sandboxed_api/sandbox2/limits.h - platform/external/sandboxed-api - Git at Google

 // Copyright 2019 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     https://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 // The sandbox2::Limits class defined various client- and sandbox- side limits
 // which are applied to the execution process of sandboxees.

 #ifndef SANDBOXED_API_SANDBOX2_LIMITS_H_
 #define SANDBOXED_API_SANDBOX2_LIMITS_H_

 #include <sys/resource.h>

 #include <cstdint>
 #include <ctime>

 #include "absl/base/macros.h"
 #include "absl/time/time.h"

 namespace sandbox2 {

 class Limits final {
  public:
   Limits() = default;

   Limits(const Limits&) = delete;
   Limits& operator=(const Limits&) = delete;

   // rlimits getters/setters.
   //
   // Use RLIM64_INFINITY for unlimited values, but remember that some of those
   // cannot exceed system limits (e.g. RLIMIT_NOFILE).
   const rlimit64& rlimit_as() const { return rlimit_as_; }
   Limits& set_rlimit_as(const rlimit64& value) {
     rlimit_as_ = value;
     return *this;
   }
   Limits& set_rlimit_as(uint64_t value) {
     rlimit_as_ = MakeRlimit64(value);
     return *this;
   }

   const rlimit64& rlimit_cpu() const { return rlimit_cpu_; }
   Limits& set_rlimit_cpu(const rlimit64& value) {
     rlimit_cpu_ = value;
     return *this;
   }
   Limits& set_rlimit_cpu(uint64_t value) {
     rlimit_cpu_ = MakeRlimit64(value);
     return *this;
   }

   const rlimit64& rlimit_fsize() const { return rlimit_fsize_; }
   Limits& set_rlimit_fsize(const rlimit64& value) {
     rlimit_fsize_ = value;
     return *this;
   }
   Limits& set_rlimit_fsize(uint64_t value) {
     rlimit_fsize_ = MakeRlimit64(value);
     return *this;
   }

   const rlimit64& rlimit_nofile() const { return rlimit_nofile_; }
   Limits& set_rlimit_nofile(const rlimit64& value) {
     rlimit_nofile_ = value;
     return *this;
   }
   Limits& set_rlimit_nofile(uint64_t value) {
     rlimit_nofile_ = MakeRlimit64(value);
     return *this;
   }

   const rlimit64& rlimit_core() const { return rlimit_core_; }
   Limits& set_rlimit_core(const rlimit64& value) {
     rlimit_core_ = value;
     return *this;
   }
   Limits& set_rlimit_core(uint64_t value) {
     rlimit_core_ = MakeRlimit64(value);
     return *this;
   }

   // Sets a wall time limit on an executor before running it. Set to
   // absl::ZeroDuration() to disarm.  The walltime limit is a timeout duration
   // (e.g. 10 secs) not a deadline (e.g. 12:00). This can be useful in a simple
   // scenario to set a wall limit before running the sandboxee, run the
   // sandboxee, and expect it to finish within the limit. For an example, see
   // examples/crc4.
   Limits& set_walltime_limit(absl::Duration value) {
     wall_time_limit_ = value;
     return *this;
   }
   absl::Duration wall_time_limit() const { return wall_time_limit_; }

  private:
   constexpr rlimit64 MakeRlimit64(uint64_t value) {
     return {.rlim_cur = value, .rlim_max = value};
   }

   // Address space size of a process, if big enough (say, above 512M), this
   // will be a rough approximation of the maximum RAM usage by the sandboxed
   // process.
   rlimit64 rlimit_as_ = MakeRlimit64(RLIM64_INFINITY);

   // CPU time, measured in seconds. This limit might be triggered faster than
   // the wall-time limit, if many threads are used.
   rlimit64 rlimit_cpu_ = MakeRlimit64(1024 /* seconds */);

   // Total number of bytes that can be written to the filesystem by the process
   // (creating empty files is not considered writing).
   rlimit64 rlimit_fsize_ = MakeRlimit64(8ULL << 30 /* 8GiB */);

   // Number of NEW file descriptors which can be obtained by a process. 0
   // means that no new descriptors (files, sockets) can be created.
   rlimit64 rlimit_nofile_ = MakeRlimit64(1024);

   // Size of a core file which is allowed to be created. The default value of
   // zero disables the creation of core files. Unless you have special
   // requirements, this should not be changed.
   rlimit64 rlimit_core_ = MakeRlimit64(0);

   // Wall-time limit (local to Monitor). Depending on the sandboxed load, this
   // one, or RLIMIT_CPU limit might be triggered faster (see
   // https://en.wikipedia.org/wiki/Time_(Unix)#Real_time_vs_CPU_time).
   absl::Duration wall_time_limit_ = absl::Seconds(120);
 };

 }  // namespace sandbox2

 #endif  // SANDBOXED_API_SANDBOX2_LIMITS_H_
	// Copyright 2019 Google LLC
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// https://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	// The sandbox2::Limits class defined various client- and sandbox- side limits
	// which are applied to the execution process of sandboxees.

	#ifndef SANDBOXED_API_SANDBOX2_LIMITS_H_
	#define SANDBOXED_API_SANDBOX2_LIMITS_H_

	#include <sys/resource.h>

	#include <cstdint>
	#include <ctime>

	#include "absl/base/macros.h"
	#include "absl/time/time.h"

	namespace sandbox2 {

	class Limits final {
	public:
	Limits() = default;

	Limits(const Limits&) = delete;
	Limits& operator=(const Limits&) = delete;

	// rlimits getters/setters.
	//
	// Use RLIM64_INFINITY for unlimited values, but remember that some of those
	// cannot exceed system limits (e.g. RLIMIT_NOFILE).
	const rlimit64& rlimit_as() const { return rlimit_as_; }
	Limits& set_rlimit_as(const rlimit64& value) {
	rlimit_as_ = value;
	return *this;
	}
	Limits& set_rlimit_as(uint64_t value) {
	rlimit_as_ = MakeRlimit64(value);
	return *this;
	}

	const rlimit64& rlimit_cpu() const { return rlimit_cpu_; }
	Limits& set_rlimit_cpu(const rlimit64& value) {
	rlimit_cpu_ = value;
	return *this;
	}
	Limits& set_rlimit_cpu(uint64_t value) {
	rlimit_cpu_ = MakeRlimit64(value);
	return *this;
	}

	const rlimit64& rlimit_fsize() const { return rlimit_fsize_; }
	Limits& set_rlimit_fsize(const rlimit64& value) {
	rlimit_fsize_ = value;
	return *this;
	}
	Limits& set_rlimit_fsize(uint64_t value) {
	rlimit_fsize_ = MakeRlimit64(value);
	return *this;
	}

	const rlimit64& rlimit_nofile() const { return rlimit_nofile_; }
	Limits& set_rlimit_nofile(const rlimit64& value) {
	rlimit_nofile_ = value;
	return *this;
	}
	Limits& set_rlimit_nofile(uint64_t value) {
	rlimit_nofile_ = MakeRlimit64(value);
	return *this;
	}

	const rlimit64& rlimit_core() const { return rlimit_core_; }
	Limits& set_rlimit_core(const rlimit64& value) {
	rlimit_core_ = value;
	return *this;
	}
	Limits& set_rlimit_core(uint64_t value) {
	rlimit_core_ = MakeRlimit64(value);
	return *this;
	}

	// Sets a wall time limit on an executor before running it. Set to
	// absl::ZeroDuration() to disarm. The walltime limit is a timeout duration
	// (e.g. 10 secs) not a deadline (e.g. 12:00). This can be useful in a simple
	// scenario to set a wall limit before running the sandboxee, run the
	// sandboxee, and expect it to finish within the limit. For an example, see
	// examples/crc4.
	Limits& set_walltime_limit(absl::Duration value) {
	wall_time_limit_ = value;
	return *this;
	}
	absl::Duration wall_time_limit() const { return wall_time_limit_; }

	private:
	constexpr rlimit64 MakeRlimit64(uint64_t value) {
	return {.rlim_cur = value, .rlim_max = value};
	}

	// Address space size of a process, if big enough (say, above 512M), this
	// will be a rough approximation of the maximum RAM usage by the sandboxed
	// process.
	rlimit64 rlimit_as_ = MakeRlimit64(RLIM64_INFINITY);

	// CPU time, measured in seconds. This limit might be triggered faster than
	// the wall-time limit, if many threads are used.
	rlimit64 rlimit_cpu_ = MakeRlimit64(1024 /* seconds */);

	// Total number of bytes that can be written to the filesystem by the process
	// (creating empty files is not considered writing).
	rlimit64 rlimit_fsize_ = MakeRlimit64(8ULL << 30 /* 8GiB */);

	// Number of NEW file descriptors which can be obtained by a process. 0
	// means that no new descriptors (files, sockets) can be created.
	rlimit64 rlimit_nofile_ = MakeRlimit64(1024);

	// Size of a core file which is allowed to be created. The default value of
	// zero disables the creation of core files. Unless you have special
	// requirements, this should not be changed.
	rlimit64 rlimit_core_ = MakeRlimit64(0);

	// Wall-time limit (local to Monitor). Depending on the sandboxed load, this
	// one, or RLIMIT_CPU limit might be triggered faster (see
	// https://en.wikipedia.org/wiki/Time_(Unix)#Real_time_vs_CPU_time).
	absl::Duration wall_time_limit_ = absl::Seconds(120);
	};

	} // namespace sandbox2

	#endif // SANDBOXED_API_SANDBOX2_LIMITS_H_