From e6373c9ec0ba8534611414cbad4a3434c7772f4a Mon Sep 17 00:00:00 2001
From: Guido van Rooij <guido@FreeBSD.org>
Date: Mon, 20 Feb 1995 19:42:42 +0000
Subject: [PATCH] Implement maxprocperuid and maxfilesperproc. They are tunable
 via sysctl(8). The initial value of maxprocperuid is maxproc-1, that of
 maxfilesperproc is maxfiles (untill maxfile will disappear)

Now it is at least possible to prohibit one user opening maxfiles

-Guido

Submitted by:
Obtained from:
---
 sbin/sysctl/sysctl.8     |  4 +++-
 sys/conf/param.c         |  4 +++-
 sys/kern/kern_descrip.c  | 12 ++++++------
 sys/kern/kern_resource.c | 18 +++++++++---------
 sys/kern/kern_sysctl.c   |  6 +++++-
 sys/kern/subr_param.c    |  4 +++-
 sys/sys/file.h           |  3 ++-
 sys/sys/sysctl.h         |  8 ++++++--
 usr.sbin/sysctl/sysctl.8 |  4 +++-
 9 files changed, 40 insertions(+), 23 deletions(-)

diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8
index 3d91986d8a03..931ac35fd614 100644
--- a/sbin/sysctl/sysctl.8
+++ b/sbin/sysctl/sysctl.8
@@ -30,7 +30,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"	From: @(#)sysctl.8	8.1 (Berkeley) 6/6/93
-.\"	$Id: sysctl.8,v 1.4 1994/10/18 03:41:16 ache Exp $
+.\"	$Id: sysctl.8,v 1.5 1995/02/16 00:28:40 wollman Exp $
 .\"
 .Dd September 23, 1994
 .Dt SYSCTL 8
@@ -107,7 +107,9 @@ privilege can change the value.
 .It kern.version	string	no
 .It kern.maxvnodes	integer	yes
 .It kern.maxproc	integer	yes
+.It kern.maxprocperuid	integer	yes
 .It kern.maxfiles	integer	yes
+.It kern.maxfilesperproc	integer	yes
 .It kern.argmax	integer	no
 .It kern.securelevel	integer	raise only
 .It kern.hostname	string	yes
diff --git a/sys/conf/param.c b/sys/conf/param.c
index 0171c912c446..aa2a18f2203a 100644
--- a/sys/conf/param.c
+++ b/sys/conf/param.c
@@ -36,7 +36,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)param.c	8.2 (Berkeley) 1/21/94
- * $Id: param.c,v 1.6 1995/01/12 03:38:12 davidg Exp $
+ * $Id: param.c,v 1.7 1995/02/16 11:29:19 joerg Exp $
  */
 
 #include <sys/param.h>
@@ -82,7 +82,9 @@ int	tickadj = 30000 / (60 * HZ);		/* can adjust 30ms in 60s */
 struct	timezone tz = { TIMEZONE, DST };
 #define	NPROC (20 + 16 * MAXUSERS)
 int	maxproc = NPROC;			/* maximum # of processes */
+int	maxprocperuid = NPROC-1;		/* maximum # of processes per user */
 int	maxfiles = NPROC*2;			/* system wide open files limit */
+int	maxfilesperproc = NPROC*2;			/* system wide open files limit */
 int	ncallout = 16 + NPROC;			/* maximum # of timer events */
 int	nmbclusters = NMBCLUSTERS;
 int	fscale = FSCALE;	/* kernel uses `FSCALE', user uses `fscale' */
diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c
index 58d320219c5b..f89a05578c05 100644
--- a/sys/kern/kern_descrip.c
+++ b/sys/kern/kern_descrip.c
@@ -36,7 +36,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)kern_descrip.c	8.6 (Berkeley) 4/19/94
- * $Id: kern_descrip.c,v 1.6 1994/10/02 17:35:11 phk Exp $
+ * $Id: kern_descrip.c,v 1.7 1994/12/12 12:27:39 bde Exp $
  */
 
 #include <sys/param.h>
@@ -78,7 +78,7 @@ getdtablesize(p, uap, retval)
 	int *retval;
 {
 
-	*retval = min((int)p->p_rlimit[RLIMIT_NOFILE].rlim_cur, maxfiles);
+	*retval = min((int)p->p_rlimit[RLIMIT_NOFILE].rlim_cur, maxfilesperproc);
 	return (0);
 }
 
@@ -103,7 +103,7 @@ dup2(p, uap, retval)
 	if (old >= fdp->fd_nfiles ||
 	    fdp->fd_ofiles[old] == NULL ||
 	    new >= p->p_rlimit[RLIMIT_NOFILE].rlim_cur ||
-	    new >= maxfiles)
+	    new >= maxfilesperproc)
 		return (EBADF);
 	if (old == new) {
 		*retval = new;
@@ -191,7 +191,7 @@ fcntl(p, uap, retval)
 	case F_DUPFD:
 		newmin = uap->arg;
 		if (newmin >= p->p_rlimit[RLIMIT_NOFILE].rlim_cur ||
-		    newmin >= maxfiles)
+		    newmin >= maxfilesperproc)
 			return (EINVAL);
 		if ((error = fdalloc(p, newmin, &i)))
 			return (error);
@@ -507,7 +507,7 @@ fdalloc(p, want, result)
 	 * of want or fd_freefile.  If that fails, consider
 	 * expanding the ofile array.
 	 */
-	lim = min((int)p->p_rlimit[RLIMIT_NOFILE].rlim_cur, maxfiles);
+	lim = min((int)p->p_rlimit[RLIMIT_NOFILE].rlim_cur, maxfilesperproc);
 	for (;;) {
 		last = min(fdp->fd_nfiles, lim);
 		if ((i = want) < fdp->fd_freefile)
@@ -569,7 +569,7 @@ fdavail(p, n)
 	register struct file **fpp;
 	register int i, lim;
 
-	lim = min((int)p->p_rlimit[RLIMIT_NOFILE].rlim_cur, maxfiles);
+	lim = min((int)p->p_rlimit[RLIMIT_NOFILE].rlim_cur, maxfilesperproc);
 	if ((i = lim - fdp->fd_nfiles) > 0 && (n -= i) <= 0)
 		return (1);
 	fpp = &fdp->fd_ofiles[fdp->fd_freefile];
diff --git a/sys/kern/kern_resource.c b/sys/kern/kern_resource.c
index 414bc1a8c45c..d27ca57ba7f5 100644
--- a/sys/kern/kern_resource.c
+++ b/sys/kern/kern_resource.c
@@ -36,7 +36,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)kern_resource.c	8.5 (Berkeley) 1/21/94
- * $Id: kern_resource.c,v 1.9 1994/12/02 23:00:40 ats Exp $
+ * $Id: kern_resource.c,v 1.10 1994/12/06 22:53:37 bde Exp $
  */
 
 #include <sys/param.h>
@@ -409,17 +409,17 @@ dosetrlimit(p, which, limp)
 		break;
 
 	case RLIMIT_NOFILE:
-		if (limp->rlim_cur > maxfiles)
-			limp->rlim_cur = maxfiles;
-		if (limp->rlim_max > maxfiles)
-			limp->rlim_max = maxfiles;
+		if (limp->rlim_cur > maxfilesperproc)
+			limp->rlim_cur = maxfilesperproc;
+		if (limp->rlim_max > maxfilesperproc)
+			limp->rlim_max = maxfilesperproc;
 		break;
 
 	case RLIMIT_NPROC:
-		if (limp->rlim_cur > maxproc)
-			limp->rlim_cur = maxproc;
-		if (limp->rlim_max > maxproc)
-			limp->rlim_max = maxproc;
+		if (limp->rlim_cur > maxprocperuid)
+			limp->rlim_cur = maxprocperuid;
+		if (limp->rlim_max > maxprocperuid)
+			limp->rlim_max = maxprocperuid;
 		break;
 	}
 	*alimp = *limp;
diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c
index c5f16f5025d4..614393059e57 100644
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@@ -34,7 +34,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)kern_sysctl.c	8.4 (Berkeley) 4/14/94
- * $Id: kern_sysctl.c,v 1.20 1994/12/18 13:56:50 guido Exp $
+ * $Id: kern_sysctl.c,v 1.21 1994/12/28 06:15:08 davidg Exp $
  */
 
 /*
@@ -217,8 +217,12 @@ kern_sysctl(name, namelen, oldp, oldlenp, newp, newlen, p)
 		return(sysctl_int(oldp, oldlenp, newp, newlen, &desiredvnodes));
 	case KERN_MAXPROC:
 		return (sysctl_int(oldp, oldlenp, newp, newlen, &maxproc));
+	case KERN_MAXPROCPERUID:
+		return (sysctl_int(oldp, oldlenp, newp, newlen, &maxprocperuid));
 	case KERN_MAXFILES:
 		return (sysctl_int(oldp, oldlenp, newp, newlen, &maxfiles));
+	case KERN_MAXFILESPERPROC:
+		return (sysctl_int(oldp, oldlenp, newp, newlen, &maxfilesperproc));
 	case KERN_UPDATEINTERVAL:
 		/*
 		 * NB: this simple-minded approach only works because
diff --git a/sys/kern/subr_param.c b/sys/kern/subr_param.c
index 0171c912c446..aa2a18f2203a 100644
--- a/sys/kern/subr_param.c
+++ b/sys/kern/subr_param.c
@@ -36,7 +36,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)param.c	8.2 (Berkeley) 1/21/94
- * $Id: param.c,v 1.6 1995/01/12 03:38:12 davidg Exp $
+ * $Id: param.c,v 1.7 1995/02/16 11:29:19 joerg Exp $
  */
 
 #include <sys/param.h>
@@ -82,7 +82,9 @@ int	tickadj = 30000 / (60 * HZ);		/* can adjust 30ms in 60s */
 struct	timezone tz = { TIMEZONE, DST };
 #define	NPROC (20 + 16 * MAXUSERS)
 int	maxproc = NPROC;			/* maximum # of processes */
+int	maxprocperuid = NPROC-1;		/* maximum # of processes per user */
 int	maxfiles = NPROC*2;			/* system wide open files limit */
+int	maxfilesperproc = NPROC*2;			/* system wide open files limit */
 int	ncallout = 16 + NPROC;			/* maximum # of timer events */
 int	nmbclusters = NMBCLUSTERS;
 int	fscale = FSCALE;	/* kernel uses `FSCALE', user uses `fscale' */
diff --git a/sys/sys/file.h b/sys/sys/file.h
index f70f47aba7d3..9f8ae04bc6d7 100644
--- a/sys/sys/file.h
+++ b/sys/sys/file.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)file.h	8.1 (Berkeley) 6/2/93
- * $Id: file.h,v 1.2 1994/08/02 07:52:58 davidg Exp $
+ * $Id: file.h,v 1.3 1994/08/21 04:41:45 paul Exp $
  */
 
 #ifndef _SYS_FILE_H_
@@ -75,6 +75,7 @@ struct file {
 
 extern struct file *filehead;	/* head of list of open files */
 extern int maxfiles;		/* kernel limit on number of open files */
+extern int maxfilesperproc;	/* per process limit on number of open files */
 extern int nfiles;		/* actual number of open files */
 
 #endif /* KERNEL */
diff --git a/sys/sys/sysctl.h b/sys/sys/sysctl.h
index a879b184fb6a..009671c479de 100644
--- a/sys/sys/sysctl.h
+++ b/sys/sys/sysctl.h
@@ -34,7 +34,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)sysctl.h	8.1 (Berkeley) 6/2/93
- * $Id: sysctl.h,v 1.18 1994/10/16 03:53:00 wollman Exp $
+ * $Id: sysctl.h,v 1.19 1994/11/14 13:59:09 bde Exp $
  */
 
 #ifndef _SYS_SYSCTL_H_
@@ -133,7 +133,9 @@ struct ctlname {
 #define KERN_OSRELDATE		24	/* int: OS release date */
 #define KERN_NTP_PLL		25	/* node: NTP PLL control */
 #define	KERN_BOOTFILE		26	/* string: name of booted kernel */
-#define KERN_MAXID              27      /* number of valid kern ids */
+#define	KERN_MAXFILESPERPROC	27	/* int: max open files per proc */
+#define	KERN_MAXPROCPERUID 	28	/* int: max processes per uid */
+#define KERN_MAXID              29      /* number of valid kern ids */
 
 #define CTL_KERN_NAMES { \
 	{ 0, 0 }, \
@@ -163,6 +165,8 @@ struct ctlname {
 	{ "osreldate", CTLTYPE_INT }, \
         { "ntp_pll", CTLTYPE_NODE }, \
 	{ "bootfile", CTLTYPE_STRING }, \
+	{ "maxfilesperproc", CTLTYPE_INT }, \
+	{ "maxprocperuid", CTLTYPE_INT }, \
 }
 
 /*
diff --git a/usr.sbin/sysctl/sysctl.8 b/usr.sbin/sysctl/sysctl.8
index 3d91986d8a03..931ac35fd614 100644
--- a/usr.sbin/sysctl/sysctl.8
+++ b/usr.sbin/sysctl/sysctl.8
@@ -30,7 +30,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"	From: @(#)sysctl.8	8.1 (Berkeley) 6/6/93
-.\"	$Id: sysctl.8,v 1.4 1994/10/18 03:41:16 ache Exp $
+.\"	$Id: sysctl.8,v 1.5 1995/02/16 00:28:40 wollman Exp $
 .\"
 .Dd September 23, 1994
 .Dt SYSCTL 8
@@ -107,7 +107,9 @@ privilege can change the value.
 .It kern.version	string	no
 .It kern.maxvnodes	integer	yes
 .It kern.maxproc	integer	yes
+.It kern.maxprocperuid	integer	yes
 .It kern.maxfiles	integer	yes
+.It kern.maxfilesperproc	integer	yes
 .It kern.argmax	integer	no
 .It kern.securelevel	integer	raise only
 .It kern.hostname	string	yes