On 2021-07-05 at 22:42, Victor Sudakov wrote: > Greg Wooledge wrote: >> And in any case, when you test this stuff, use the subshells. > > Well, my goal is to find a way to limit programs run from cron, PHP's > proc_open() etc., not from the interactive shell. What would you advise? Is there any reason to think that the ulimit approach wouldn't work in that type of context, as well as when invoked from within a shell? > The equivalent of FreeBSD's `/usr/bin/limits` wrapper seems to be > `/usr/bin/prlimit` but I'm really at a loss what limit to specify for > testing (the equivalent of `ulimit -v`). Should be RLIMIT_AS but --as > crashes prlimit: > > $ prlimit --as=1048576 /bin/ls > /bin/ls: error while loading shared libraries: libselinux.so.1: failed to map segment from shared object > $ > $ prlimit --as=1048576 stress-ng > Segmentation fault > $ I'm not familiar with prlimit, but just looking at this output and at the man page, what unit do you think the value of the --as argument is in? If it's in bytes, then what you're doing here is specirying an address-space size of only one megabyte, and I don't find it at all surprising if that's too small for the combination of ls plus its libraries. On my machine, ls is 144K, and its dependent libraries (as reported by ldd, and exclusing linux-vdso.so.1 which doesn't seem to be an actual file in the filesystem) range in size from 19K (libdl) to 1.8M (libc), for a total of 2.4M. That's more than twice the hypothesized one-megabyte threshold. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw
Attachment:
signature.asc
Description: OpenPGP digital signature