[apparmor] [Branch ~apparmor-dev/apparmor/master] Rev 1770: Update apparmor's handling of rlimits for cpu limit and more natural units

Sat Aug 13 18:56:38 UTC 2011

On 08/12/2011 02:40 PM, Christian Boltz wrote:
> Hello,
>
> Am Donnerstag, 11. August 2011 schrieb noreply at launchpad.net:
>> revno: 1770
>> committer: John Johansen<john.johansen at canonical.com>
>
>>    Update apparmor's handling of rlimits for cpu limit and more
>> natural units
>
> That looks like I'll have to update apparmor.vim ;-)
>
oops, I didn't mean for that one to go in yet, thats what I get for
being in a rush and not thinking.  Its not a big deal I just meant
to do a little more work on it and send it out for review first.

>>    Allow for rlimit cpu to specified which is now supported by the
>> kernel.
>>
>>    Previously the rlimit units where limited to K, M, G and would fail
>> when KB, MB, GB where used.  Allow for both,
>
> The change for K, M, G is quite obvious - now KB, MB and GB are allowed
> too in profiles.
>
> Are lowercase k, m, g, kb, mb, gb and mixed case (kB, Mb) also allowed?
>
not currently, that is one of the things I meant to ask about in review

>> also allow for units on
>> lengths of time, by specifying "seconds", "minutes", "hours".. or
>
> If I get it right, this only affects the (newly added) "rlimit cpu", right?
> Can you give me some sample profile lines for "rlimit cpu"?
>
set rlimit cpu <= 10,
set rlimit cpu <= 10s,

>> any unique subset eg. "s", "sec", "m", "min", "h", "hour" ..
>
currently no, that is one of the things that actually should be fixed, right
now you can do

   secon, minu, hou

which are all unnatural

> Does that mean all of the following are valid in a profile?
> s
> se
> sec
> seco
> secon
> second
> seconds
>
currently yes, the plan is no, just the common ones should be supported

s, sec, second, seconds

> Again, are uppercase or mixed-case words allowed? For example
> Sec
> secoND
>
currently no, the question is do we want to

> I'm not yet sure how I can make a regex of this without breaking vim's
> limit on parenthesis - well, s|se|sec|seco would be an option, but if
> combined with upper- and lowercase, it would become
>      [sS]|[sS][eE]|[sS][eE][cC]|[sS][eE][cC][oO]
> which will become unreadable ;-)
>
that it is

>> === modified file 'parser/parser_yacc.y'
>> +                       const char *seconds = "seconds";
>> +                       const char *minutes = "minutes";
>> +                       const char *hours = "hours";
>> +                       const char *days = "days";
>
>> +                       const char *kb = "KB";
>> +                       const char *mb = "MB";
>> +                       const char *gb = "GB";
>> +
>
> Are these all texts that are allowed for rlimit? Or did I miss something?
>
its that or a subset currently so
K, KB, s, se, sec, secon, second, seconds, ...

the K, KB is fine because K is what we used in the past so we should continue to support it.
I don't think we want to support all the variations of seconds.

john