
Linux-insides: Limits on resources in Linux - 0xAX
https://github.com/0xAX/linux-insides/blob/master/SysCall/syscall-6.md
======
rwmj
Seems odd that it doesn't mention cgroups or the CLONE_* flags used to create
namespaces for containers.

~~~
LukeShu
Yes, cgroups can be used to impose limits on resources; and from the outside
looking in, can look very similar to setrlimit(). But from the inside of the
kernel looking out (generally, the perspective taken by the linux-insides
book), they are very different subsystems; I expect that cgroups will come in
quite a bit later. If the book were discussing how to limit resources, sure it
should mention cgroups; but it is discussing how things work in the kernel,
not how to get the kernel to do certain things.

------
jwilk
> $ strace ulimit -s 2>&1 | grep rl

Does it actually work? On my system ulimit is a shell builtin, not a separate
command:

    
    
      $ strace ulimit -s
      strace: Can't stat 'ulimit': No such file or directory

~~~
devnonymous
Bash has a few builtin that are clones of commands (mostly from coreutils). To
execute the command instead of the builtin, just give the full path to the
command (not sure and cannot verify, right now but this might mean either
/bin/ulimit or /use/bin/ulimit ). There are other notable ones like echo, and
time where the builtins have slightly different behaviour than the commands.

~~~
LukeShu
While what you said is true in general; ulimit is usually not a separate
program. It modifies the state of the current process (similarly to `cd`), so
it _has_ to be built-in.

Now, there's no solid reason why it couldn't work like `unshare` or `chroot`
(which also wrap operations that modify the current process), and spawn a
second child shell with the modified properties. But, that isn't how it works
on any system I have ever used, isn't what users expect, and isn't in
conformance with POSIX.

To quote POSIX: _Since `ulimit` affects the current shell execution
environment, it is always provided as a shell regular built-in._

~~~
akira2501
> so it has to be built-in.

We have fork() and exec(), and resource limits carry across exec(), so it does
not /have/ to be a built-in.

