Home | History | Annotate | Download | only in platform_OSLimits 
      1 # Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
      2 # Use of this source code is governed by a BSD-style license that can be
      3 # found in the LICENSE file.
      4 
      5 AUTHOR = "Chromium OS Team"
      6 NAME = "platform_OSLimits"
      7 PURPOSE = "Verify some kernel settings."
      8 CRITERIA = """
      9 Fail if we find unexpected values for resource limits:
     10   - Max open files
     11   - Max processes
     12 or unexpected values for sysctls:
     13   - fs/file-max
     14   - fs/leases-enable
     15   - fs/nr_open
     16   - kernel/kptr_restrict
     17   - kernel/ngroups_max
     18   - kernel/panic
     19   - kernel/pid_max
     20   - kernel/randomize_va_space
     21   - kernel/suid_dumpable
     22   - kernel/sysrq
     23   - kernel/threads-max
     24   - net/ipv4/tcp_syncookies
     25   - vm/mmap_min_addr
     26 """
     27 ATTRIBUTES = "suite:bvt-inline, suite:smoke"
     28 SUITE = "bvt-inline, smoke"
     29 TIME = "SHORT"
     30 TEST_CATEGORY = "Functional"
     31 TEST_CLASS = "platform"
     32 TEST_TYPE = "client"
     33 JOB_RETRIES = 2
     34 DOC = """
     35 Verifies various system level limits and settings.
     36 
     37 The resources being verified are:
     38   - Max open files: the maximum number of file descriptors a process can open.
     39   - Max processes: the maximum number of processes that can be created for
     40     the real user id of the calling process.
     41 
     42 The sysctls being verified are:
     43   - fs/file-max: maximum number of file handles that the kernel will allocate.
     44     The default value is usually about 10% of RAM in kilobytes.
     45   - fs/leases-enable:
     46     - 0: no leases on files allowed.
     47     - 1: leases are allowed to be established on a file.
     48   - fs/nr_open: the maximum number of file handles a process can allocate.
     49     file-max cannot exceed this value.
     50   - kernel/kptr_restrict: do not expose kernel addresses to userspace.
     51   - kernel/ngroups_max: the number a groups a user may belong to.
     52   - kernel/panic: number of seconds the kernel postpones rebooting when the
     53     system experiences a kernel panic. 0 disables automatic rebooting.
     54   - kernel/pid_max: the maximum value of a pid before it wraps.
     55   - kernel/randomize_va_space:
     56     - 0: no ASLR for userspace processes.
     57     - 1: ASLR for stack and mmap (and exec if built PIE).
     58     - 2: same as above except also randomize brk location.
     59   - kernel/suid_dumpable:
     60     - 0: core dump not produced for a process with changed cred.
     61     - 1: all processes core dump when possible.
     62     - 2: binary which is not normally dumped is dumped ro by root.
     63   - kernel/sysrq: Activates the System Request Key when anything other than 0.
     64   - kernel/threads-max: Maximum threads on system.
     65   - net/ipv4/tcp_syncookies: make sure weird inbound TCP flooding is safe.
     66   - vm/mmap_min_addr: make sure low memory cannot be allocated.
     67 """
     68 
     69 job.run_test('platform_OSLimits')
     70