search for: rlimits

I'd like to have something like seq() where I can pass in a length of the desired sequence and a right limit so that the sequence goes up to the limit and then starts again from 1. # works now seq(from=2, length.out=3) [1] 2 3 4 # what I want seq(from=2, length.out=3, rlimit=3) [1] 2 3 1 # additional examples of what I want seq(from=2, length.out=4, rlimit=3) [1] 2 3 1 2 seq(from=2,

Hi all. I have an old windows VM with an oldish cygwin that I use for the regression tests. Investigating one of the test failures, I see that it's for UsePrivilegeSeparation=sandbox, and it seems to be because setrlimit(RLIMIT_FSIZE, ...) is not supported. IMO, this isn't a big loss, since the most useful thing in the rlimit "sandbox" is the descriptor limits. Can anyone see

I didn't see this one applied to the repository yet. It may not be the best patch possible... basic problem is that _LARGEFILE64_SOURCE needs to be defined on Solaris 2.6 if AC_SYS_LARGEFILE ends up doing a '#define _FILE_OFFSET_BITS 64' If _FILE_OFFSET_BITS == 64, then <sys/resource.h> will define a 'struct rlimit64' but NOT define a 'struct rlimit' leading to

I was wondering if the following attack would be feasible once I'm able to break into rlimit sandbox. Because sandboxed process that handles unauthenticated session is running as the 'sshd' user I was wondering if this could be used to jump between processes using ptrace(2). For example if I find a bug in the code executed before authentication I could use ptrace(2) to attach to

Can I configure openssh with --sandbox=seccomp_filter and have it still run on older kernels with sandboxing via rlimit? I'm asking from a linux distro packaging point of view. Does --sandbox=seccomp_filter keep the rlimit sandbox? It looks to me as if I can only link in one of the sandbox plugins. An openssh build with seccomp_filter enabled will probably have no sandbox at all on linux <

This is probably something any SA should know... but I don't! On CentOS 5 I can see what a process's current soft and hard limits are; /proc/<pid>/limits However this isn't in the C4 kernel. Is there any easy way of determining what the process rlimit values are? % uname -a ; cat /etc/redhat-release Linux c4 2.6.20.7 #3 Sun May 2 16:30:15 EDT 2010 i686 i686 i386 GNU/Linux

>>>>> Kirill M?ller <kirill.mueller at ivt.baug.ethz.ch> >>>>> on Wed, 11 May 2016 10:42:56 +0200 writes: > My ulimit package exposes this API ([1], should finally submit it to > CRAN); unfortunately this very API seems to be unsupported on OS X > [2,3]. Last time I looked into it, neither of the documented settings > achieved

Hi, The systrace and rlimit sandboxes have been committed and will be in snapshots dated 20110623 and later. This diff adds support for pre-auth privsep sandboxing using the OS X sandbox_init(3) service. It's a bit disappointing that the OS X developers chose such as namespace-polluting header and function names "sandbox.h", "sandbox_init()", etc. It already forced me to

I am running Dovecot 1.0rc15 on NetBSD 3.1 with only a few connections. It is built from pkgsrc-2006Q3, with mail/dovecot/ updated to HEAD. kqueue is a default build option - I haven't tried without yet. Mail directories/indexes are on a Linux 2.6.16.29 NFS file system, I have set these options and it performs well: mmap_disable=yes lock_method=fcntl FYI. rc7 had very high CPU use with the

..._SYS_TIME_H +#include <sys/time.h> +#endif +#ifdef HAVE_SYS_RESOURCE_H +#include <sys/resource.h> +#endif + #include "guestfs.h" #include "guestfs-internal.h" @@ -101,6 +108,12 @@ struct buffering { void (*close_data) (struct command *cmd); }; +struct child_rlimits { + struct child_rlimits *next; + int resource; + long limit; +}; + struct command { guestfs_h *g; @@ -139,6 +152,9 @@ struct command cmd_child_callback child_callback; void *child_callback_data; + /* Optional child limits. */ + struct child_rlimits *child_rlimits; + /* Optiona...

...plot function as a more permanent part of R! Thanks to Ross Ihaka at R-help (Mon May 28 2001) for some of the polar.plot code used. Best wishes, Karsten ######### "polar.plot" <- function (r, theta, theta.zero = 0, theta.clw = FALSE, method = 1, rlabel.axis = 0, dir = 8, rlimits = NULL, grid.circle.pos = NULL, grid.lwd = 1, grid.col = "black", points.pch = 20, points.cex = 1, lp.col = "black", lines.lwd = 1, lines.lty = 1, polygon.col = NA, polygon.bottom = TRUE, overlay = NULL, pi2.lab = TRUE, text.lab = NULL, num.lab = NULL, rlabel...

...uestfs_h *g, const char *filename); static char *old_parser_disk_format (guestfs_h *g, const char *filename); static int64_t old_parser_disk_virtual_size (guestfs_h *g, const char *filename); static int old_parser_disk_has_backing_file (guestfs_h *g, const char *filename); +static void set_child_rlimits (struct command *); char * guestfs_impl_disk_format (guestfs_h *g, const char *filename) @@ -276,12 +277,7 @@ get_json_output (guestfs_h *g, const char *filename) guestfs_int_cmd_add_arg (cmd, fdpath); guestfs_int_cmd_set_stdout_callback (cmd, parse_json, &tree,...

On Tue, Jun 19, 2001 at 03:11:02AM +0200, Christian Kraemer wrote: > This is espacially anoying if you > use pam_limits.so to set rlimits. Every user could > cirrcumvent them easily by calling ssh in this way: > ssh user at server /bin/sh Interestingly, Debian 2.2's openssh (1:1.2.3-9.3) does enforce rlimits somehow, not sure if it was specifically patched to do this or perhaps the older version just does not have this pro...

....h> +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#include "log.h" +#include "sandbox.h" +#include "xmalloc.h" + +/* Minimal sandbox that sets zero nfiles, nprocs and filesize rlimits */ + +struct ssh_sandbox { + pid_t child_pid; +}; + +struct ssh_sandbox * +ssh_sandbox_init(void) +{ + struct ssh_sandbox *box; + + /* + * Strictly, we don't need to maintain any state here but we need + * to return non-NULL to satisfy the API. + */ + debug3("%s: preparing rlimit sandbo...

https://bugzilla.mindrot.org/show_bug.cgi?id=2011 Bug #: 2011 Summary: sandbox selection needs some kind of fallback mechanism Classification: Unclassified Product: Portable OpenSSH Version: 6.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2

Hi. New (2.1.1p1) login code is nicer on AIX (4.2.1.0.06). Thanks. A couple of issues, though, which I haven't really dug into yet. I'm wondering if anyone else has seen them? If not, I'll investigate & report. 1. If I set "UseLogin" to "yes", everything seems fine except that the authentication agent forwarding doesn't work. The "SSH"

Dear R Developers, In the same way that MySQL/MariaDB's Engine InnoDB or MyISAM/Aria have the innodb_buffer_pool_size or the key_buffer_size for setting the maximum amount of RAM which can be used by a Server Instance: ?Would it be possible to create an R Configuration Variable which fixes the maximum amount of RAM memory to be used as Commit / Dynamic Memory Allocation? Thank you. Juan

On Thu, May 12, 2016 at 9:51 AM, Martin Maechler <maechler at stat.math.ethz.ch> wrote: > My conclusion was I could not use the RAppArmor package. > > (But that's wrong: For the rlimit*() functions below, one do > *NOT* need an AppArmor-enabled version of Linux !) Yes, it is a relatively recent (unadvertised) feature that the package now builds on linux systems without

Is there any documentation I can look at that might talk about how to put memory limits on mongrel? For instants, I might want to limit mongrel to 100 megs of ram. I know that I can monitor mongrel with monit and restart it automatically if it becomes a ram piggy.

Package: src:xcp-vncterm Version: 0.1-2 Severity: important Tags: sid jessie User: debian-glibc at lists.debian.org Usertags: ftbfs-glibc-2.17 The package fails to build in a test rebuild on at least amd64 with eglibc-2.17, but succeeds to build with eglibc-2.13. The severity of this report may be raised before the jessie release. The test rebuild was done together with GCC-4.8, so some issues