Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Add support for mremap, which fixes some memory issues so we can decrease the amount of available memory for each process |
---|---|
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
b7941c450fc965646dd113d5195f84bb |
User & Date: | rkeene 2020-09-02 18:05:24 |
Context
2020-09-02
| ||
20:07 | Add S/MIME patch check-in: 058bbf6b95 user: rkeene tags: trunk | |
18:05 | Add support for mremap, which fixes some memory issues so we can decrease the amount of available memory for each process check-in: b7941c450f user: rkeene tags: trunk | |
2020-08-25
| ||
16:35 | Ensure SSL certificate directory is set to correct location for LibreSSL check-in: e345857571 user: rkeene tags: trunk | |
Changes
Changes to scripts/fossil-as-user/filter.seccomp.
49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
getrlimit getuid ioctl lseek mmap mprotect munmap open fcntl read pread64 pwrite64 getdents readlink |
> |
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
getrlimit
getuid
ioctl
lseek
mmap
mprotect
munmap
mremap
open
fcntl
read
pread64
pwrite64
getdents
readlink
|
Changes to scripts/fossil-as-user/secure-wrap.c.
136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 |
limit.rlim_cur = 300; limit.rlim_max = 300; check(setrlimit(RLIMIT_CPU, &limit)); /** ** Allow a reasonable amount of RAM **/ limit.rlim_cur = 1024 * 1024 * 1024LU; limit.rlim_max = 1024 * 1024 * 1024LU; check(setrlimit(RLIMIT_DATA, &limit)); check(setrlimit(RLIMIT_RSS, &limit)); limit.rlim_cur = 1024 * 1024 * 16LU; limit.rlim_max = 1024 * 1024 * 16LU; check(setrlimit(RLIMIT_STACK, &limit)); limit.rlim_cur = 1024 * 1024 * 8192LU; limit.rlim_max = 1024 * 1024 * 8192LU; check(setrlimit(RLIMIT_AS, &limit)); /* * Drop privileges */ |
> > > > | | > > > > > > |
136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 |
limit.rlim_cur = 300; limit.rlim_max = 300; check(setrlimit(RLIMIT_CPU, &limit)); /** ** Allow a reasonable amount of RAM **/ /*** *** 512MiB of available memory ***/ limit.rlim_cur = 1024 * 1024 * 512LU; limit.rlim_max = 1024 * 1024 * 512LU; check(setrlimit(RLIMIT_DATA, &limit)); check(setrlimit(RLIMIT_RSS, &limit)); /*** *** 16MiB of stack space ***/ limit.rlim_cur = 1024 * 1024 * 16LU; limit.rlim_max = 1024 * 1024 * 16LU; check(setrlimit(RLIMIT_STACK, &limit)); /*** *** 8GiB of Address Space ***/ limit.rlim_cur = 1024 * 1024 * 8192LU; limit.rlim_max = 1024 * 1024 * 8192LU; check(setrlimit(RLIMIT_AS, &limit)); /* * Drop privileges */ |