| # Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| AUTHOR = "Chromium OS Team" |
| NAME = "platform_OSLimits" |
| PURPOSE = "Verify some kernel settings." |
| CRITERIA = """ |
| Fail if we find unexpected values for resource limits: |
| - Max open files |
| - Max processes |
| or unexpected values for sysctls: |
| - fs/file-max |
| - fs/leases-enable |
| - fs/nr_open |
| - kernel/kptr_restrict |
| - kernel/ngroups_max |
| - kernel/panic |
| - kernel/pid_max |
| - kernel/randomize_va_space |
| - kernel/suid_dumpable |
| - kernel/sysrq |
| - kernel/threads-max |
| - net/ipv4/tcp_syncookies |
| - vm/mmap_min_addr |
| """ |
| ATTRIBUTES = "suite:bvt-inline, suite:smoke" |
| TIME = "SHORT" |
| TEST_CATEGORY = "Functional" |
| TEST_CLASS = "platform" |
| TEST_TYPE = "client" |
| JOB_RETRIES = 2 |
| DOC = """ |
| Verifies various system level limits and settings. |
| |
| The resources being verified are: |
| - Max open files: the maximum number of file descriptors a process can open. |
| - Max processes: the maximum number of processes that can be created for |
| the real user id of the calling process. |
| |
| The sysctls being verified are: |
| - fs/file-max: maximum number of file handles that the kernel will allocate. |
| The default value is usually about 10% of RAM in kilobytes. |
| - fs/leases-enable: |
| - 0: no leases on files allowed. |
| - 1: leases are allowed to be established on a file. |
| - fs/nr_open: the maximum number of file handles a process can allocate. |
| file-max cannot exceed this value. |
| - kernel/kptr_restrict: do not expose kernel addresses to userspace. |
| - kernel/ngroups_max: the number a groups a user may belong to. |
| - kernel/panic: number of seconds the kernel postpones rebooting when the |
| system experiences a kernel panic. 0 disables automatic rebooting. |
| - kernel/pid_max: the maximum value of a pid before it wraps. |
| - kernel/randomize_va_space: |
| - 0: no ASLR for userspace processes. |
| - 1: ASLR for stack and mmap (and exec if built PIE). |
| - 2: same as above except also randomize brk location. |
| - kernel/suid_dumpable: |
| - 0: core dump not produced for a process with changed cred. |
| - 1: all processes core dump when possible. |
| - 2: binary which is not normally dumped is dumped ro by root. |
| - kernel/sysrq: Activates the System Request Key when anything other than 0. |
| - kernel/threads-max: Maximum threads on system. |
| - net/ipv4/tcp_syncookies: make sure weird inbound TCP flooding is safe. |
| - vm/mmap_min_addr: make sure low memory cannot be allocated. |
| """ |
| |
| job.run_test('platform_OSLimits') |