kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit 22e1e1c425df1e23a25a21fb9c14f5d30bb9d8ca
parent 26d4d5d63b83cb9044ae72d0f3ea1e323cebfc39
Author: Joris Vink <joris@coders.se>
Date:   Thu, 31 Jul 2014 09:14:03 +0200

Add worker_rlimit_nofiles as a configurable option.

Diffstat:
conf/kore.conf.example | 3+++
includes/kore.h | 1+
src/config.c | 21++++++++++++++++++++-
src/worker.c | 11+++++++++++
4 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/conf/kore.conf.example b/conf/kore.conf.example @@ -17,6 +17,9 @@ workers 4 # You might have to tweak this number based on your hardware. #worker_max_connections 250 +# Limit of maximum open files per worker. +#worker_rlimit_nofiles 1024 + # Store the main process its pid in this file. #pidfile /var/run/kore.pid diff --git a/includes/kore.h b/includes/kore.h @@ -318,6 +318,7 @@ extern u_int64_t spdy_idle_time; extern u_int16_t cpu_count; extern u_int8_t worker_count; extern u_int64_t kore_cb_interval; +extern u_int32_t worker_rlimit_nofiles; extern u_int32_t worker_max_connections; extern u_int32_t worker_active_connections; extern void (*kore_cb)(void); diff --git a/src/config.c b/src/config.c @@ -42,6 +42,7 @@ static int configure_pidfile(char **); static int configure_accesslog(char **); static int configure_certfile(char **); static int configure_certkey(char **); +static int configure_rlimit_nofiles(char **); static int configure_max_connections(char **); static int configure_ssl_cipher(char **); static int configure_ssl_dhparam(char **); @@ -89,6 +90,7 @@ static struct { { "runas", configure_runas }, { "workers", configure_workers }, { "worker_max_connections", configure_max_connections }, + { "worker_rlimit_nofiles", configure_rlimit_nofiles }, { "pidfile", configure_pidfile }, { "accesslog", configure_accesslog }, { "certfile", configure_certfile }, @@ -135,7 +137,7 @@ kore_parse_config(void) fatal("no '%s' symbol found for kore_cb", kore_cb_name); if (LIST_EMPTY(&listeners)) fatal("no listeners defined"); - if (chroot_path == NULL) + if (skip_chroot != 0 && chroot_path == NULL) fatal("missing a chroot path"); if (runas_user == NULL) fatal("missing a username to run as"); @@ -543,6 +545,23 @@ configure_max_connections(char **argv) } static int +configure_rlimit_nofiles(char **argv) +{ + int err; + + if (argv[1] == NULL) + return (KORE_RESULT_ERROR); + + worker_rlimit_nofiles = kore_strtonum(argv[1], 10, 1, UINT_MAX, &err); + if (err != KORE_RESULT_OK) { + printf("bad value for worker_rlimit_nofiles: %s\n", argv[1]); + return (KORE_RESULT_ERROR); + } + + return (KORE_RESULT_OK); +} + +static int configure_kore_cb(char **argv) { if (argv[1] == NULL) diff --git a/src/worker.c b/src/worker.c @@ -17,6 +17,8 @@ #include <sys/types.h> #include <sys/shm.h> #include <sys/wait.h> +#include <sys/time.h> +#include <sys/resource.h> #include <grp.h> #include <pwd.h> @@ -62,6 +64,7 @@ static struct wlock *accept_lock; extern volatile sig_atomic_t sig_recv; struct kore_worker *worker = NULL; +u_int32_t worker_rlimit_nofiles = 1024; u_int32_t worker_max_connections = 250; u_int32_t worker_active_connections = 0; @@ -173,6 +176,7 @@ kore_worker_dispatch_signal(int sig) void kore_worker_entry(struct kore_worker *kw) { + struct rlimit rl; char buf[16]; struct connection *c, *cnext; int quit, had_lock; @@ -199,6 +203,13 @@ kore_worker_entry(struct kore_worker *kw) fatal("unable to drop privileges"); } + rl.rlim_cur = worker_rlimit_nofiles; + rl.rlim_max = worker_rlimit_nofiles; + if (setrlimit(RLIMIT_NOFILE, &rl) == -1) { + kore_log(LOG_ERR, "setrlimit(RLIMIT_NOFILE, %d): %s", + worker_rlimit_nofiles, errno_s); + } + (void)snprintf(buf, sizeof(buf), "kore [wrk %d]", kw->id); kore_platform_proctitle(buf); kore_platform_worker_setcpu(kw);