Check-in [b7941c450f]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add support for mremap, which fixes some memory issues so we can decrease the amount of available memory for each process
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: b7941c450fc965646dd113d5195f84bba99d876e
User & Date: rkeene 2020-09-02 18:05:24
Context
2020-09-02
20:07
Add S/MIME patch check-in: 058bbf6b95 user: rkeene tags: trunk
18:05
Add support for mremap, which fixes some memory issues so we can decrease the amount of available memory for each process check-in: b7941c450f user: rkeene tags: trunk
2020-08-25
16:35
Ensure SSL certificate directory is set to correct location for LibreSSL check-in: e345857571 user: rkeene tags: trunk
Changes

Changes to scripts/fossil-as-user/filter.seccomp.

49
50
51
52
53
54
55

56
57
58
59
60
61
62
	    getrlimit
	    getuid
	    ioctl
	    lseek
	    mmap
	    mprotect
	    munmap

	    open
	    fcntl
	    read
	    pread64
	    pwrite64
	    getdents
	    readlink







>







49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
	    getrlimit
	    getuid
	    ioctl
	    lseek
	    mmap
	    mprotect
	    munmap
	    mremap
	    open
	    fcntl
	    read
	    pread64
	    pwrite64
	    getdents
	    readlink

Changes to scripts/fossil-as-user/secure-wrap.c.

136
137
138
139
140
141
142




143
144
145
146
147



148
149
150
151



152
153
154
155
156
157
158
	limit.rlim_cur = 300;
	limit.rlim_max = 300;
	check(setrlimit(RLIMIT_CPU, &limit));

	/**
	 ** Allow a reasonable amount of RAM
	 **/




	limit.rlim_cur = 1024 * 1024 * 1024LU;
	limit.rlim_max = 1024 * 1024 * 1024LU;
	check(setrlimit(RLIMIT_DATA, &limit));
	check(setrlimit(RLIMIT_RSS, &limit));




	limit.rlim_cur = 1024 * 1024 * 16LU;
	limit.rlim_max = 1024 * 1024 * 16LU;
	check(setrlimit(RLIMIT_STACK, &limit));




	limit.rlim_cur = 1024 * 1024 * 8192LU;
	limit.rlim_max = 1024 * 1024 * 8192LU;
	check(setrlimit(RLIMIT_AS, &limit));

	/*
	 * Drop privileges
	 */







>
>
>
>
|
|



>
>
>




>
>
>







136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
	limit.rlim_cur = 300;
	limit.rlim_max = 300;
	check(setrlimit(RLIMIT_CPU, &limit));

	/**
	 ** Allow a reasonable amount of RAM
	 **/

	/***
	 *** 512MiB of available memory
	 ***/
	limit.rlim_cur = 1024 * 1024 * 512LU;
	limit.rlim_max = 1024 * 1024 * 512LU;
	check(setrlimit(RLIMIT_DATA, &limit));
	check(setrlimit(RLIMIT_RSS, &limit));

	/***
	 *** 16MiB of stack space
	 ***/
	limit.rlim_cur = 1024 * 1024 * 16LU;
	limit.rlim_max = 1024 * 1024 * 16LU;
	check(setrlimit(RLIMIT_STACK, &limit));

	/***
	 *** 8GiB of Address Space
	 ***/
	limit.rlim_cur = 1024 * 1024 * 8192LU;
	limit.rlim_max = 1024 * 1024 * 8192LU;
	check(setrlimit(RLIMIT_AS, &limit));

	/*
	 * Drop privileges
	 */