cli: copy hard->soft resource limits by default

When no_copy_hard_limits is unset, just copy all hard limit values to
soft limits, except where a --limit-<limit> arugment has been provided
explicitly.

enter.c

@@ -48,6 +48,24 @@ static inline size_t append_argv(char **argv, size_t argc, char *arg)
 	return argc + 1;
 }
 
+/* Applies the limit specified by `resource'.  If value is NULL, then copy the
+   hard limit value to the soft limit and call `setrlimit'. */
+static void apply_limit(int resource, struct rlimit const *value) {
+	struct rlimit new_limit;
+	if (!value) {
+		if (getrlimit(resource, &new_limit)) {
+			err(1, "getrlimit(%d) failed", resource);
+			return;
+		}
+		new_limit.rlim_cur = new_limit.rlim_max;
+		value = &new_limit;
+	}
+
+	if (setrlimit(resource, value)) {
+		err(1, "setrlimit(%d) failed", resource);
+	}
+}
+
 int enter(struct entry_settings *opts)
 {
 	int timens_offsets = -1;
@@ -495,11 +513,11 @@ int enter(struct entry_settings *opts)
 
 	for (int resource = 0; resource < RLIM_NLIMITS; ++resource) {
 		struct rlimit const * value = opts->limits[resource];
-		if (!value) {
-			continue;
-		}
-		if (setrlimit(resource, value)) {
-			err(1, "setrlimit(%d) failed", resource);
+		/* When no_copy_hard_limits is not set, we always want to call apply_limit, either
+		   with the explicitly configured value (value != NULL), or by copying hard->soft
+		   (value == NULL). */
+		if (value || !opts->no_copy_hard_limits) {
+			apply_limit(resource, value);
 		}
 	}
 

enter.h

@@ -69,6 +69,7 @@ struct entry_settings {
 	const char *setup_program;
 	char *const *setup_argv;
 
+	int no_copy_hard_limits;
 	int no_fake_devtmpfs;
 	int no_derandomize;
 	int no_proc_remount;

main.c

@@ -53,6 +53,7 @@ enum {
 	OPTION_LIMIT_SIGPENDING,
 	OPTION_LIMIT_STACK,
 	_OPTION_LIMIT_END = OPTION_LIMIT_STACK,
+	OPTION_LIMIT_NO_COPY,
 	OPTION_SHARE_CGROUP,
 	OPTION_SHARE_IPC,
 	OPTION_SHARE_MNT,
@@ -225,15 +226,16 @@ int main(int argc, char *argv[], char *envp[])
 		{ "nic",                required_argument, NULL, OPTION_NIC             },
 
 		/* Opt-out feature flags */
-		{ "no-fake-devtmpfs",   no_argument, NULL, OPTION_NO_FAKE_DEVTMPFS      },
-		{ "no-derandomize",     no_argument, NULL, OPTION_NO_DERANDOMIZE        },
-		{ "no-proc-remount",    no_argument, NULL, OPTION_NO_PROC_REMOUNT       },
-		{ "no-loopback-setup",  no_argument, NULL, OPTION_NO_LOOPBACK_SETUP     },
-		{ "no-init",            no_argument, NULL, OPTION_NO_INIT               },
+		{ "no-copy-hard-limits", no_argument, NULL, OPTION_LIMIT_NO_COPY        },
+		{ "no-fake-devtmpfs",    no_argument, NULL, OPTION_NO_FAKE_DEVTMPFS     },
+		{ "no-derandomize",      no_argument, NULL, OPTION_NO_DERANDOMIZE       },
+		{ "no-proc-remount",     no_argument, NULL, OPTION_NO_PROC_REMOUNT      },
+		{ "no-loopback-setup",   no_argument, NULL, OPTION_NO_LOOPBACK_SETUP    },
+		{ "no-init",             no_argument, NULL, OPTION_NO_INIT              },
 
 		/* Deprecated flags */
 		{ "share",      required_argument, NULL, OPTION_SHARE_DEPRECATED        },
-		
+
 		{ 0, 0, 0, 0 }
 	};
 
@@ -341,6 +343,10 @@ int main(int argc, char *argv[], char *envp[])
 				handle_limit_arg(c, &opts, optarg);
 				break;
 
+			case OPTION_LIMIT_NO_COPY:
+				opts.no_copy_hard_limits = 1;
+				break;
+
 			case OPTION_SHARE_CGROUP:
 			case OPTION_SHARE_IPC:
 			case OPTION_SHARE_MNT:

man/bst.1.scd

@@ -231,8 +231,19 @@ Users of bst may choose to opt-out of some of the isolation.
 	\--limit-nproc 100:      hard=100, soft=(unchanged)++
 	\--limit-nproc :         hard=(unchanged), soft=(hard limit)
 
+	If a value is not provided using a --limit-<limit> option for a given resource,
+	the hard limit will be used as the soft limit, unless *--no-copy-hard-limits* has
+	been provided.
+
 	Full details for each limit value can be found in *getrlimit*(2).
 
+\--no-copy-hard-limits
+	Do not copy hard limit values to soft limits for all resources mentioned above.
+
+	By default, *bst* copies the hard limit to the soft limit for all of the resources mentioned
+	above.  To avoid setting any resource values, except as directed by --limit-<limit> options,
+	use this option.
+
 \--no-fake-devtmpfs
 	Do not replace devtmpfs mounts with a fake devtmpfs.
 

test/bst.t

@@ -138,6 +138,27 @@ Testing --limit-core / general tests
 	bst: error in --limit-core value: Numerical result out of range
 	[1]
 
+Testing limit-copying
+	$ bst --no-copy-hard-limits true  # smoke test
+
+	$ bst test/print_limits --soft-only
+	as: soft=hard
+	core: soft=hard
+	cpu: soft=hard
+	data: soft=hard
+	fsize: soft=hard
+	locks: soft=hard
+	memlock: soft=hard
+	msgqueue: soft=hard
+	nice: soft=hard
+	nofile: soft=hard
+	nproc: soft=hard
+	rss: soft=hard
+	rtprio: soft=hard
+	rttime: soft=hard
+	sigpending: soft=hard
+	stack: soft=hard
+
 Testing --limit-nofile
 	$ bst --limit-nofile=750 test/print_limits nofile
 	nofile: hard=750 soft=750

usage.c

@@ -335,30 +335,36 @@ unsigned char usage_txt[] = {
   0x54, 0x41, 0x43, 0x4b, 0x20, 0x74, 0x6f, 0x20, 0x74, 0x68, 0x65, 0x20,
   0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x64, 0x20, 0x76, 0x61, 0x6c,
   0x75, 0x65, 0x28, 0x73, 0x29, 0x2e, 0x0a, 0x0a, 0x09, 0x2d, 0x2d, 0x6e,
-  0x6f, 0x2d, 0x66, 0x61, 0x6b, 0x65, 0x2d, 0x64, 0x65, 0x76, 0x74, 0x6d,
-  0x70, 0x66, 0x73, 0x3a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x44, 0x6f, 0x6e,
-  0x27, 0x74, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x20, 0x64,
-  0x65, 0x76, 0x74, 0x6d, 0x70, 0x66, 0x73, 0x20, 0x6d, 0x6f, 0x75, 0x6e,
-  0x74, 0x73, 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x66, 0x61, 0x6b, 0x65,
-  0x20, 0x6f, 0x6e, 0x65, 0x73, 0x2e, 0x0a, 0x09, 0x2d, 0x2d, 0x6e, 0x6f,
-  0x2d, 0x64, 0x65, 0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x69, 0x7a, 0x65,
-  0x3a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x44, 0x6f, 0x6e, 0x27,
-  0x74, 0x20, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x20, 0x74, 0x6f,
-  0x20, 0x72, 0x65, 0x64, 0x75, 0x63, 0x65, 0x20, 0x72, 0x61, 0x6e, 0x64,
-  0x6f, 0x6d, 0x6e, 0x65, 0x73, 0x73, 0x20, 0x73, 0x6f, 0x75, 0x72, 0x63,
-  0x65, 0x73, 0x2e, 0x0a, 0x09, 0x2d, 0x2d, 0x6e, 0x6f, 0x2d, 0x70, 0x72,
-  0x6f, 0x63, 0x2d, 0x72, 0x65, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x3a, 0x20,
-  0x20, 0x20, 0x20, 0x20, 0x20, 0x44, 0x6f, 0x6e, 0x27, 0x74, 0x20, 0x72,
-  0x65, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x20, 0x74, 0x68, 0x65, 0x20, 0x65,
-  0x78, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x20, 0x2f, 0x70, 0x72, 0x6f,
-  0x63, 0x20, 0x69, 0x6e, 0x20, 0x70, 0x69, 0x64, 0x20, 0x6e, 0x61, 0x6d,
-  0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, 0x2e, 0x0a, 0x09, 0x2d, 0x2d,
-  0x6e, 0x6f, 0x2d, 0x6c, 0x6f, 0x6f, 0x70, 0x62, 0x61, 0x63, 0x6b, 0x2d,
-  0x73, 0x65, 0x74, 0x75, 0x70, 0x3a, 0x20, 0x20, 0x20, 0x20, 0x44, 0x6f,
-  0x6e, 0x27, 0x74, 0x20, 0x62, 0x72, 0x69, 0x6e, 0x67, 0x20, 0x74, 0x68,
-  0x65, 0x20, 0x6c, 0x6f, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61,
-  0x63, 0x65, 0x20, 0x75, 0x70, 0x20, 0x69, 0x6e, 0x20, 0x6e, 0x65, 0x74,
-  0x77, 0x6f, 0x72, 0x6b, 0x20, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61,
-  0x63, 0x65, 0x73, 0x2e, 0x0a
+  0x6f, 0x2d, 0x63, 0x6f, 0x70, 0x79, 0x2d, 0x68, 0x61, 0x72, 0x64, 0x2d,
+  0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x3a, 0x20, 0x20, 0x44, 0x6f, 0x6e,
+  0x27, 0x74, 0x20, 0x63, 0x6f, 0x70, 0x79, 0x20, 0x68, 0x61, 0x72, 0x64,
+  0x20, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x20, 0x76, 0x61, 0x6c, 0x75, 0x65,
+  0x73, 0x20, 0x74, 0x6f, 0x20, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x6c, 0x69,
+  0x6d, 0x69, 0x74, 0x73, 0x2e, 0x0a, 0x09, 0x2d, 0x2d, 0x6e, 0x6f, 0x2d,
+  0x66, 0x61, 0x6b, 0x65, 0x2d, 0x64, 0x65, 0x76, 0x74, 0x6d, 0x70, 0x66,
+  0x73, 0x3a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x44, 0x6f, 0x6e, 0x27, 0x74,
+  0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x20, 0x64, 0x65, 0x76,
+  0x74, 0x6d, 0x70, 0x66, 0x73, 0x20, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x73,
+  0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x66, 0x61, 0x6b, 0x65, 0x20, 0x6f,
+  0x6e, 0x65, 0x73, 0x2e, 0x0a, 0x09, 0x2d, 0x2d, 0x6e, 0x6f, 0x2d, 0x64,
+  0x65, 0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x69, 0x7a, 0x65, 0x3a, 0x20,
+  0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x44, 0x6f, 0x6e, 0x27, 0x74, 0x20,
+  0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x20, 0x74, 0x6f, 0x20, 0x72,
+  0x65, 0x64, 0x75, 0x63, 0x65, 0x20, 0x72, 0x61, 0x6e, 0x64, 0x6f, 0x6d,
+  0x6e, 0x65, 0x73, 0x73, 0x20, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73,
+  0x2e, 0x0a, 0x09, 0x2d, 0x2d, 0x6e, 0x6f, 0x2d, 0x70, 0x72, 0x6f, 0x63,
+  0x2d, 0x72, 0x65, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x3a, 0x20, 0x20, 0x20,
+  0x20, 0x20, 0x20, 0x44, 0x6f, 0x6e, 0x27, 0x74, 0x20, 0x72, 0x65, 0x6d,
+  0x6f, 0x75, 0x6e, 0x74, 0x20, 0x74, 0x68, 0x65, 0x20, 0x65, 0x78, 0x69,
+  0x73, 0x74, 0x69, 0x6e, 0x67, 0x20, 0x2f, 0x70, 0x72, 0x6f, 0x63, 0x20,
+  0x69, 0x6e, 0x20, 0x70, 0x69, 0x64, 0x20, 0x6e, 0x61, 0x6d, 0x65, 0x73,
+  0x70, 0x61, 0x63, 0x65, 0x73, 0x2e, 0x0a, 0x09, 0x2d, 0x2d, 0x6e, 0x6f,
+  0x2d, 0x6c, 0x6f, 0x6f, 0x70, 0x62, 0x61, 0x63, 0x6b, 0x2d, 0x73, 0x65,
+  0x74, 0x75, 0x70, 0x3a, 0x20, 0x20, 0x20, 0x20, 0x44, 0x6f, 0x6e, 0x27,
+  0x74, 0x20, 0x62, 0x72, 0x69, 0x6e, 0x67, 0x20, 0x74, 0x68, 0x65, 0x20,
+  0x6c, 0x6f, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65,
+  0x20, 0x75, 0x70, 0x20, 0x69, 0x6e, 0x20, 0x6e, 0x65, 0x74, 0x77, 0x6f,
+  0x72, 0x6b, 0x20, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65,
+  0x73, 0x2e, 0x0a
 };
-unsigned int usage_txt_len = 4241;
+unsigned int usage_txt_len = 4311;

usage.txt

@@ -71,6 +71,7 @@ Options:
 	--limit-stack (<value>)|(<hard>:<soft>)
 	                        Set RLIMIT_STACK to the provided value(s).
 
+	--no-copy-hard-limits:  Don't copy hard limit values to soft limits.
 	--no-fake-devtmpfs:     Don't replace devtmpfs mounts with fake ones.
 	--no-derandomize:       Don't attempt to reduce randomness sources.
 	--no-proc-remount:      Don't remount the existing /proc in pid namespaces.