diff options
author | Fabricio Voznika <fvoznika@google.com> | 2021-06-10 13:47:43 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-06-10 13:55:10 -0700 |
commit | d81fcbf85c771a75bcf6600a02b3d411c6f7e383 (patch) | |
tree | 7637774c682f7717ca1389f0db9bac11027ce548 /pkg/sentry/control | |
parent | 21169357ca913de9cef50da6f235a482b7a3cfab (diff) |
Set RLimits during `runsc exec`
PiperOrigin-RevId: 378726430
Diffstat (limited to 'pkg/sentry/control')
-rw-r--r-- | pkg/sentry/control/proc.go | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/pkg/sentry/control/proc.go b/pkg/sentry/control/proc.go index 367849e75..221e98a01 100644 --- a/pkg/sentry/control/proc.go +++ b/pkg/sentry/control/proc.go @@ -99,6 +99,9 @@ type ExecArgs struct { // PIDNamespace is the pid namespace for the process being executed. PIDNamespace *kernel.PIDNamespace + + // Limits is the limit set for the process being executed. + Limits *limits.LimitSet } // String prints the arguments as a string. @@ -151,6 +154,10 @@ func (proc *Proc) execAsync(args *ExecArgs) (*kernel.ThreadGroup, kernel.ThreadI if pidns == nil { pidns = proc.Kernel.RootPIDNamespace() } + limitSet := args.Limits + if limitSet == nil { + limitSet = limits.NewLimitSet() + } initArgs := kernel.CreateProcessArgs{ Filename: args.Filename, Argv: args.Argv, @@ -161,7 +168,7 @@ func (proc *Proc) execAsync(args *ExecArgs) (*kernel.ThreadGroup, kernel.ThreadI Credentials: creds, FDTable: fdTable, Umask: 0022, - Limits: limits.NewLimitSet(), + Limits: limitSet, MaxSymlinkTraversals: linux.MaxSymlinkTraversals, UTSNamespace: proc.Kernel.RootUTSNamespace(), IPCNamespace: proc.Kernel.RootIPCNamespace(), |