. usually when someone reinvents an age old DoS like su > `cat /dev/urandom` > > the answer is always `well of course, set resource limits' `but > resource limits on linux are broken' Um. I feel stupid asking this, but what resource limits *do* work, and how can user resource limits be imposed at the system level? I've been looking at the bash man pages -- there's no more specific resource utilization interface, is there? My preference would be to be able to limit memory utilization. *Some* form of CPU throttle could also be useful under some circumstances. -- Karsten M. Self http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org pgpzVJx5ydihr.pgp Description: PGP signature
Re: Resource limit question
On Sat, 24 Mar 2001 17:18:24 -0800 "Karsten M. Self" wrote: > Um. I feel stupid asking this, but what resource limits *do* work, and > how can user resource limits be imposed at the system level? I've been > looking at the bash man pages -- there's no more specific resource > utilization interface, is there? > > My preference would be to be able to limit memory utilization. *Some* > form of CPU throttle could also be useful under some circumstances. The only system-wide place I know of is /etc/security/limits.conf. I think they work but I'm not completely sure if they *do* work... -- Christoph Simon [EMAIL PROTECTED] --- ^X^C q quit :q ^C end x exit ZZ ^D ? help shit .
Re: Resource limit question
On Sat, Mar 24, 2001 at 05:18:24PM -0800, Karsten M. Self wrote: > > Um. I feel stupid asking this, but what resource limits *do* work, and per user process limits work (though pam_limits and/or ssh is broken in that you must set it higher then the number of root owned processes for logins to work) core size limits work, cpu utilization works (any process taking more consecutive time then allowed is killed) and virtual memory works. im not sure if anything else works as i don't know of a useful test for each. rss i know for sure is totally ignored by the kernel. > how can user resource limits be imposed at the system level? I've been pam_limits and /etc/security/limits.conf (latter being the config for the former) > looking at the bash man pages -- there's no more specific resource > utilization interface, is there? bash's ulimit command just uses the same resource limit calls any other program will use. some shells just don't provide a command to set the limits, but they are subject to limits set by thier parent (pam_limits). limits are [supposed to be] enforced by the kernel. > My preference would be to be able to limit memory utilization. *Some* > form of CPU throttle could also be useful under some circumstances. ulimit -v is all you got then AFAICT. this is the `as' limit in /etc/security/limits.conf. note that when a process runs into this limit it will just die horribly (killed, segfault etc). as for cpu throttle, you can set the number of seconds a process can take at a given time, so say you set a limit of 60 seconds, your shell will be fine but a password cracker will be killed after 60 seconds (since its constantly sucking the cpu) /me wishes there was more documentation on resource limits, and that they actually worked under linux properly. -- Ethan Benson http://www.alaska.net/~erbenson/ pgp0vhJHlJbx2.pgp Description: PGP signature
