From: Janosch Frank <frankja@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Cc: cornelia.huck@de.ibm.com, frankja@linux.vnet.ibm.com
Subject: [Qemu-devel] [PATCH 32/34] scripts/kvm/kvm_stat: Fix rlimit for unprivileged users
Date: Thu, 10 Dec 2015 13:13:02 +0100 [thread overview]
Message-ID: <1449749584-23214-33-git-send-email-frankja@linux.vnet.ibm.com> (raw)
In-Reply-To: <1449749584-23214-1-git-send-email-frankja@linux.vnet.ibm.com>
Setting the hard limit as a unprivileged user either returns an error
when it is higher than the current one or irreversibly sets it lower.
Therefore we leave the hardlimit untouched as long as we don't need to
raise it as this needs CAP_SYS_RESOURCE.
This gives admins the possibility to run the script as an unprivileged
user to increase security.
---
scripts/kvm/kvm_stat | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/scripts/kvm/kvm_stat b/scripts/kvm/kvm_stat
index ee4cf31..616ecb4 100755
--- a/scripts/kvm/kvm_stat
+++ b/scripts/kvm/kvm_stat
@@ -413,11 +413,19 @@ class TracepointProvider(object):
# The constant is needed as a buffer for python libs, std
# streams and other files that the script opens.
- rlimit = len(cpus) * len(self._fields) + 50
+ newlim = len(cpus) * len(self._fields) + 50
try:
- resource.setrlimit(resource.RLIMIT_NOFILE, (rlimit, rlimit))
+ softlim_, hardlim = resource.getrlimit(resource.RLIMIT_NOFILE)
+
+ if hardlim < newlim:
+ # Now we need CAP_SYS_RESOURCE, to increase the hard limit.
+ resource.setrlimit(resource.RLIMIT_NOFILE, (newlim, newlim))
+ else:
+ # Raising the soft limit is sufficient.
+ resource.setrlimit(resource.RLIMIT_NOFILE, (newlim, hardlim))
+
except ValueError:
- sys.exit("NOFILE rlimit could not be raised to {0}".format(rlimit))
+ sys.exit("NOFILE rlimit could not be raised to {0}".format(newlim))
for cpu in cpus:
group = Group()
--
2.3.0
next prev parent reply other threads:[~2015-12-10 12:14 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-10 12:12 [Qemu-devel] [PATCH 00/34] kvm_stat: Cleanup and fixup Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 01/34] scripts/kvm/kvm_stat: Cleanup of multiple imports Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 02/34] scripts/kvm/kvm_stat: Replaced os.listdir with os.walk Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 03/34] scripts/kvm/kvm_stat: Make constants uppercase Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 04/34] scripts/kvm/kvm_stat: Removed unneeded PERF constants Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 05/34] scripts/kvm/kvm_stat: Mark globals in functions Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 06/34] scripts/kvm/kvm_stat: Invert dictionaries Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 07/34] scripts/kvm/kvm_stat: Cleanup of path variables Janosch Frank
2016-01-07 14:56 ` Paolo Bonzini
2016-01-07 16:58 ` Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 08/34] scripts/kvm/kvm_stat: Improve debugfs access checking Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 09/34] scripts/kvm/kvm_stat: Introduce main function Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 10/34] scripts/kvm/kvm_stat: Fix spaces around keyword assignments Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 11/34] scripts/kvm/kvm_stat: Rename variables that redefine globals Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 12/34] scripts/kvm/kvm_stat: Moved DebugfsProvider Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 13/34] scripts/kvm/kvm_stat: Fixup syscall error reporting Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 14/34] scripts/kvm/kvm_stat: Set sensible no. files rlimit Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 15/34] scripts/kvm/kvm_stat: Cleanup of platform detection Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 16/34] scripts/kvm/kvm_stat: Make cpu detection a function Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 17/34] scripts/kvm/kvm_stat: Rename _perf_event_open Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 18/34] scripts/kvm/kvm_stat: Introduce properties for providers Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 19/34] scripts/kvm/kvm_stat: Cleanup of TracepointProvider Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 20/34] scripts/kvm/kvm_stat: Cleanup cpu list retrieval Janosch Frank
2016-01-07 15:21 ` Paolo Bonzini
2016-01-07 16:56 ` Janosch Frank
2016-01-07 17:02 ` Paolo Bonzini
2015-12-10 12:12 ` [Qemu-devel] [PATCH 21/34] scripts/kvm/kvm_stat: Encapsulate filters variable Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 22/34] scripts/kvm/kvm_stat: Cleanup of Stats class Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 23/34] scripts/kvm/kvm_stat: Cleanup of Groups class Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 24/34] scripts/kvm/kvm_stat: Cleanup of Event class Janosch Frank
2016-01-07 15:25 ` Paolo Bonzini
2015-12-10 12:12 ` [Qemu-devel] [PATCH 25/34] scripts/kvm/kvm_stat: Group arch specific data Janosch Frank
2016-01-07 15:30 ` Paolo Bonzini
2015-12-10 12:12 ` [Qemu-devel] [PATCH 26/34] scripts/kvm/kvm_stat: Remove unneeded X86_EXIT_REASONS Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 27/34] scripts/kvm/kvm_stat: Make tui function a class Janosch Frank
2016-01-07 15:40 ` Paolo Bonzini
2015-12-10 12:12 ` [Qemu-devel] [PATCH 28/34] scripts/kvm/kvm_stat: Fix output formatting Janosch Frank
2015-12-10 12:12 ` [Qemu-devel] [PATCH 29/34] scripts/kvm/kvm_stat: Move to argparse and add description Janosch Frank
2016-01-07 15:41 ` Paolo Bonzini
2016-01-07 15:54 ` Janosch Frank
2016-01-07 16:02 ` Paolo Bonzini
2015-12-10 12:13 ` [Qemu-devel] [PATCH 30/34] scripts/kvm/kvm_stat: Cleanup and pre-init perf_event_attr Janosch Frank
2015-12-10 12:13 ` [Qemu-devel] [PATCH 31/34] scripts/kvm/kvm_stat: Read event values as u64 Janosch Frank
2015-12-10 12:13 ` Janosch Frank [this message]
2015-12-10 12:13 ` [Qemu-devel] [PATCH 33/34] scripts/kvm/kvm_stat: Fixup filtering Janosch Frank
2015-12-10 12:13 ` [Qemu-devel] [PATCH 34/34] scripts/kvm/kvm_stat: Add interactive filtering Janosch Frank
2015-12-15 9:56 ` [Qemu-devel] [PATCH 00/34] kvm_stat: Cleanup and fixup Cornelia Huck
2016-01-07 13:41 ` Cornelia Huck
2016-01-07 13:50 ` Paolo Bonzini
2016-01-07 15:44 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1449749584-23214-33-git-send-email-frankja@linux.vnet.ibm.com \
--to=frankja@linux.vnet.ibm.com \
--cc=cornelia.huck@de.ibm.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).