Use FD limit and file size limit from host

FD limit and file size limit is read from the host, instead of using hard-coded defaults, given that they effect the sandbox process. Also limit the direct cache to use no more than half if the available FDs. PiperOrigin-RevId: 244050323 Change-Id: I787ad0fdf07c49d589e51aebfeae477324fe26e6
author: Fabricio Voznika <fvoznika@google.com> 2019-04-17 12:56:23 -0700
committer: Shentubot <shentubot@google.com> 2019-04-17 12:57:40 -0700
commit: c8cee7108f1a1b37e89961c6dd69ccab97952c86 (patch)
tree: 57565d1df112795354487f636d42b9bca5a231e2 /pkg/sentry/fs/context.go
parent: 08d99c5fbea76ecc92038280387d24ecdf7ed814 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/pkg/sentry/fs/context.go b/pkg/sentry/fs/context.go
index c0e6075e4..4869428a8 100644
--- a/pkg/sentry/fs/context.go
+++ b/pkg/sentry/fs/context.go
@@ -26,6 +26,9 @@ type contextID int
 const (
 	// CtxRoot is a Context.Value key for a Dirent.
 	CtxRoot contextID = iota
+
+	// CtxDirentCacheLimiter is a Context.Value key for DirentCacheLimiter.
+	CtxDirentCacheLimiter
 )
 
 // ContextCanAccessFile determines whether `file` can be accessed in the requested way
@@ -100,3 +103,12 @@ func RootFromContext(ctx context.Context) *Dirent {
 	}
 	return nil
 }
+
+// DirentCacheLimiterFromContext returns the DirentCacheLimiter used by ctx, or
+// nil if ctx does not have a dirent cache limiter.
+func DirentCacheLimiterFromContext(ctx context.Context) *DirentCacheLimiter {
+	if v := ctx.Value(CtxDirentCacheLimiter); v != nil {
+		return v.(*DirentCacheLimiter)
+	}
+	return nil
+}
author	Fabricio Voznika <fvoznika@google.com>	2019-04-17 12:56:23 -0700
committer	Shentubot <shentubot@google.com>	2019-04-17 12:57:40 -0700
commit	c8cee7108f1a1b37e89961c6dd69ccab97952c86 (patch)
tree	57565d1df112795354487f636d42b9bca5a231e2 /pkg/sentry/fs/context.go
parent	08d99c5fbea76ecc92038280387d24ecdf7ed814 (diff)