[vhffs-dev] [1260] Adding suphp limits patch

[ Thread Index | Date Index | More vhffs.org/vhffs-dev Archives ]

To: vhffs-dev@xxxxxxxxx
Subject: [vhffs-dev] [1260] Adding suphp limits patch
From: subversion@xxxxxxxxxxxxx
Date: Tue, 30 Sep 2008 09:21:02 +0200

Revision: 1260
Author:   beuss
Date:     2008-09-30 09:21:01 +0200 (Tue, 30 Sep 2008)

Log Message:
-----------
Adding suphp limits patch

Added Paths:
-----------
    trunk/vhffs-packages/patches/suphp-0.6.2-1+etch0-limits.patch

Added: trunk/vhffs-packages/patches/suphp-0.6.2-1+etch0-limits.patch
===================================================================
--- trunk/vhffs-packages/patches/suphp-0.6.2-1+etch0-limits.patch	                        (rev 0)
+++ trunk/vhffs-packages/patches/suphp-0.6.2-1+etch0-limits.patch	2008-09-30 07:21:01 UTC (rev 1260)
@@ -0,0 +1,507 @@
+diff -Nru ./doc/suphp.conf-example ./doc/suphp.conf-example
+--- ./doc/suphp.conf-example	2005-11-26 19:29:02.000000000 +0000
++++ ./doc/suphp.conf-example	2008-04-18 09:40:25.000000000 +0000
+@@ -39,6 +39,66 @@
+ min_gid=100
+ 
+ 
++[limits]
++
++;The maximum size of the process's virtual memory (address space) in Kbytes
++as_soft=65536
++as_hard=65536
++
++;Maximum size of core file in Kbytes
++core_soft=0
++core_hard=0
++
++;CPU time limit in seconds
++cpu_soft=32
++cpu_hard=32
++
++;The maximum size of the process's data segment in Kbytes
++data_soft=32768
++data_hard=32768
++
++;The maximum size of files that the process may create
++fsize_soft=unlimited
++fsize_hard=unlimited
++
++;A limit on the combined number of flock(2) locks and fcntl(2) leases that this process may establish
++locks_soft=512
++locks_hard=512
++
++;The maximum number of Kbytes of memory that may be locked into RAM
++memlock_soft=0
++memlock_hard=0
++
++;Specifies the limit on the number of Kbytes that can be allocated for POSIX message queues for the real user ID of the calling process
++msgqueue_soft=800
++msgqueue_hard=800
++
++;Specifies a ceiling to which the process's nice value can be raised using setpriority(2) or nice(2)
++;The actual ceiling for the nice value is calculated as 20 - rlim_cur
++nice_soft=0
++nice_hard=0
++
++;Specifies a value one greater than the maximum file descriptor number that can be opened by this process
++nofile_soft=512
++nofile_hard=512
++
++;The maximum number of processes (or, more precisely on Linux, threads) that can be created for the real user ID of the calling process
++nproc_soft=10
++nproc_hard=10
++
++;Specifies a ceiling on the real-time priority that may be set for this process using sched_setscheduler(2) and sched_setparam(2)
++rtprio_soft=0
++rtprio_hard=0
++
++;Specifies the limit on the number of signals that may be queued for the real user ID of the calling process
++sigpending_soft=1024
++sigpending_hard=1024
++
++;The maximum size of the process stack, in Kbytes
++stack_soft=4096
++stack_hard=4096
++
++
+ [handlers]
+ ;Handler for php-scripts
+ x-httpd-php=php:/usr/bin/php
+diff -Nru ./src/Application.cpp ./src/Application.cpp
+--- ./src/Application.cpp	2008-04-18 09:31:15.000000000 +0000
++++ ./src/Application.cpp	2008-04-18 09:30:45.000000000 +0000
+@@ -366,6 +366,83 @@
+     
+     // Common code used for all modes
+ 
++	// BEGIN -- TuxFamily limits patch
++	// Change limits
++	struct rlimit rl;
++#ifdef RLIMIT_AS
++	rl = config.getLimitAS();
++	if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++		setrlimit(RLIMIT_AS, &rl);
++#endif
++#ifdef RLIMIT_CORE
++	rl = config.getLimitCore();
++	if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++		setrlimit(RLIMIT_CORE, &rl);
++#endif
++#ifdef RLIMIT_CPU
++	rl = config.getLimitCPU();
++	if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++		setrlimit(RLIMIT_CPU, &rl);
++#endif
++#ifdef RLIMIT_DATA
++	rl = config.getLimitData();
++	if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++		setrlimit(RLIMIT_DATA, &rl);
++#endif
++#ifdef RLIMIT_FSIZE
++	rl = config.getLimitFSize();
++	if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++		setrlimit(RLIMIT_FSIZE, &rl);
++#endif
++#ifdef RLIMIT_LOCKS
++	rl = config.getLimitLocks();
++	if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++		setrlimit(RLIMIT_LOCKS, &rl);
++#endif
++#ifdef RLIMIT_MEMLOCK
++	rl = config.getLimitMemLock();
++	if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++		setrlimit(RLIMIT_MEMLOCK, &rl);
++#endif
++#ifdef RLIMIT_MSGQUEUE
++	rl = config.getLimitMsgQueue();
++	if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++		setrlimit(RLIMIT_MSGQUEUE, &rl);
++#endif
++#ifdef RLIMIT_NICE
++	rl = config.getLimitNice();
++	if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED) {
++		setrlimit(RLIMIT_NICE, &rl);
++		nice(rl.rlim_cur);
++	}
++#endif
++#ifdef RLIMIT_NOFILE
++	rl = config.getLimitNoFile();
++	if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++		setrlimit(RLIMIT_NOFILE, &rl);
++#endif
++#ifdef RLIMIT_NPROC
++	rl = config.getLimitNProc();
++	if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++		setrlimit(RLIMIT_NPROC, &rl);
++#endif
++#ifdef RLIMIT_RTPRIO
++	rl = config.getLimitRtPrio();
++	if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++		setrlimit(RLIMIT_RTPRIO, &rl);
++#endif
++#ifdef RLIMIT_SIGPENDING
++	rl = config.getLimitSigPending();
++	if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++		setrlimit(RLIMIT_SIGPENDING, &rl);
++#endif
++#ifdef RLIMIT_STACK
++	rl = config.getLimitStack();
++	if(rl.rlim_cur != SUPHP_LIMIT_UNDEFINED && rl.rlim_max != SUPHP_LIMIT_UNDEFINED)
++		setrlimit(RLIMIT_STACK, &rl);
++#endif
++	// END -- TuxFamily limits patch
++
+     // Set new group first, because we still need super-user privileges
+     // for this
+     api.setProcessGroup(targetGroup);
+diff -Nru ./src/Configuration.cpp ./src/Configuration.cpp
+--- ./src/Configuration.cpp	2006-03-15 20:21:52.000000000 +0000
++++ ./src/Configuration.cpp	2008-04-18 09:30:45.000000000 +0000
+@@ -20,6 +20,9 @@
+ 
+ #include <string>
+ #include <vector>
++// BEGIN -- TuxFamily limits patch
++#include <sstream>
++// END -- TuxFamily limits patch
+ 
+ #include "IniFile.hpp"
+ #include "Util.hpp"
+@@ -65,6 +68,29 @@
+ }
+ 
+ 
++// BEGIN -- TuxFamily limits patch
++rlim_t suPHP::Configuration::strToLimit(const std::string& bstr) {
++
++	std::string str = bstr;
++	// Convert upper characters to lower characters
++	for (int i=0; i<str.size(); i++) {
++		if (str[i] >= 65 && str[i] <= 90)
++		str[i] += 32;
++	}
++
++	if (str == std::string("unlimited")) {
++		return RLIM_INFINITY;
++	} else  {
++		rlim_t lim = SUPHP_LIMIT_UNDEFINED;
++		std::istringstream istr;
++		istr.str(str);
++		istr >> lim;
++		return lim;
++	}
++}
++// END -- TuxFamily limits patch
++
++
+ LogLevel suPHP::Configuration::strToLogLevel(const std::string& str) const
+     throw (ParsingException) {
+     if (str == "none")
+@@ -112,6 +138,36 @@
+ #endif
+     this->umask = 0077;
+     this->chroot_path = "";
++	// BEGIN -- TuxFamily limits patch
++	this->limit_as.rlim_cur = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_as.rlim_max = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_core.rlim_cur = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_core.rlim_max = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_cpu.rlim_cur = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_cpu.rlim_max = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_data.rlim_cur = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_data.rlim_max = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_fsize.rlim_cur = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_fsize.rlim_max = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_locks.rlim_cur = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_locks.rlim_max = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_memlock.rlim_cur = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_memlock.rlim_max = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_msgqueue.rlim_cur = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_msgqueue.rlim_max = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_nice.rlim_cur = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_nice.rlim_max = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_nofile.rlim_cur = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_nofile.rlim_max = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_nproc.rlim_cur = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_nproc.rlim_max = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_rtprio.rlim_cur = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_rtprio.rlim_max = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_sigpending.rlim_cur = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_sigpending.rlim_max = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_stack.rlim_cur = SUPHP_LIMIT_UNDEFINED;	
++	this->limit_stack.rlim_max = SUPHP_LIMIT_UNDEFINED;	
++	// END -- TuxFamily limits patch
+ }
+ 
+ void suPHP::Configuration::readFromFile(File& file) 
+@@ -178,7 +234,130 @@
+ 	    this->handlers.insert(p);
+ 	}
+     }
+-    
++
++	// BEGIN -- TuxFamily limits patch
++	// Get limits
++	if (ini.hasSection("limits")) {
++		IniSection sect = ini.getSection("limits");
++		std::vector<std::string> keys = sect.getKeys();
++		std::vector<std::string>::iterator i;
++		for (i = keys.begin(); i < keys.end(); i++) {
++			std::string key = *i;
++			std::string value = sect.getValue(key);
++
++			if (key == "as_soft")  {
++				this->limit_as.rlim_cur = this->strToLimit(value);
++				if(this->limit_as.rlim_cur != RLIM_INFINITY)
++					this->limit_as.rlim_cur <<= 10;
++			}
++			else if (key == "as_hard")  {
++				this->limit_as.rlim_max = this->strToLimit(value);
++				if(this->limit_as.rlim_max != RLIM_INFINITY)
++					this->limit_as.rlim_max <<= 10;
++			}
++
++			else if (key == "core_soft")  {
++				this->limit_core.rlim_cur = this->strToLimit(value);
++				if(this->limit_core.rlim_cur != RLIM_INFINITY)	
++					this->limit_core.rlim_cur <<= 10;
++			}
++			else if (key == "core_hard")  {
++				this->limit_core.rlim_max = this->strToLimit(value);
++				if(this->limit_core.rlim_max != RLIM_INFINITY)
++					this->limit_core.rlim_max <<= 10;
++			}
++
++			else if (key == "cpu_soft")
++				this->limit_cpu.rlim_cur = this->strToLimit(value);
++			else if (key == "cpu_hard")
++				this->limit_cpu.rlim_max = this->strToLimit(value);
++
++			else if (key == "data_soft")  {
++				this->limit_data.rlim_cur = this->strToLimit(value);
++				if(this->limit_data.rlim_cur != RLIM_INFINITY)	
++					this->limit_data.rlim_cur <<= 10;
++			}
++			else if (key == "data_hard")  {
++				this->limit_data.rlim_max = this->strToLimit(value);
++				if(this->limit_data.rlim_max != RLIM_INFINITY)
++					this->limit_data.rlim_max <<= 10;
++			}
++
++			else if (key == "fsize_soft")
++				this->limit_fsize.rlim_cur = this->strToLimit(value);
++			else if (key == "fsize_hard")
++				this->limit_fsize.rlim_max = this->strToLimit(value);
++
++			else if (key == "locks_soft")
++				this->limit_locks.rlim_cur = this->strToLimit(value);
++			else if (key == "locks_hard")
++				this->limit_locks.rlim_max = this->strToLimit(value);
++
++			else if (key == "memlock_soft")  {
++				this->limit_memlock.rlim_cur = this->strToLimit(value);
++				if(this->limit_memlock.rlim_cur != RLIM_INFINITY)	
++					this->limit_memlock.rlim_cur <<= 10;
++			}
++			else if (key == "memlock_hard")  {
++				this->limit_memlock.rlim_max = this->strToLimit(value);
++				if(this->limit_memlock.rlim_max != RLIM_INFINITY)
++					this->limit_memlock.rlim_max <<= 10;
++			}
++
++			else if (key == "msgqueue_soft")  {
++				this->limit_msgqueue.rlim_cur = this->strToLimit(value);
++				if(this->limit_msgqueue.rlim_cur != RLIM_INFINITY)
++					this->limit_msgqueue.rlim_cur <<= 10;
++			}
++			else if (key == "msgqueue_hard")  {
++				this->limit_msgqueue.rlim_max = this->strToLimit(value);
++				if(this->limit_msgqueue.rlim_max != RLIM_INFINITY)
++					this->limit_msgqueue.rlim_max <<= 10;
++			}
++
++			else if (key == "nice_soft")
++				this->limit_nice.rlim_cur = this->strToLimit(value);
++			else if (key == "nice_hard")
++				this->limit_nice.rlim_max = this->strToLimit(value);
++
++			else if (key == "nofile_soft")
++				this->limit_nofile.rlim_cur = this->strToLimit(value);
++			else if (key == "nofile_hard")
++				this->limit_nofile.rlim_max = this->strToLimit(value);
++
++			else if (key == "nproc_soft")
++				this->limit_nproc.rlim_cur = this->strToLimit(value);
++			else if (key == "nproc_hard")
++				this->limit_nproc.rlim_max = this->strToLimit(value);
++
++			else if (key == "rtprio_soft")
++				this->limit_rtprio.rlim_cur = this->strToLimit(value);
++			else if (key == "rtprio_hard")
++				this->limit_rtprio.rlim_max = this->strToLimit(value);
++
++			else if (key == "sigpending_soft")
++				this->limit_sigpending.rlim_cur = this->strToLimit(value);
++			else if (key == "sigpending_hard")
++				this->limit_sigpending.rlim_max = this->strToLimit(value);
++
++			else if (key == "stack_soft")  {
++				this->limit_stack.rlim_cur = this->strToLimit(value);
++				if(this->limit_stack.rlim_cur != RLIM_INFINITY)	
++					this->limit_stack.rlim_cur <<= 10;
++			}
++			else if (key == "stack_hard")  {
++				this->limit_stack.rlim_max = this->strToLimit(value);
++				if(this->limit_stack.rlim_max != RLIM_INFINITY)
++					this->limit_stack.rlim_max <<= 10;
++			}
++
++			else
++				throw ParsingException("Unknown option \"" + key +
++					"\" in section [global]",
++					__FILE__, __LINE__);
++		}
++	}
++	// END -- TuxFamily limits patch
+ }
+ 
+ std::string suPHP::Configuration::getLogfile() const {
+@@ -250,3 +429,61 @@
+ std::string suPHP::Configuration::getChrootPath() const {
+     return this->chroot_path;
+ }
++
++// BEGIN -- TuxFamily limits patch
++struct rlimit suPHP::Configuration::getLimitAS() const {
++	return this->limit_as;
++}
++
++struct rlimit suPHP::Configuration::getLimitCore() const {
++	return this->limit_core;
++}
++
++struct rlimit suPHP::Configuration::getLimitCPU() const {
++	return this->limit_cpu;
++}
++
++struct rlimit suPHP::Configuration::getLimitData() const {
++	return this->limit_data;
++}
++
++struct rlimit suPHP::Configuration::getLimitFSize() const {
++	return this->limit_fsize;
++}
++
++struct rlimit suPHP::Configuration::getLimitLocks() const {
++	return this->limit_locks;
++}
++
++struct rlimit suPHP::Configuration::getLimitMemLock() const {
++	return this->limit_memlock;
++}
++
++struct rlimit suPHP::Configuration::getLimitMsgQueue() const {
++	return this->limit_msgqueue;
++}
++
++struct rlimit suPHP::Configuration::getLimitNice() const {
++	return this->limit_nice;
++}
++
++struct rlimit suPHP::Configuration::getLimitNoFile() const {
++	return this->limit_nofile;
++}
++
++struct rlimit suPHP::Configuration::getLimitNProc() const {
++	return this->limit_nproc;
++}
++
++struct rlimit suPHP::Configuration::getLimitRtPrio() const {
++	return this->limit_rtprio;
++}
++
++struct rlimit suPHP::Configuration::getLimitSigPending() const {
++	return this->limit_sigpending;
++}
++
++struct rlimit suPHP::Configuration::getLimitStack() const {
++	return this->limit_stack;
++}
++// END -- TuxFamily limits patch
+diff -Nru ./src/Configuration.hpp ./src/Configuration.hpp
+--- ./src/Configuration.hpp	2005-11-26 19:29:02.000000000 +0000
++++ ./src/Configuration.hpp	2008-04-18 09:30:45.000000000 +0000
+@@ -29,6 +29,11 @@
+ #include <string>
+ #include <map>
+ 
++// BEGIN -- TuxFamily limits patch
++#include <sys/resource.h>
++#define SUPHP_LIMIT_UNDEFINED -34826
++// END -- TuxFamily limits patch
++
+ #include "ParsingException.hpp"
+ #include "IOException.hpp"
+ #include "File.hpp"
+@@ -58,6 +63,23 @@
+ 	int umask;
+ 	std::string chroot_path;
+ 
++	// BEGIN -- TuxFamily limits patch
++	struct rlimit limit_as;
++	struct rlimit limit_core;
++	struct rlimit limit_cpu;
++	struct rlimit limit_data;
++	struct rlimit limit_fsize;
++	struct rlimit limit_locks;
++	struct rlimit limit_memlock;
++	struct rlimit limit_msgqueue;
++	struct rlimit limit_nice;
++	struct rlimit limit_nofile;
++	struct rlimit limit_nproc;
++	struct rlimit limit_rtprio;
++	struct rlimit limit_sigpending;
++	struct rlimit limit_stack;
++	// END -- TuxFamily limits patch
++
+ 	/**
+ 	 * Converts string to bool
+ 	 */
+@@ -69,6 +91,11 @@
+         LogLevel strToLogLevel(const std::string& str) const
+ 	    throw (ParsingException);
+ 
++	// BEGIN -- TuxFamily limits patch
++	// Convert limit value to rlim_t
++	rlim_t strToLimit(const std::string& bstr);
++	// END -- TuxFamily limits patch
++
+     public:
+ 	/**
+ 	 * Constructor, initializes configuration with default values.
+@@ -165,6 +192,24 @@
+ 	 * Return chroot path
+ 	 */
+ 	std::string getChrootPath() const;
++
++	// BEGIN -- TuxFamily limits patch
++	// Accessor methods to fetch limit values
++	struct rlimit getLimitAS() const;
++	struct rlimit getLimitCore() const;
++	struct rlimit getLimitCPU() const;
++	struct rlimit getLimitData() const;
++	struct rlimit getLimitFSize() const;
++	struct rlimit getLimitLocks() const;
++	struct rlimit getLimitMemLock() const;
++	struct rlimit getLimitMsgQueue() const;
++	struct rlimit getLimitNice() const;
++	struct rlimit getLimitNoFile() const;
++	struct rlimit getLimitNProc() const;
++	struct rlimit getLimitRtPrio() const;
++	struct rlimit getLimitSigPending() const;
++	struct rlimit getLimitStack() const;
++	// END -- TuxFamily limits patch
+     };
+ };
+

Messages sorted by: [ date | thread ]
Prev by Date: [vhffs-dev] [1259] fixed a little race condition
Previous by thread: [vhffs-dev] [1259] fixed a little race condition

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/