• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5AUTHOR = "Chromium OS Team"
6NAME = "platform_OSLimits"
7PURPOSE = "Verify some kernel settings."
8CRITERIA = """
9Fail if we find unexpected values for resource limits:
10  - Max open files
11  - Max processes
12or unexpected values for sysctls:
13  - fs/file-max
14  - fs/leases-enable
15  - fs/nr_open
16  - kernel/kptr_restrict
17  - kernel/ngroups_max
18  - kernel/panic
19  - kernel/pid_max
20  - kernel/randomize_va_space
21  - kernel/suid_dumpable
22  - kernel/sysrq
23  - kernel/threads-max
24  - net/ipv4/tcp_syncookies
25  - vm/mmap_min_addr
26"""
27ATTRIBUTES = "suite:bvt-inline, suite:smoke"
28SUITE = "bvt-inline, smoke"
29TIME = "SHORT"
30TEST_CATEGORY = "Functional"
31TEST_CLASS = "platform"
32TEST_TYPE = "client"
33JOB_RETRIES = 2
34DOC = """
35Verifies various system level limits and settings.
36
37The resources being verified are:
38  - Max open files: the maximum number of file descriptors a process can open.
39  - Max processes: the maximum number of processes that can be created for
40    the real user id of the calling process.
41
42The sysctls being verified are:
43  - fs/file-max: maximum number of file handles that the kernel will allocate.
44    The default value is usually about 10% of RAM in kilobytes.
45  - fs/leases-enable:
46    - 0: no leases on files allowed.
47    - 1: leases are allowed to be established on a file.
48  - fs/nr_open: the maximum number of file handles a process can allocate.
49    file-max cannot exceed this value.
50  - kernel/kptr_restrict: do not expose kernel addresses to userspace.
51  - kernel/ngroups_max: the number a groups a user may belong to.
52  - kernel/panic: number of seconds the kernel postpones rebooting when the
53    system experiences a kernel panic. 0 disables automatic rebooting.
54  - kernel/pid_max: the maximum value of a pid before it wraps.
55  - kernel/randomize_va_space:
56    - 0: no ASLR for userspace processes.
57    - 1: ASLR for stack and mmap (and exec if built PIE).
58    - 2: same as above except also randomize brk location.
59  - kernel/suid_dumpable:
60    - 0: core dump not produced for a process with changed cred.
61    - 1: all processes core dump when possible.
62    - 2: binary which is not normally dumped is dumped ro by root.
63  - kernel/sysrq: Activates the System Request Key when anything other than 0.
64  - kernel/threads-max: Maximum threads on system.
65  - net/ipv4/tcp_syncookies: make sure weird inbound TCP flooding is safe.
66  - vm/mmap_min_addr: make sure low memory cannot be allocated.
67"""
68
69job.run_test('platform_OSLimits')
70