Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(176)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_linux.cc

Issue 11450017: Lower RLIMIT_AS to 4GB after discussion with jschuh. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <fcntl.h> 5 #include <fcntl.h>
6 #include <sys/resource.h> 6 #include <sys/resource.h>
7 #include <sys/stat.h> 7 #include <sys/stat.h>
8 #include <sys/time.h> 8 #include <sys/time.h>
9 #include <sys/types.h> 9 #include <sys/types.h>
10 10
(...skipping 234 matching lines...) Expand 10 before | Expand all | Expand 10 after
245 return seccomp_bpf_supported_; 245 return seccomp_bpf_supported_;
246 } 246 }
247 247
248 bool LinuxSandbox::LimitAddressSpace(const std::string& process_type) { 248 bool LinuxSandbox::LimitAddressSpace(const std::string& process_type) {
249 (void) process_type; 249 (void) process_type;
250 #if defined(__x86_64__) && !defined(ADDRESS_SANITIZER) 250 #if defined(__x86_64__) && !defined(ADDRESS_SANITIZER)
251 CommandLine* command_line = CommandLine::ForCurrentProcess(); 251 CommandLine* command_line = CommandLine::ForCurrentProcess();
252 if (command_line->HasSwitch(switches::kNoSandbox)) { 252 if (command_line->HasSwitch(switches::kNoSandbox)) {
253 return false; 253 return false;
254 } 254 }
255 // Limit the address space to 8GB. 255 // Limit the address space to 4GB.
256 const rlim_t kNewAddressSpaceMaxSize = 0x200000000L; 256 const rlim_t kNewAddressSpaceMaxSize = 0x100000000L;
257 struct rlimit old_address_space_limit; 257 struct rlimit old_address_space_limit;
258 if (getrlimit(RLIMIT_AS, &old_address_space_limit)) 258 if (getrlimit(RLIMIT_AS, &old_address_space_limit))
259 return false; 259 return false;
260 // Make sure we don't raise the existing limit. 260 // Make sure we don't raise the existing limit.
261 const struct rlimit new_address_space_limit = { 261 const struct rlimit new_address_space_limit = {
262 std::min(old_address_space_limit.rlim_cur, kNewAddressSpaceMaxSize), 262 std::min(old_address_space_limit.rlim_cur, kNewAddressSpaceMaxSize),
263 std::min(old_address_space_limit.rlim_max, kNewAddressSpaceMaxSize) 263 std::min(old_address_space_limit.rlim_max, kNewAddressSpaceMaxSize)
264 }; 264 };
265 int rc = setrlimit(RLIMIT_AS, &new_address_space_limit); 265 int rc = setrlimit(RLIMIT_AS, &new_address_space_limit);
266 return (rc == 0); 266 return (rc == 0);
267 #else 267 #else
268 return false; 268 return false;
269 #endif // __x86_64__ && !defined(ADDRESS_SANITIZER) 269 #endif // __x86_64__ && !defined(ADDRESS_SANITIZER)
270 } 270 }
271 271
272 } // namespace content 272 } // namespace content
273 273
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698