.\" Robert Bihlmeyer <robbe@orcus.ping.at>
.\" Modified 1996-10-22 by Eric S. Raymond <esr@thyrsus.com>
.\" Modified 2001-05-04 by aeb, following a remark by
-.\" Håvard Lygre <hklygre@online.no>
+.\" Håvard Lygre <hklygre@online.no>
.\" Modified 2001-04-17 by Michael Kerrisk <mtk.manpages@gmail.com>
.\" Modified 2002-06-13 by Michael Kerrisk <mtk.manpages@gmail.com>
.\" Added note on nonstandard behavior when SIGCHLD is ignored.
.\" 2008-05-07, mtk / Peter Zijlstra, Added description of RLIMIT_RTTIME
.\" 2010-11-06, mtk: Added documentation of prlimit()
.\"
-.TH GETRLIMIT 2 2013-02-11 "Linux" "Linux Programmer's Manual"
+.TH GETRLIMIT 2 2015-01-22 "Linux" "Linux Programmer's Manual"
.SH NAME
getrlimit, setrlimit, prlimit \- get/set resource limits
.SH SYNOPSIS
The soft limit is the value that the kernel enforces for the
corresponding resource.
The hard limit acts as a ceiling for the soft limit:
-an unprivileged process may only set its soft limit to a value in the
+an unprivileged process may set only its soft limit to a value in the
range from 0 up to the hard limit, and (irreversibly) lower its hard limit.
A privileged process (under Linux: one with the
.B CAP_SYS_RESOURCE
.\" since 2.0.27 / 2.1.12
This limit affects calls to
.BR brk (2),
-.BR mmap (2)
+.BR mmap (2),
and
.BR mremap (2),
which fail with the error
either this limit is at most 2 GiB, or this resource is unlimited.
.TP
.B RLIMIT_CORE
-Maximum size of
+Maximum size of a
.I core
-file.
+file (see
+.BR core (5)).
When 0 no core dump files are created.
When nonzero, larger dumps are truncated to this size.
.TP
that a privileged process may lock, and this limit instead governs
the amount of memory that an unprivileged process may lock.
.TP
-.BR RLIMIT_MSGQUEUE " (Since Linux 2.6.8)"
+.BR RLIMIT_MSGQUEUE " (since Linux 2.6.8)"
Specifies the limit on the number of bytes that can be allocated
for POSIX message queues for the real user ID of the calling process.
This limit is enforced for
against this limit according to the formula:
.nf
- bytes = attr.mq_maxmsg * sizeof(struct msg_msg *) +
- attr.mq_maxmsg * attr.mq_msgsize
+ Since Linux 3.5:
+ bytes = attr.mq_maxmsg * sizeof(struct msg_msg) +
+ min(attr.mq_maxmsg, MQ_PRIO_MAX) *
+ sizeof(struct posix_msg_tree_node)+
+ /* For overhead */
+ attr.mq_maxmsg * attr.mq_msgsize;
+ /* For message data */
+
+ Linux 3.4 and earlier:
+ bytes = attr.mq_maxmsg * sizeof(struct msg_msg *) +
+ /* For overhead */
+ attr.mq_maxmsg * attr.mq_msgsize;
+ /* For message data */
.fi
where
is the
.I mq_attr
structure specified as the fourth argument to
-.BR mq_open (3).
+.BR mq_open (3),
+and the
+.I msg_msg
+and
+.I posix_msg_tree_node
+structures are kernel-internal structures.
-The first addend in the formula, which includes
-.I "sizeof(struct msg_msg *)"
-(4 bytes on Linux/i386), ensures that the user cannot
+The "overhead" addend in the formula accounts for overhead
+bytes required by the implementation
+and ensures that the user cannot
create an unlimited number of zero-length messages (such messages
nevertheless each consume some system memory for bookkeeping overhead).
.TP
.BR fork (2)
fails with the error
.BR EAGAIN .
+This limit is not enforced for processes that have either the
+.B CAP_SYS_ADMIN
+or the
+.B CAP_SYS_RESOURCE
+capability.
.TP
.B RLIMIT_RSS
Specifies the limit (in pages) of the process's resident set
(the number of virtual pages resident in RAM).
-This limit only has effect in Linux 2.4.x, x < 30, and there only
-affects calls to
+This limit has effect only in Linux 2.4.x, x < 30, and there
+affects only calls to
.BR madvise (2)
specifying
.BR MADV_WILLNEED .
.\" talk of making it do something has surfaced from time to time in LKML
.\" -- MTK, Jul 05
.TP
-.BR RLIMIT_RTPRIO " (Since Linux 2.6.12, but see BUGS)"
+.BR RLIMIT_RTPRIO " (since Linux 2.6.12, but see BUGS)"
Specifies a ceiling on the real-time priority that may be set for
this process using
.BR sched_setscheduler (2)
and
.BR sched_setparam (2).
.TP
-.BR RLIMIT_RTTIME " (Since Linux 2.6.25)"
+.BR RLIMIT_RTTIME " (since Linux 2.6.25)"
Specifies a limit (in microseconds)
on the amount of CPU time that a process scheduled
under a real-time scheduling policy may consume without making a blocking
The intended use of this limit is to stop a runaway
real-time process from locking up the system.
.TP
-.BR RLIMIT_SIGPENDING " (Since Linux 2.6.8)"
+.BR RLIMIT_SIGPENDING " (since Linux 2.6.8)"
Specifies the limit on the number of signals
that may be queued for the real user ID of the calling process.
Both standard and real-time signals are counted for the purpose of
checking this limit.
-However, the limit is only enforced for
+However, the limit is enforced only for
.BR sigqueue (3);
it is always possible to use
.BR kill (2)
.\" commit c022a0acad534fd5f5d5f17280f6d4d135e74e81
.\" Author: Jiri Slaby <jslaby@suse.cz>
.\" Date: Tue May 4 18:03:50 2010 +0200
+.\"
+.\" rlimits: implement prlimit64 syscall
+.\"
+.\" commit 6a1d5e2c85d06da35cdfd93f1a27675bfdc3ad8c
+.\" Author: Jiri Slaby <jslaby@suse.cz>
+.\" Date: Wed Mar 24 17:06:58 2010 +0100
+.\"
+.\" rlimits: add rlimit64 structure
+.\"
The Linux-specific
.BR prlimit ()
system call combines and extends the functionality of
.I and
the real, effective, and saved set group IDs of the target process
must match the real group ID of the caller.
-.\" FIXME this permission check is strange
+.\" FIXME . this permission check is strange
.\" Asked about this on LKML, 7 Nov 2010
.\" "Inconsistent credential checking in prlimit() syscall"
.SH RETURN VALUE
An unprivileged process tried to raise the hard limit; the
.B CAP_SYS_RESOURCE
capability is required to do this.
-Or, the caller tried to increase the hard
+.TP
+.B EPERM
+The caller tried to increase the hard
.B RLIMIT_NOFILE
-limit above the current kernel maximum
-.RB ( NR_OPEN ).
-Or, the calling process did not have permission to set limits
+limit above the maximum defined by
+.IR /proc/sys/fs/nr_open
+(see
+.BR proc (5))
+.TP
+.B EPERM
+.RB ( prlimit ())
+The calling process did not have permission to set limits
for the process specified by
.IR pid .
.TP
Resource limits are preserved across
.BR execve (2).
+Lowering the soft limit for a resource below the process's
+current consumption of that resource will succeed
+(but will prevent the process from further increasing
+its consumption of the resource).
+
One can set the resource limits of the shell using the built-in
.IR ulimit
command
.BR vlimit ().
All new applications should be written using
.BR setrlimit ().
+.SS C library/ kernel ABI differences
+Since version 2.13, the glibc
+.BR getrlimit ()
+and
+.BR setrlimit ()
+wrapper functions no longer invoke the corresponding system calls,
+but instead employ
+.BR prlimit (),
+for the reasons described in BUGS.
.SH BUGS
-.\" FIXME prlimit() does not suffer
-.\" https://bugzilla.kernel.org/show_bug.cgi?id=5042
-.\" http://sources.redhat.com/bugzilla/show_bug.cgi?id=12201
-.\" Since versions 2.13, glibc has library implementations of
-.\" getrlimit() and setrlimit() that use prlimit() to work around
-.\" this bug.
In older Linux kernels, the
.B SIGXCPU
and
soft limit in this manner,
and the Linux behavior is probably not standards conformant;
portable applications should avoid relying on this Linux-specific behavior.
-.\" FIXME https://bugzilla.kernel.org/show_bug.cgi?id=50951
+.\" FIXME . https://bugzilla.kernel.org/show_bug.cgi?id=50951
The Linux-specific
.BR RLIMIT_RTTIME
limit exhibits the same behavior when the soft limit is encountered.
.I rlim\->rlim_cur
was greater than
.IR rlim\->rlim_max .
+.\"
+.SS Representation of """large""" resource limit values on 32-bit platforms
+The glibc
+.BR getrlimit ()
+and
+.BR setrlimit ()
+wrapper functions use a 64-bit
+.IR rlim_t
+data type, even on 32-bit platforms.
+However, the
+.I rlim_t
+data type used in the
+.BR getrlimit ()
+and
+.BR setrlimit ()
+system calls is a (32-bit)
+.IR "unsigned long" .
+Furthermore, in Linux versions before 2.6.36,
+the kernel represents resource limits on 32-bit platforms as
+.IR "unsigned long" .
+However, a 32-bit data type is not wide enough.
+.\" https://bugzilla.kernel.org/show_bug.cgi?id=5042
+.\" http://sources.redhat.com/bugzilla/show_bug.cgi?id=12201
+The most pertinent limit here is
+.BR RLIMIT_FSIZE ,
+which specifies the maximum size to which a file can grow:
+to be useful, this limit must be represented using a type
+that is as wide as the type used to
+represent file offsets\(emthat is, as wide as a 64-bit
+.BR off_t
+(assuming a program compiled with
+.IR _FILE_OFFSET_BITS=64 ).
+
+To work around this kernel limitation,
+if a program tried to set a resource limit to a value larger than
+can be represented in a 32-bit
+.IR "unsigned long" ,
+then the glibc
+.BR setrlimit ()
+wrapper function silently converted the limit value to
+.BR RLIM_INFINITY .
+In other words, the requested resource limit setting was silently ignored.
+
+This problem was addressed in Linux 2.6.36 with two principal changes:
+.IP * 3
+the addition of a new kernel representation of resource limits that
+uses 64 bits, even on 32-bit platforms;
+.IP *
+the addition of the
+.BR prlimit ()
+system call, which employs 64-bit values for its resource limit arguments.
+.PP
+Since version 2.13,
+.\" https://www.sourceware.org/bugzilla/show_bug.cgi?id=12201
+glibc works around the limitations of the
+.BR getrlimit ()
+and
+.BR setrlimit ()
+system calls by implementing
+.BR setrlimit ()
+and
+.BR getrlimit ()
+as wrapper functions that call
+.BR prlimit ().
.SH EXAMPLE
The program below demonstrates the use of
.BR prlimit ().
.BR core (5),
.BR capabilities (7),
.BR signal (7)
+.SH COLOPHON
+This page is part of release 3.79 of the Linux
+.I man-pages
+project.
+A description of the project,
+information about reporting bugs,
+and the latest version of this page,
+can be found at
+\%http://www.kernel.org/doc/man\-pages/.