static void solarisImpl() { // first be defensive: we can give nice errors this way, at the very least. boolean supported = Constants.SUN_OS; if (supported == false) { throw new IllegalStateException("bug: should not be trying to initialize priv_set for an unsupported OS"); } // we couldn't link methods, could be some really ancient Solaris or some bug if (libc_solaris == null) { throw new UnsupportedOperationException("priv_set unavailable: could not link methods. requires Solaris 10+"); } // drop a null-terminated list of privileges if (libc_solaris.priv_set(PRIV_OFF, PRIV_ALLSETS, PRIV_PROC_FORK, PRIV_PROC_EXEC, null) != 0) { throw new UnsupportedOperationException("priv_set unavailable: priv_set(): " + JNACLibrary.strerror(Native.getLastError())); } logger.debug("Solaris priv_set initialization successful"); }
static void bsdImpl() { boolean supported = Constants.FREE_BSD || OPENBSD || Constants.MAC_OS_X; if (supported == false) { throw new IllegalStateException("bug: should not be trying to initialize RLIMIT_NPROC for an unsupported OS"); } JNACLibrary.Rlimit limit = new JNACLibrary.Rlimit(); limit.rlim_cur.setValue(0); limit.rlim_max.setValue(0); if (JNACLibrary.setrlimit(RLIMIT_NPROC, limit) != 0) { throw new UnsupportedOperationException("RLIMIT_NPROC unavailable: " + JNACLibrary.strerror(Native.getLastError())); } logger.debug("BSD RLIMIT_NPROC initialization successful"); }
static void trySetMaxSizeVirtualMemory() { if (Constants.LINUX || Constants.MAC_OS_X) { final JNACLibrary.Rlimit rlimit = new JNACLibrary.Rlimit(); if (JNACLibrary.getrlimit(JNACLibrary.RLIMIT_AS, rlimit) == 0) { MAX_SIZE_VIRTUAL_MEMORY = rlimit.rlim_cur.longValue(); } else { logger.warn("unable to retrieve max size virtual memory [" + JNACLibrary.strerror(Native.getLastError()) + "]"); } } }
static void trySetMaxNumberOfThreads() { if (Constants.LINUX) { // this is only valid on Linux and the value *is* different on OS X // see /usr/include/sys/resource.h on OS X // on Linux the resource RLIMIT_NPROC means *the number of threads* // this is in opposition to BSD-derived OSes final int rlimit_nproc = 6; final JNACLibrary.Rlimit rlimit = new JNACLibrary.Rlimit(); if (JNACLibrary.getrlimit(rlimit_nproc, rlimit) == 0) { MAX_NUMBER_OF_THREADS = rlimit.rlim_cur.longValue(); } else { logger.warn("unable to retrieve max number of threads [" + JNACLibrary.strerror(Native.getLastError()) + "]"); } } }
static void trySetMaxFileSize() { if (Constants.LINUX || Constants.MAC_OS_X) { final JNACLibrary.Rlimit rlimit = new JNACLibrary.Rlimit(); if (JNACLibrary.getrlimit(JNACLibrary.RLIMIT_FSIZE, rlimit) == 0) { MAX_FILE_SIZE = rlimit.rlim_cur.longValue(); } else { logger.warn("unable to retrieve max file size [" + JNACLibrary.strerror(Native.getLastError()) + "]"); } } }
case ENOSYS: break; // ok case EINVAL: break; // ok default: throw new UnsupportedOperationException("seccomp(BOGUS_OPERATION): " + JNACLibrary.strerror(errno)); case EINVAL: break; // ok default: throw new UnsupportedOperationException("seccomp(SECCOMP_SET_MODE_FILTER, BOGUS_FLAG): " + JNACLibrary.strerror(errno)); case ENOSYS: break; // ok case EINVAL: break; // ok default: throw new UnsupportedOperationException("prctl(BOGUS_OPTION): " + JNACLibrary.strerror(errno)); " CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER compiled in"); } else { throw new UnsupportedOperationException("prctl(PR_GET_NO_NEW_PRIVS): " + JNACLibrary.strerror(errno)); " CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed"); } else { throw new UnsupportedOperationException("prctl(PR_GET_SECCOMP): " + JNACLibrary.strerror(errno)); case EINVAL: throw new UnsupportedOperationException("seccomp unavailable: CONFIG_SECCOMP_FILTER not" + " compiled into kernel, CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed"); default: throw new UnsupportedOperationException("prctl(PR_SET_SECCOMP): " + JNACLibrary.strerror(errno)); throw new UnsupportedOperationException("prctl(PR_SET_NO_NEW_PRIVS): " + JNACLibrary.strerror(Native.getLastError())); JNACLibrary.strerror(Native.getLastError())); if (logger.isDebugEnabled()) {
static void solarisImpl() { // first be defensive: we can give nice errors this way, at the very least. boolean supported = Constants.SUN_OS; if (supported == false) { throw new IllegalStateException("bug: should not be trying to initialize priv_set for an unsupported OS"); } // we couldn't link methods, could be some really ancient Solaris or some bug if (libc_solaris == null) { throw new UnsupportedOperationException("priv_set unavailable: could not link methods. requires Solaris 10+"); } // drop a null-terminated list of privileges if (libc_solaris.priv_set(PRIV_OFF, PRIV_ALLSETS, PRIV_PROC_FORK, PRIV_PROC_EXEC, null) != 0) { throw new UnsupportedOperationException("priv_set unavailable: priv_set(): " + JNACLibrary.strerror(Native.getLastError())); } logger.debug("Solaris priv_set initialization successful"); }
static void bsdImpl() { boolean supported = Constants.FREE_BSD || OPENBSD || Constants.MAC_OS_X; if (supported == false) { throw new IllegalStateException("bug: should not be trying to initialize RLIMIT_NPROC for an unsupported OS"); } JNACLibrary.Rlimit limit = new JNACLibrary.Rlimit(); limit.rlim_cur.setValue(0); limit.rlim_max.setValue(0); if (JNACLibrary.setrlimit(RLIMIT_NPROC, limit) != 0) { throw new UnsupportedOperationException("RLIMIT_NPROC unavailable: " + JNACLibrary.strerror(Native.getLastError())); } logger.debug("BSD RLIMIT_NPROC initialization successful"); }
static void bsdImpl() { boolean supported = Constants.FREE_BSD || OPENBSD || Constants.MAC_OS_X; if (supported == false) { throw new IllegalStateException("bug: should not be trying to initialize RLIMIT_NPROC for an unsupported OS"); } JNACLibrary.Rlimit limit = new JNACLibrary.Rlimit(); limit.rlim_cur.setValue(0); limit.rlim_max.setValue(0); if (JNACLibrary.setrlimit(RLIMIT_NPROC, limit) != 0) { throw new UnsupportedOperationException("RLIMIT_NPROC unavailable: " + JNACLibrary.strerror(Native.getLastError())); } logger.debug("BSD RLIMIT_NPROC initialization successful"); }
static void bsdImpl() { boolean supported = Constants.FREE_BSD || OPENBSD || Constants.MAC_OS_X; if (supported == false) { throw new IllegalStateException("bug: should not be trying to initialize RLIMIT_NPROC for an unsupported OS"); } JNACLibrary.Rlimit limit = new JNACLibrary.Rlimit(); limit.rlim_cur.setValue(0); limit.rlim_max.setValue(0); if (JNACLibrary.setrlimit(RLIMIT_NPROC, limit) != 0) { throw new UnsupportedOperationException("RLIMIT_NPROC unavailable: " + JNACLibrary.strerror(Native.getLastError())); } logger.debug("BSD RLIMIT_NPROC initialization successful"); }
static void trySetMaxSizeVirtualMemory() { if (Constants.LINUX || Constants.MAC_OS_X) { final JNACLibrary.Rlimit rlimit = new JNACLibrary.Rlimit(); if (JNACLibrary.getrlimit(JNACLibrary.RLIMIT_AS, rlimit) == 0) { MAX_SIZE_VIRTUAL_MEMORY = rlimit.rlim_cur.longValue(); } else { logger.warn("unable to retrieve max size virtual memory [" + JNACLibrary.strerror(Native.getLastError()) + "]"); } } }
static void trySetMaxSizeVirtualMemory() { if (Constants.LINUX || Constants.MAC_OS_X) { final JNACLibrary.Rlimit rlimit = new JNACLibrary.Rlimit(); if (JNACLibrary.getrlimit(JNACLibrary.RLIMIT_AS, rlimit) == 0) { MAX_SIZE_VIRTUAL_MEMORY = rlimit.rlim_cur.longValue(); } else { logger.warn("unable to retrieve max size virtual memory [" + JNACLibrary.strerror(Native.getLastError()) + "]"); } } }
static void trySetMaxSizeVirtualMemory() { if (Constants.LINUX || Constants.MAC_OS_X) { final JNACLibrary.Rlimit rlimit = new JNACLibrary.Rlimit(); if (JNACLibrary.getrlimit(JNACLibrary.RLIMIT_AS, rlimit) == 0) { MAX_SIZE_VIRTUAL_MEMORY = rlimit.rlim_cur.longValue(); } else { logger.warn("unable to retrieve max size virtual memory [" + JNACLibrary.strerror(Native.getLastError()) + "]"); } } }
static void trySetMaxFileSize() { if (Constants.LINUX || Constants.MAC_OS_X) { final JNACLibrary.Rlimit rlimit = new JNACLibrary.Rlimit(); if (JNACLibrary.getrlimit(JNACLibrary.RLIMIT_FSIZE, rlimit) == 0) { MAX_FILE_SIZE = rlimit.rlim_cur.longValue(); } else { logger.warn("unable to retrieve max file size [" + JNACLibrary.strerror(Native.getLastError()) + "]"); } } }
static void trySetMaxFileSize() { if (Constants.LINUX || Constants.MAC_OS_X) { final JNACLibrary.Rlimit rlimit = new JNACLibrary.Rlimit(); if (JNACLibrary.getrlimit(JNACLibrary.RLIMIT_FSIZE, rlimit) == 0) { MAX_FILE_SIZE = rlimit.rlim_cur.longValue(); } else { logger.warn("unable to retrieve max file size [" + JNACLibrary.strerror(Native.getLastError()) + "]"); } } }
static void trySetMaxNumberOfThreads() { if (Constants.LINUX) { // this is only valid on Linux and the value *is* different on OS X // see /usr/include/sys/resource.h on OS X // on Linux the resource RLIMIT_NPROC means *the number of threads* // this is in opposition to BSD-derived OSes final int rlimit_nproc = 6; final JNACLibrary.Rlimit rlimit = new JNACLibrary.Rlimit(); if (JNACLibrary.getrlimit(rlimit_nproc, rlimit) == 0) { MAX_NUMBER_OF_THREADS = rlimit.rlim_cur.longValue(); } else { logger.warn("unable to retrieve max number of threads [" + JNACLibrary.strerror(Native.getLastError()) + "]"); } } }
static void trySetMaxNumberOfThreads() { if (Constants.LINUX) { // this is only valid on Linux and the value *is* different on OS X // see /usr/include/sys/resource.h on OS X // on Linux the resource RLIMIT_NPROC means *the number of threads* // this is in opposition to BSD-derived OSes final int rlimit_nproc = 6; final JNACLibrary.Rlimit rlimit = new JNACLibrary.Rlimit(); if (JNACLibrary.getrlimit(rlimit_nproc, rlimit) == 0) { MAX_NUMBER_OF_THREADS = rlimit.rlim_cur.longValue(); } else { logger.warn("unable to retrieve max number of threads [" + JNACLibrary.strerror(Native.getLastError()) + "]"); } } }
static void trySetMaxNumberOfThreads() { if (Constants.LINUX) { // this is only valid on Linux and the value *is* different on OS X // see /usr/include/sys/resource.h on OS X // on Linux the resource RLIMIT_NPROC means *the number of threads* // this is in opposition to BSD-derived OSes final int rlimit_nproc = 6; final JNACLibrary.Rlimit rlimit = new JNACLibrary.Rlimit(); if (JNACLibrary.getrlimit(rlimit_nproc, rlimit) == 0) { MAX_NUMBER_OF_THREADS = rlimit.rlim_cur.longValue(); } else { logger.warn("unable to retrieve max number of threads [" + JNACLibrary.strerror(Native.getLastError()) + "]"); } } }
static void bsdImpl() { boolean supported = Constants.FREE_BSD || OPENBSD || Constants.MAC_OS_X; if (supported == false) { throw new IllegalStateException("bug: should not be trying to initialize RLIMIT_NPROC for an unsupported OS"); } JNACLibrary.Rlimit limit = new JNACLibrary.Rlimit(); limit.rlim_cur.setValue(0); limit.rlim_max.setValue(0); if (JNACLibrary.setrlimit(RLIMIT_NPROC, limit) != 0) { throw new UnsupportedOperationException("RLIMIT_NPROC unavailable: " + JNACLibrary.strerror(Native.getLastError())); } logger.debug("BSD RLIMIT_NPROC initialization successful"); }