mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-17 22:04:40 +00:00
85a0ddfd0b
user. Kqueue now saves the ucred of the allocating thread, to correctly decrement the counter on close. Under some specific and not real-world use scenario for kqueue, it is possible for the kqueues to consume memory proportional to the square of the number of the filedescriptors available to the process. Limit allows administrator to prevent the abuse. This is kernel-mode side of the change, with the user-mode enabling commit following. Reported and tested by: pho Discussed with: jmg Sponsored by: The FreeBSD Foundation MFC after: 2 weeks
224 lines
6.6 KiB
Groff
224 lines
6.6 KiB
Groff
.\" Copyright (c) 1995 David Nugent <davidn@blaze.net.au>
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, is permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice immediately at the beginning of the file, without modification,
|
|
.\" this list of conditions, and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. This work was done expressly for inclusion into FreeBSD. Other use
|
|
.\" is permitted provided this notation is included.
|
|
.\" 4. Absolutely no warranty of function or purpose is made by the author
|
|
.\" David Nugent.
|
|
.\" 5. Modifications may be freely made to this file providing the above
|
|
.\" conditions are met.
|
|
.\"
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd March 24, 2011
|
|
.Dt LOGIN_CLASS 3
|
|
.Os
|
|
.Sh NAME
|
|
.Nm setclasscontext ,
|
|
.Nm setclasscpumask ,
|
|
.Nm setclassenvironment ,
|
|
.Nm setclassresources ,
|
|
.Nm setusercontext
|
|
.Nd "functions for using the login class capabilities database"
|
|
.Sh LIBRARY
|
|
.Lb libutil
|
|
.Sh SYNOPSIS
|
|
.In sys/types.h
|
|
.In login_cap.h
|
|
.Ft int
|
|
.Fn setclasscontext "const char *classname" "unsigned int flags"
|
|
.Ft void
|
|
.Fn setclasscpumask "login_cap_t *lc"
|
|
.Ft void
|
|
.Fn setclassenvironment "login_cap_t *lc" "const struct passwd *pwd" "int paths"
|
|
.Ft void
|
|
.Fn setclassresources "login_cap_t *lc"
|
|
.Ft int
|
|
.Fn setusercontext "login_cap_t *lc" "const struct passwd *pwd" "uid_t uid" "unsigned int flags"
|
|
.Sh DESCRIPTION
|
|
These functions provide a higher level interface to the login class
|
|
database than those documented in
|
|
.Xr login_cap 3 .
|
|
These functions are used to set resource limits, environment and
|
|
accounting settings for users on logging into the system and when
|
|
selecting an appropriate set of environment and resource settings
|
|
for system daemons based on login classes.
|
|
These functions may only be called if the current process is
|
|
running with root privileges.
|
|
If the LOGIN_SETLOGIN flag is used this function calls
|
|
.Xr setlogin 2 ,
|
|
and due care must be taken as detailed in the manpage for that
|
|
function and this affects all processes running in the same session
|
|
and not just the current process.
|
|
.Pp
|
|
The
|
|
.Fn setclasscontext
|
|
function sets various class context values (resource limits, umask and
|
|
process priorities) based on values for a specific named class.
|
|
.Pp
|
|
The
|
|
.Fn setusercontext
|
|
function sets class context values based on a given login_cap_t
|
|
object and a specific passwd record (if login_cap_t is NULL),
|
|
the current session's login, and the current process
|
|
user and group ownership.
|
|
Each of these actions is selectable via bit-flags passed
|
|
in the
|
|
.Ar flags
|
|
parameter, which is comprised of one or more of the following:
|
|
.Bl -tag -width LOGIN_SETLOGINCLASS
|
|
.It LOGIN_SETLOGIN
|
|
Set the login associated with the current session to the user
|
|
specified in the passwd structure using
|
|
.Xr setlogin 2 .
|
|
The
|
|
.Ar pwd
|
|
parameter must not be NULL if this option is used.
|
|
.It LOGIN_SETUSER
|
|
Set ownership of the current process to the uid specified in the
|
|
.Ar uid
|
|
parameter using
|
|
.Xr setuid 2 .
|
|
.It LOGIN_SETGROUP
|
|
Set group ownership of the current process to the group id
|
|
specified in the passwd structure using
|
|
.Xr setgid 2 ,
|
|
and calls
|
|
.Xr initgroups 3
|
|
to set up the group access list for the current process.
|
|
The
|
|
.Ar pwd
|
|
parameter must not be NULL if this option is used.
|
|
.It LOGIN_SETRESOURCES
|
|
Set resource limits for the current process based on values
|
|
specified in the system login class database.
|
|
Class capability tags used, with and without -cur (soft limit)
|
|
or -max (hard limit) suffixes and the corresponding resource
|
|
setting:
|
|
.Bd -literal
|
|
cputime RLIMIT_CPU
|
|
filesize RLIMIT_FSIZE
|
|
datasize RLIMIT_DATA
|
|
stacksize RLIMIT_STACK
|
|
coredumpsize RLIMIT_CORE
|
|
memoryuse RLIMIT_RSS
|
|
memorylocked RLIMIT_MEMLOCK
|
|
maxproc RLIMIT_NPROC
|
|
openfiles RLIMIT_NOFILE
|
|
sbsize RLIMIT_SBSIZE
|
|
vmemoryuse RLIMIT_VMEM
|
|
pseudoterminals RLIMIT_NPTS
|
|
swapuse RLIMIT_SWAP
|
|
kqueues RLIMIT_KQUEUES
|
|
.Ed
|
|
.It LOGIN_SETPRIORITY
|
|
Set the scheduling priority for the current process based on the
|
|
value specified in the system login class database.
|
|
Class capability tags used:
|
|
.Bd -literal
|
|
priority
|
|
.Ed
|
|
.It LOGIN_SETUMASK
|
|
Set the umask for the current process to a value in the user or
|
|
system login class database.
|
|
Class capability tags used:
|
|
.Bd -literal
|
|
umask
|
|
.Ed
|
|
.It LOGIN_SETPATH
|
|
Set the "path" and "manpath" environment variables based on values
|
|
in the user or system login class database.
|
|
Class capability tags used with the corresponding environment
|
|
variables set:
|
|
.Bd -literal
|
|
path PATH
|
|
manpath MANPATH
|
|
.Ed
|
|
.It LOGIN_SETENV
|
|
Set various environment variables based on values in the user or
|
|
system login class database.
|
|
Class capability tags used with the corresponding environment
|
|
variables set:
|
|
.Bd -literal
|
|
lang LANG
|
|
charset MM_CHARSET
|
|
timezone TZ
|
|
term TERM
|
|
.Ed
|
|
.Pp
|
|
Additional environment variables may be set using the list type
|
|
capability "setenv=var1 val1,var2 val2..,varN valN".
|
|
.It LOGIN_SETMAC
|
|
Set the MAC label for the current process to the label specified
|
|
in system login class database.
|
|
.Pp
|
|
.It LOGIN_SETCPUMASK
|
|
Create a new
|
|
.Xr cpuset 2
|
|
and set the cpu affinity to the specified mask.
|
|
The string may contain a comma separated list of numbers and/or number
|
|
ranges as handled by the
|
|
.Xr cpuset 1
|
|
utility or the case-insensitive string
|
|
.Ql default .
|
|
If the string is
|
|
.Ql default
|
|
no action will be taken.
|
|
.It LOGIN_SETLOGINCLASS
|
|
Set the login class of the current process using
|
|
.Xr setloginclass 2 .
|
|
.It LOGIN_SETALL
|
|
Enables all of the above settings.
|
|
.El
|
|
.Pp
|
|
Note that when setting environment variables and a valid passwd
|
|
pointer is provided in the
|
|
.Ar pwd
|
|
parameter, the characters
|
|
.Ql \&~
|
|
and
|
|
.Ql \&$
|
|
are substituted for the user's home directory and login name
|
|
respectively.
|
|
.Pp
|
|
The
|
|
.Fn setclasscpumask ,
|
|
.Fn setclassresources
|
|
and
|
|
.Fn setclassenvironment
|
|
functions are subsets of the setcontext functions above, but may
|
|
be useful in isolation.
|
|
.Sh RETURN VALUES
|
|
The
|
|
.Fn setclasscontext
|
|
and
|
|
.Fn setusercontext
|
|
functions return -1 if an error occurred, or 0 on success.
|
|
If an error occurs when attempting to set the user, login, group
|
|
or resources, a message is reported to
|
|
.Xr syslog 3 ,
|
|
with LOG_ERR priority and directed to the currently active facility.
|
|
.Sh SEE ALSO
|
|
.Xr cpuset 1 ,
|
|
.Xr ps 1 ,
|
|
.Xr cpuset 2 ,
|
|
.Xr setgid 2 ,
|
|
.Xr setlogin 2 ,
|
|
.Xr setloginclass 2 ,
|
|
.Xr setuid 2 ,
|
|
.Xr getcap 3 ,
|
|
.Xr initgroups 3 ,
|
|
.Xr login_cap 3 ,
|
|
.Xr mac_set_proc 3 ,
|
|
.Xr login.conf 5 ,
|
|
.Xr termcap 5
|