[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v2 31/34] scripts/kvm/kvm_stat: Fix rlimit for unpri
|
From: |
Janosch Frank |
|
Subject: |
[Qemu-devel] [PATCH v2 31/34] scripts/kvm/kvm_stat: Fix rlimit for unprivileged users |
|
Date: |
Mon, 11 Jan 2016 16:18:01 +0100 |
Setting the hard limit as a unprivileged user either returns an error
when it is higher than the current one or irreversibly sets it lower.
Therefore we leave the hardlimit untouched as long as we don't need to
raise it as this needs CAP_SYS_RESOURCE.
This gives admins the possibility to run the script as an unprivileged
user to increase security.
Signed-off-by: Janosch Frank <address@hidden>
---
scripts/kvm/kvm_stat | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/scripts/kvm/kvm_stat b/scripts/kvm/kvm_stat
index e71fbef..bab831d 100755
--- a/scripts/kvm/kvm_stat
+++ b/scripts/kvm/kvm_stat
@@ -434,11 +434,19 @@ class TracepointProvider(object):
# The constant is needed as a buffer for python libs, std
# streams and other files that the script opens.
- rlimit = len(cpus) * len(self._fields) + 50
+ newlim = len(cpus) * len(self._fields) + 50
try:
- resource.setrlimit(resource.RLIMIT_NOFILE, (rlimit, rlimit))
+ softlim_, hardlim = resource.getrlimit(resource.RLIMIT_NOFILE)
+
+ if hardlim < newlim:
+ # Now we need CAP_SYS_RESOURCE, to increase the hard limit.
+ resource.setrlimit(resource.RLIMIT_NOFILE, (newlim, newlim))
+ else:
+ # Raising the soft limit is sufficient.
+ resource.setrlimit(resource.RLIMIT_NOFILE, (newlim, hardlim))
+
except ValueError:
- sys.exit("NOFILE rlimit could not be raised to {0}".format(rlimit))
+ sys.exit("NOFILE rlimit could not be raised to {0}".format(newlim))
for cpu in cpus:
group = Group()
--
2.3.0
- [Qemu-devel] [PATCH v2 25/34] scripts/kvm/kvm_stat: Group arch specific data, (continued)
- [Qemu-devel] [PATCH v2 25/34] scripts/kvm/kvm_stat: Group arch specific data, Janosch Frank, 2016/01/11
- [Qemu-devel] [PATCH v2 04/34] scripts/kvm/kvm_stat: Removed unneeded PERF constants, Janosch Frank, 2016/01/11
- [Qemu-devel] [PATCH v2 02/34] scripts/kvm/kvm_stat: Replaced os.listdir with os.walk, Janosch Frank, 2016/01/11
- [Qemu-devel] [PATCH v2 08/34] scripts/kvm/kvm_stat: Improve debugfs access checking, Janosch Frank, 2016/01/11
- [Qemu-devel] [PATCH v2 29/34] scripts/kvm/kvm_stat: Cleanup and pre-init perf_event_attr, Janosch Frank, 2016/01/11
- [Qemu-devel] [PATCH v2 03/34] scripts/kvm/kvm_stat: Make constants uppercase, Janosch Frank, 2016/01/11
- [Qemu-devel] [PATCH v2 06/34] scripts/kvm/kvm_stat: Invert dictionaries, Janosch Frank, 2016/01/11
- [Qemu-devel] [PATCH v2 10/34] scripts/kvm/kvm_stat: Fix spaces around keyword assignments, Janosch Frank, 2016/01/11
- [Qemu-devel] [PATCH v2 22/34] scripts/kvm/kvm_stat: Cleanup of Stats class, Janosch Frank, 2016/01/11
- [Qemu-devel] [PATCH v2 30/34] scripts/kvm/kvm_stat: Read event values as u64, Janosch Frank, 2016/01/11
- [Qemu-devel] [PATCH v2 31/34] scripts/kvm/kvm_stat: Fix rlimit for unprivileged users,
Janosch Frank <=
- [Qemu-devel] [PATCH v2 13/34] scripts/kvm/kvm_stat: Fixup syscall error reporting, Janosch Frank, 2016/01/11
- [Qemu-devel] [PATCH v2 05/34] scripts/kvm/kvm_stat: Mark globals in functions, Janosch Frank, 2016/01/11
- [Qemu-devel] [PATCH v2 14/34] scripts/kvm/kvm_stat: Set sensible no. files rlimit, Janosch Frank, 2016/01/11
- [Qemu-devel] [PATCH v2 24/34] scripts/kvm/kvm_stat: Cleanup of Event class, Janosch Frank, 2016/01/11
- [Qemu-devel] [PATCH v2 20/34] scripts/kvm/kvm_stat: Cleanup cpu list retrieval, Janosch Frank, 2016/01/11
- [Qemu-devel] [PATCH v2 34/34] scripts/kvm/kvm_stat: Add optparse description, Janosch Frank, 2016/01/11
- [Qemu-devel] [PATCH v2 21/34] scripts/kvm/kvm_stat: Encapsulate filters variable, Janosch Frank, 2016/01/11
- [Qemu-devel] [PATCH v2 27/34] scripts/kvm/kvm_stat: Make tui function a class, Janosch Frank, 2016/01/11
- [Qemu-devel] [PATCH v2 28/34] scripts/kvm/kvm_stat: Fix output formatting, Janosch Frank, 2016/01/11