[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 32/34] scripts/kvm/kvm_stat: Fix rlimit for unprivil
|
From: |
Janosch Frank |
|
Subject: |
[Qemu-devel] [PATCH 32/34] scripts/kvm/kvm_stat: Fix rlimit for unprivileged users |
|
Date: |
Thu, 10 Dec 2015 13:13:02 +0100 |
Setting the hard limit as a unprivileged user either returns an error
when it is higher than the current one or irreversibly sets it lower.
Therefore we leave the hardlimit untouched as long as we don't need to
raise it as this needs CAP_SYS_RESOURCE.
This gives admins the possibility to run the script as an unprivileged
user to increase security.
---
scripts/kvm/kvm_stat | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/scripts/kvm/kvm_stat b/scripts/kvm/kvm_stat
index ee4cf31..616ecb4 100755
--- a/scripts/kvm/kvm_stat
+++ b/scripts/kvm/kvm_stat
@@ -413,11 +413,19 @@ class TracepointProvider(object):
# The constant is needed as a buffer for python libs, std
# streams and other files that the script opens.
- rlimit = len(cpus) * len(self._fields) + 50
+ newlim = len(cpus) * len(self._fields) + 50
try:
- resource.setrlimit(resource.RLIMIT_NOFILE, (rlimit, rlimit))
+ softlim_, hardlim = resource.getrlimit(resource.RLIMIT_NOFILE)
+
+ if hardlim < newlim:
+ # Now we need CAP_SYS_RESOURCE, to increase the hard limit.
+ resource.setrlimit(resource.RLIMIT_NOFILE, (newlim, newlim))
+ else:
+ # Raising the soft limit is sufficient.
+ resource.setrlimit(resource.RLIMIT_NOFILE, (newlim, hardlim))
+
except ValueError:
- sys.exit("NOFILE rlimit could not be raised to {0}".format(rlimit))
+ sys.exit("NOFILE rlimit could not be raised to {0}".format(newlim))
for cpu in cpus:
group = Group()
--
2.3.0
- [Qemu-devel] [PATCH 00/34] kvm_stat: Cleanup and fixup, Janosch Frank, 2015/12/10
- [Qemu-devel] [PATCH 02/34] scripts/kvm/kvm_stat: Replaced os.listdir with os.walk, Janosch Frank, 2015/12/10
- [Qemu-devel] [PATCH 01/34] scripts/kvm/kvm_stat: Cleanup of multiple imports, Janosch Frank, 2015/12/10
- [Qemu-devel] [PATCH 05/34] scripts/kvm/kvm_stat: Mark globals in functions, Janosch Frank, 2015/12/10
- [Qemu-devel] [PATCH 14/34] scripts/kvm/kvm_stat: Set sensible no. files rlimit, Janosch Frank, 2015/12/10
- [Qemu-devel] [PATCH 12/34] scripts/kvm/kvm_stat: Moved DebugfsProvider, Janosch Frank, 2015/12/10
- [Qemu-devel] [PATCH 32/34] scripts/kvm/kvm_stat: Fix rlimit for unprivileged users,
Janosch Frank <=
- [Qemu-devel] [PATCH 13/34] scripts/kvm/kvm_stat: Fixup syscall error reporting, Janosch Frank, 2015/12/10
- [Qemu-devel] [PATCH 34/34] scripts/kvm/kvm_stat: Add interactive filtering, Janosch Frank, 2015/12/10
- [Qemu-devel] [PATCH 03/34] scripts/kvm/kvm_stat: Make constants uppercase, Janosch Frank, 2015/12/10
- [Qemu-devel] [PATCH 17/34] scripts/kvm/kvm_stat: Rename _perf_event_open, Janosch Frank, 2015/12/10
- [Qemu-devel] [PATCH 18/34] scripts/kvm/kvm_stat: Introduce properties for providers, Janosch Frank, 2015/12/10
- [Qemu-devel] [PATCH 21/34] scripts/kvm/kvm_stat: Encapsulate filters variable, Janosch Frank, 2015/12/10
- [Qemu-devel] [PATCH 23/34] scripts/kvm/kvm_stat: Cleanup of Groups class, Janosch Frank, 2015/12/10
- [Qemu-devel] [PATCH 16/34] scripts/kvm/kvm_stat: Make cpu detection a function, Janosch Frank, 2015/12/10
- [Qemu-devel] [PATCH 22/34] scripts/kvm/kvm_stat: Cleanup of Stats class, Janosch Frank, 2015/12/10
- [Qemu-devel] [PATCH 26/34] scripts/kvm/kvm_stat: Remove unneeded X86_EXIT_REASONS, Janosch Frank, 2015/12/10