Home | History | Annotate | Download | only in platform_OSLimits 
      1 # Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
      2 # Use of this source code is governed by a BSD-style license that can be
      3 # found in the LICENSE file.
      4 
      5 AUTHOR = "Chromium OS Team"
      6 NAME = "platform_OSLimits"
      7 PURPOSE = "Verify some kernel settings."
      8 CRITERIA = """
      9 Fail if we find unexpected values for resource limits:
     10   - Max open files
     11   - Max processes
     12 or unexpected values for sysctls:
     13   - fs/file-max
     14   - fs/leases-enable
     15   - fs/nr_open
     16   - kernel/kptr_restrict
     17   - kernel/ngroups_max
     18   - kernel/panic
     19   - kernel/pid_max
     20   - kernel/randomize_va_space
     21   - kernel/suid_dumpable
     22   - kernel/sysrq
     23   - kernel/threads-max
     24   - net/ipv4/tcp_syncookies
     25   - vm/mmap_min_addr
     26 """
     27 ATTRIBUTES = "suite:bvt-inline, suite:smoke"
     28 TIME = "SHORT"
     29 TEST_CATEGORY = "Functional"
     30 TEST_CLASS = "platform"
     31 TEST_TYPE = "client"
     32 JOB_RETRIES = 2
     33 DOC = """
     34 Verifies various system level limits and settings.
     35 
     36 The resources being verified are:
     37   - Max open files: the maximum number of file descriptors a process can open.
     38   - Max processes: the maximum number of processes that can be created for
     39     the real user id of the calling process.
     40 
     41 The sysctls being verified are:
     42   - fs/file-max: maximum number of file handles that the kernel will allocate.
     43     The default value is usually about 10% of RAM in kilobytes.
     44   - fs/leases-enable:
     45     - 0: no leases on files allowed.
     46     - 1: leases are allowed to be established on a file.
     47   - fs/nr_open: the maximum number of file handles a process can allocate.
     48     file-max cannot exceed this value.
     49   - kernel/kptr_restrict: do not expose kernel addresses to userspace.
     50   - kernel/ngroups_max: the number a groups a user may belong to.
     51   - kernel/panic: number of seconds the kernel postpones rebooting when the
     52     system experiences a kernel panic. 0 disables automatic rebooting.
     53   - kernel/pid_max: the maximum value of a pid before it wraps.
     54   - kernel/randomize_va_space:
     55     - 0: no ASLR for userspace processes.
     56     - 1: ASLR for stack and mmap (and exec if built PIE).
     57     - 2: same as above except also randomize brk location.
     58   - kernel/suid_dumpable:
     59     - 0: core dump not produced for a process with changed cred.
     60     - 1: all processes core dump when possible.
     61     - 2: binary which is not normally dumped is dumped ro by root.
     62   - kernel/sysrq: Activates the System Request Key when anything other than 0.
     63   - kernel/threads-max: Maximum threads on system.
     64   - net/ipv4/tcp_syncookies: make sure weird inbound TCP flooding is safe.
     65   - vm/mmap_min_addr: make sure low memory cannot be allocated.
     66 """
     67 
     68 job.run_test('platform_OSLimits')
     69