Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Allow some users to use more RAM |
---|---|
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
1738f536ee2de0dc36895e3712fda052 |
User & Date: | rkeene 2021-07-28 14:30:49.980 |
Context
2024-10-14
| ||
14:06 | Upgrade to latest version of Fossil check-in: 897ed7c4b4 user: rkeene tags: trunk | |
2021-07-28
| ||
14:30 | Allow some users to use more RAM check-in: 1738f536ee user: rkeene tags: trunk | |
2020-09-03
| ||
13:26 | Add patch to fix browser semantics check-in: 708ffba4da user: rkeene tags: trunk | |
Changes
Changes to scripts/fossil-as-user/secure-wrap.c.
︙ | ︙ | |||
48 49 50 51 52 53 54 55 56 57 58 59 60 61 | int main(int argc, char **argv) { const char *directory, *program; char *id_string; unsigned long id; struct rlimit limit; unsigned int tmp_fd; if (argc < 4) { fprintf(stderr, "usage: secure-wrap <id> <directory> <program> [<args>...]\n"); return(2); } | > | 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 | int main(int argc, char **argv) { const char *directory, *program; char *id_string; unsigned long id; struct rlimit limit; unsigned int tmp_fd; int unconstrained_user = 0; if (argc < 4) { fprintf(stderr, "usage: secure-wrap <id> <directory> <program> [<args>...]\n"); return(2); } |
︙ | ︙ | |||
73 74 75 76 77 78 79 80 81 82 83 84 85 86 | directory = argv[1]; argc--; argv++; program = argv[1]; argc--; argv++; /* * chroot */ check(chdir(directory)); check(chroot(directory)); check(chdir("/")); | > > > > > > > | 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 | directory = argv[1]; argc--; argv++; program = argv[1]; argc--; argv++; /* * Determine if the user should be constrained */ if (getenv("SUID_FOSSIL_UNCONSTRAINED") != NULL) { unconstrained_user = 1; } /* * chroot */ check(chdir(directory)); check(chroot(directory)); check(chdir("/")); |
︙ | ︙ | |||
138 139 140 141 142 143 144 | check(setrlimit(RLIMIT_CPU, &limit)); /** ** Allow a reasonable amount of RAM **/ /*** | | > > > > | | > | 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 | check(setrlimit(RLIMIT_CPU, &limit)); /** ** Allow a reasonable amount of RAM **/ /*** *** 512MiB of available memory (unless unconstrained user) ***/ if (unconstrained_user) { limit.rlim_cur = 1024 * 1024 * 1024 * 4LU; limit.rlim_max = 1024 * 1024 * 1024 * 4LU; } else { limit.rlim_cur = 1024 * 1024 * 512LU; limit.rlim_max = 1024 * 1024 * 512LU; } check(setrlimit(RLIMIT_DATA, &limit)); check(setrlimit(RLIMIT_RSS, &limit)); /*** *** 16MiB of stack space ***/ limit.rlim_cur = 1024 * 1024 * 16LU; |
︙ | ︙ |