1# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5AUTHOR = "Chromium OS Team"
6NAME = "platform_OSLimits"
7PURPOSE = "Verify some kernel settings."
8CRITERIA = """
9Fail if we find unexpected values for resource limits:
10  - Max open files
11  - Max processes
12or unexpected values for sysctls:
13  - fs/file-max
14  - fs/leases-enable
15  - fs/nr_open
16  - kernel/kptr_restrict
17  - kernel/ngroups_max
18  - kernel/panic
19  - kernel/pid_max
20  - kernel/randomize_va_space
21  - kernel/suid_dumpable
22  - kernel/sysrq
23  - kernel/threads-max
24  - net/ipv4/tcp_syncookies
25  - vm/mmap_min_addr
26"""
27ATTRIBUTES = "suite:bvt-inline, suite:smoke"
28TIME = "SHORT"
29TEST_CATEGORY = "Functional"
30TEST_CLASS = "platform"
31TEST_TYPE = "client"
32JOB_RETRIES = 2
33DOC = """
34Verifies various system level limits and settings.
35
36The resources being verified are:
37  - Max open files: the maximum number of file descriptors a process can open.
38  - Max processes: the maximum number of processes that can be created for
39    the real user id of the calling process.
40
41The sysctls being verified are:
42  - fs/file-max: maximum number of file handles that the kernel will allocate.
43    The default value is usually about 10% of RAM in kilobytes.
44  - fs/leases-enable:
45    - 0: no leases on files allowed.
46    - 1: leases are allowed to be established on a file.
47  - fs/nr_open: the maximum number of file handles a process can allocate.
48    file-max cannot exceed this value.
49  - kernel/kptr_restrict: do not expose kernel addresses to userspace.
50  - kernel/ngroups_max: the number a groups a user may belong to.
51  - kernel/panic: number of seconds the kernel postpones rebooting when the
52    system experiences a kernel panic. 0 disables automatic rebooting.
53  - kernel/pid_max: the maximum value of a pid before it wraps.
54  - kernel/randomize_va_space:
55    - 0: no ASLR for userspace processes.
56    - 1: ASLR for stack and mmap (and exec if built PIE).
57    - 2: same as above except also randomize brk location.
58  - kernel/suid_dumpable:
59    - 0: core dump not produced for a process with changed cred.
60    - 1: all processes core dump when possible.
61    - 2: binary which is not normally dumped is dumped ro by root.
62  - kernel/sysrq: Activates the System Request Key when anything other than 0.
63  - kernel/threads-max: Maximum threads on system.
64  - net/ipv4/tcp_syncookies: make sure weird inbound TCP flooding is safe.
65  - vm/mmap_min_addr: make sure low memory cannot be allocated.
66"""
67
68job.run_test('platform_OSLimits')
69