Re: nginx.conf file limits

Mon, 21 Apr 2014 04:11:26 -0700 

Hi, would you like to add RLIMIT_NPROC setting to nginx.conf?

Because I do not want/need nginx child run any command/fork
so, I want set RLIMIT_NPROC=0 to nginx child process, but nginx ignore
/etc/login.conf setting.

Thank you.

Index: src/core/nginx.c
===================================================================
RCS file: /cvs/src/usr.sbin/nginx/src/core/nginx.c,v
retrieving revision 1.8
diff -u -u -r1.8 nginx.c
--- src/core/nginx.c    15 May 2013 18:52:00 -0000    1.8
+++ src/core/nginx.c    21 Apr 2014 10:49:29 -0000
@@ -104,6 +104,13 @@
       0,
       NULL },

+    { ngx_string("worker_rlimit_nproc"),
+      NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_num_slot,
+      0,
+      offsetof(ngx_core_conf_t, rlimit_nproc),
+      NULL },
+
     { ngx_string("worker_rlimit_nofile"),
       NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1,
       ngx_conf_set_num_slot,
@@ -963,6 +970,7 @@
     ccf->worker_processes = NGX_CONF_UNSET;
     ccf->debug_points = NGX_CONF_UNSET;

+    ccf->rlimit_nproc = NGX_CONF_UNSET;
     ccf->rlimit_nofile = NGX_CONF_UNSET;
     ccf->rlimit_core = NGX_CONF_UNSET;
     ccf->rlimit_sigpending = NGX_CONF_UNSET;
Index: src/core/ngx_cycle.h
===================================================================
RCS file: /cvs/src/usr.sbin/nginx/src/core/ngx_cycle.h,v
retrieving revision 1.5
diff -u -u -r1.5 ngx_cycle.h
--- src/core/ngx_cycle.h    1 Jun 2013 16:12:54 -0000    1.5
+++ src/core/ngx_cycle.h    21 Apr 2014 10:49:29 -0000
@@ -79,6 +79,7 @@
      ngx_int_t                worker_processes;
      ngx_int_t                debug_points;

+     ngx_int_t                rlimit_nproc;
      ngx_int_t                rlimit_nofile;
      ngx_int_t                rlimit_sigpending;
      off_t                    rlimit_core;
Index: src/os/unix/ngx_process_cycle.c
===================================================================
RCS file: /cvs/src/usr.sbin/nginx/src/os/unix/ngx_process_cycle.c,v
retrieving revision 1.12
diff -u -u -r1.12 ngx_process_cycle.c
--- src/os/unix/ngx_process_cycle.c    15 May 2013 18:52:01 -0000    1.12
+++ src/os/unix/ngx_process_cycle.c    21 Apr 2014 10:49:30 -0000
@@ -950,6 +950,17 @@
                           ccf->username, ccf->group);
         }

+    if (ccf->rlimit_nproc != NGX_CONF_UNSET) {
+            rlmt.rlim_cur = (rlim_t) ccf->rlimit_nproc;
+            rlmt.rlim_max = (rlim_t) ccf->rlimit_nproc;
+
+        if (setrlimit(RLIMIT_NPROC, &rlmt) == -1) {
+                ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno,
+                "setrlimit(RLIMIT_NPROC, %i) failed",
+                ccf->rlimit_nproc);
+        }
+    }
+
         if (setuid(ccf->user) == -1) {
             ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
                           "setuid(%d) failed", ccf->user);

Index: src/core/nginx.c
===================================================================
RCS file: /cvs/src/usr.sbin/nginx/src/core/nginx.c,v
retrieving revision 1.8
diff -u -u -r1.8 nginx.c
--- src/core/nginx.c    15 May 2013 18:52:00 -0000      1.8
+++ src/core/nginx.c    21 Apr 2014 10:49:29 -0000
@@ -104,6 +104,13 @@
       0,
       NULL },
 
+    { ngx_string("worker_rlimit_nproc"),
+      NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_num_slot,
+      0,
+      offsetof(ngx_core_conf_t, rlimit_nproc),
+      NULL },
+
     { ngx_string("worker_rlimit_nofile"),
       NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1,
       ngx_conf_set_num_slot,
@@ -963,6 +970,7 @@
     ccf->worker_processes = NGX_CONF_UNSET;
     ccf->debug_points = NGX_CONF_UNSET;
 
+    ccf->rlimit_nproc = NGX_CONF_UNSET;
     ccf->rlimit_nofile = NGX_CONF_UNSET;
     ccf->rlimit_core = NGX_CONF_UNSET;
     ccf->rlimit_sigpending = NGX_CONF_UNSET;
Index: src/core/ngx_cycle.h
===================================================================
RCS file: /cvs/src/usr.sbin/nginx/src/core/ngx_cycle.h,v
retrieving revision 1.5
diff -u -u -r1.5 ngx_cycle.h
--- src/core/ngx_cycle.h        1 Jun 2013 16:12:54 -0000       1.5
+++ src/core/ngx_cycle.h        21 Apr 2014 10:49:29 -0000
@@ -79,6 +79,7 @@
      ngx_int_t                worker_processes;
      ngx_int_t                debug_points;
 
+     ngx_int_t                rlimit_nproc;
      ngx_int_t                rlimit_nofile;
      ngx_int_t                rlimit_sigpending;
      off_t                    rlimit_core;
Index: src/os/unix/ngx_process_cycle.c
===================================================================
RCS file: /cvs/src/usr.sbin/nginx/src/os/unix/ngx_process_cycle.c,v
retrieving revision 1.12
diff -u -u -r1.12 ngx_process_cycle.c
--- src/os/unix/ngx_process_cycle.c     15 May 2013 18:52:01 -0000      1.12
+++ src/os/unix/ngx_process_cycle.c     21 Apr 2014 10:49:30 -0000
@@ -950,6 +950,17 @@
                           ccf->username, ccf->group);
         }
 
+       if (ccf->rlimit_nproc != NGX_CONF_UNSET) {
+            rlmt.rlim_cur = (rlim_t) ccf->rlimit_nproc;
+            rlmt.rlim_max = (rlim_t) ccf->rlimit_nproc;
+
+           if (setrlimit(RLIMIT_NPROC, &rlmt) == -1) {
+                ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno,
+                               "setrlimit(RLIMIT_NPROC, %i) failed",
+                               ccf->rlimit_nproc);
+           }
+       }
+
         if (setuid(ccf->user) == -1) {
             ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
                           "setuid(%d) failed", ccf->user);

Reply via email to