/* Subject Modes */

2007-04-27 14:53:44 +00:00 · 2007-04-27 14:53:44 +00:00 · ec171a17fb
parent b86f6f12be
commit ec171a17fb
1 changed files with 30 additions and 0 deletions
--- a/RBAC.mw
+++ b/RBAC.mw
@ -34,6 +34,36 @@
 *connect [!] [(device|ip|ip/netmask|host):80] (stream|dgram) (tcp|udp|ip)
 *connect disabled

+===Resource limits===
+
+ RESOURCE (unlimited|(SOFT_LIMIT UNIT)) (unlimited|(HARD_LIMIT UNIT))
+
+====resources====
+*RES_AS - maximum size of the process's virtual memory (address space) (RLIMIT_AS)
+*RES_CORE - maximum size of the core file (RLIMIT_CORE)
+*RES_CPU - cpu time limit in seconds (RLIMIT_CPU)
+*RES_CRASH - maximum number of queued signals for this process RLIMIT_SIGPENDING
+*RES_DATA - maximum size of the process's data segment(initialized data, uninitialized data, heap) (RLIMIT_DATA)
+*RES_FSIZE - maximum size of files the process may create (RLIMIT_FSIZE)
+*RES_LOCKS - maximum combined number of flock and fcntl leases (RLIMIT_LOCKS)
+*RES_MEMLOCK - maximum number of bytes of memory that may be locked into RAM(affects mlock,mlockall,mmap and shmctl) (RLIMIT_MEMLOCK)
+*RES_NOFILE - maximum - 1 number of files that may be opened by this process (RLIMIT_NOFILE)
+*RES_NPROC - maximum number of processes that can be created for the real user id of the calling process (RLIMIT_NPROC)
+*RES_RSS - number of virtual pages resident in RAM (RLIMIT_RSS)
+*RES_STACK - maximum size of the process stack in bytes (RLIMIT_STACK)
+
+====units====
+*m - * 60
+*h - * 60 * 60
+*d - * 60 * 60 * 24
+*s - * 1
+*K - * 2^10
+*M - * 2^20
+*G - * 2^30
+
+====example====
+* RES_AS 100M 100M - set RLIMIT_AS to 100M soft and 100M hard
+
 ==Object Modes==

 ===Object permission modes===