client/site_tests/platform_OSLimits/control - mirrors/cros/chromiumos/third_party/autotest - Git at Google

 # Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 AUTHOR = "Chromium OS Team"
 NAME = "platform_OSLimits"
 PURPOSE = "Verify some kernel settings."
 CRITERIA = """
 Fail if we find unexpected values for resource limits:
   - Max open files
   - Max processes
 or unexpected values for sysctls:
   - fs/file-max
   - fs/leases-enable
   - fs/nr_open
   - kernel/kptr_restrict
   - kernel/ngroups_max
   - kernel/panic
   - kernel/pid_max
   - kernel/randomize_va_space
   - kernel/suid_dumpable
   - kernel/sysrq
   - kernel/threads-max
   - net/ipv4/tcp_syncookies
   - vm/mmap_min_addr
 """
 ATTRIBUTES = "suite:bvt-inline, suite:smoke"
 TIME = "SHORT"
 TEST_CATEGORY = "Functional"
 TEST_CLASS = "platform"
 TEST_TYPE = "client"
 JOB_RETRIES = 2
 DOC = """
 Verifies various system level limits and settings.

 The resources being verified are:
   - Max open files: the maximum number of file descriptors a process can open.
   - Max processes: the maximum number of processes that can be created for
     the real user id of the calling process.

 The sysctls being verified are:
   - fs/file-max: maximum number of file handles that the kernel will allocate.
     The default value is usually about 10% of RAM in kilobytes.
   - fs/leases-enable:
     - 0: no leases on files allowed.
     - 1: leases are allowed to be established on a file.
   - fs/nr_open: the maximum number of file handles a process can allocate.
     file-max cannot exceed this value.
   - kernel/kptr_restrict: do not expose kernel addresses to userspace.
   - kernel/ngroups_max: the number a groups a user may belong to.
   - kernel/panic: number of seconds the kernel postpones rebooting when the
     system experiences a kernel panic. 0 disables automatic rebooting.
   - kernel/pid_max: the maximum value of a pid before it wraps.
   - kernel/randomize_va_space:
     - 0: no ASLR for userspace processes.
     - 1: ASLR for stack and mmap (and exec if built PIE).
     - 2: same as above except also randomize brk location.
   - kernel/suid_dumpable:
     - 0: core dump not produced for a process with changed cred.
     - 1: all processes core dump when possible.
     - 2: binary which is not normally dumped is dumped ro by root.
   - kernel/sysrq: Activates the System Request Key when anything other than 0.
   - kernel/threads-max: Maximum threads on system.
   - net/ipv4/tcp_syncookies: make sure weird inbound TCP flooding is safe.
   - vm/mmap_min_addr: make sure low memory cannot be allocated.
 """

 job.run_test('platform_OSLimits')
	# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	AUTHOR = "Chromium OS Team"
	NAME = "platform_OSLimits"
	PURPOSE = "Verify some kernel settings."
	CRITERIA = """
	Fail if we find unexpected values for resource limits:
	- Max open files
	- Max processes
	or unexpected values for sysctls:
	- fs/file-max
	- fs/leases-enable
	- fs/nr_open
	- kernel/kptr_restrict
	- kernel/ngroups_max
	- kernel/panic
	- kernel/pid_max
	- kernel/randomize_va_space
	- kernel/suid_dumpable
	- kernel/sysrq
	- kernel/threads-max
	- net/ipv4/tcp_syncookies
	- vm/mmap_min_addr
	"""
	ATTRIBUTES = "suite:bvt-inline, suite:smoke"
	TIME = "SHORT"
	TEST_CATEGORY = "Functional"
	TEST_CLASS = "platform"
	TEST_TYPE = "client"
	JOB_RETRIES = 2
	DOC = """
	Verifies various system level limits and settings.

	The resources being verified are:
	- Max open files: the maximum number of file descriptors a process can open.
	- Max processes: the maximum number of processes that can be created for
	the real user id of the calling process.

	The sysctls being verified are:
	- fs/file-max: maximum number of file handles that the kernel will allocate.
	The default value is usually about 10% of RAM in kilobytes.
	- fs/leases-enable:
	- 0: no leases on files allowed.
	- 1: leases are allowed to be established on a file.
	- fs/nr_open: the maximum number of file handles a process can allocate.
	file-max cannot exceed this value.
	- kernel/kptr_restrict: do not expose kernel addresses to userspace.
	- kernel/ngroups_max: the number a groups a user may belong to.
	- kernel/panic: number of seconds the kernel postpones rebooting when the
	system experiences a kernel panic. 0 disables automatic rebooting.
	- kernel/pid_max: the maximum value of a pid before it wraps.
	- kernel/randomize_va_space:
	- 0: no ASLR for userspace processes.
	- 1: ASLR for stack and mmap (and exec if built PIE).
	- 2: same as above except also randomize brk location.
	- kernel/suid_dumpable:
	- 0: core dump not produced for a process with changed cred.
	- 1: all processes core dump when possible.
	- 2: binary which is not normally dumped is dumped ro by root.
	- kernel/sysrq: Activates the System Request Key when anything other than 0.
	- kernel/threads-max: Maximum threads on system.
	- net/ipv4/tcp_syncookies: make sure weird inbound TCP flooding is safe.
	- vm/mmap_min_addr: make sure low memory cannot be allocated.
	"""

	job.run_test('platform_OSLimits')