2 .\" Copyright (c) 1992 Drew Eckhardt, March 28, 1992
3 .\" and Copyright (c) 2002, 2004, 2005, 2008, 2010 Michael Kerrisk
5 .\" SPDX-License-Identifier: Linux-man-pages-copyleft
7 .\" Modified by Michael Haardt <michael@moria.de>
8 .\" Modified 1993-07-23 by Rik Faith <faith@cs.unc.edu>
9 .\" Modified 1996-01-13 by Arnt Gulbrandsen <agulbra@troll.no>
10 .\" Modified 1996-01-22 by aeb, following a remark by
11 .\" Tigran Aivazian <tigran@sco.com>
12 .\" Modified 1996-04-14 by aeb, following a remark by
13 .\" Robert Bihlmeyer <robbe@orcus.ping.at>
14 .\" Modified 1996-10-22 by Eric S. Raymond <esr@thyrsus.com>
15 .\" Modified 2001-05-04 by aeb, following a remark by
16 .\" HÃ¥vard Lygre <hklygre@online.no>
17 .\" Modified 2001-04-17 by Michael Kerrisk <mtk.manpages@gmail.com>
18 .\" Modified 2002-06-13 by Michael Kerrisk <mtk.manpages@gmail.com>
19 .\" Added note on nonstandard behavior when SIGCHLD is ignored.
20 .\" Modified 2002-07-09 by Michael Kerrisk <mtk.manpages@gmail.com>
21 .\" Enhanced descriptions of 'resource' values
22 .\" Modified 2003-11-28 by aeb, added RLIMIT_CORE
23 .\" Modified 2004-03-26 by aeb, added RLIMIT_AS
24 .\" Modified 2004-06-16 by Michael Kerrisk <mtk.manpages@gmail.com>
25 .\" Added notes on CAP_SYS_RESOURCE
27 .\" 2004-11-16 -- mtk: the getrlimit.2 page, which formally included
28 .\" coverage of getrusage(2), has been split, so that the latter
29 .\" is now covered in its own getrusage.2.
31 .\" Modified 2004-11-16, mtk: A few other minor changes
32 .\" Modified 2004-11-23, mtk
33 .\" Added notes on RLIMIT_MEMLOCK, RLIMIT_NPROC, and RLIMIT_RSS
34 .\" to "CONFORMING TO"
35 .\" Modified 2004-11-25, mtk
36 .\" Rewrote discussion on RLIMIT_MEMLOCK to incorporate kernel
38 .\" Added note on RLIMIT_CPU error in older kernels
39 .\" 2004-11-03, mtk, Added RLIMIT_SIGPENDING
40 .\" 2005-07-13, mtk, documented RLIMIT_MSGQUEUE limit.
41 .\" 2005-07-28, mtk, Added descriptions of RLIMIT_NICE and RLIMIT_RTPRIO
42 .\" 2008-05-07, mtk / Peter Zijlstra, Added description of RLIMIT_RTTIME
43 .\" 2010-11-06, mtk: Added documentation of prlimit()
45 .TH getrlimit 2 (date) "Linux man-pages (unreleased)"
47 getrlimit, setrlimit, prlimit \- get/set resource limits
50 .RI ( libc ", " \-lc )
53 .B #include <sys/resource.h>
55 .BI "int getrlimit(int " resource ", struct rlimit *" rlim );
56 .BI "int setrlimit(int " resource ", const struct rlimit *" rlim );
58 .BI "int prlimit(pid_t " pid ", int " resource ,
59 .BI " const struct rlimit *_Nullable " new_limit ,
60 .BI " struct rlimit *_Nullable " old_limit );
64 Feature Test Macro Requirements for glibc (see
65 .BR feature_test_macros (7)):
77 system calls get and set resource limits.
78 Each resource has an associated soft and hard limit, as defined by the
85 rlim_t rlim_cur; /* Soft limit */
86 rlim_t rlim_max; /* Hard limit (ceiling for rlim_cur) */
91 The soft limit is the value that the kernel enforces for the
92 corresponding resource.
93 The hard limit acts as a ceiling for the soft limit:
94 an unprivileged process may set only its soft limit to a value in the
95 range from 0 up to the hard limit, and (irreversibly) lower its hard limit.
96 A privileged process (under Linux: one with the
98 capability in the initial user namespace)
99 may make arbitrary changes to either limit value.
103 denotes no limit on a resource (both in the structure returned by
105 and in the structure passed to
110 argument must be one of:
113 This is the maximum size of the process's virtual memory
115 The limit is specified in bytes, and is rounded down to the system page size.
116 .\" since Linux 2.0.27 / Linux 2.1.12
117 This limit affects calls to
122 which fail with the error
124 upon exceeding this limit.
125 In addition, automatic stack expansion fails
128 that kills the process if no alternate stack
129 has been made available via
130 .BR sigaltstack (2)).
131 Since the value is a \fIlong\fP, on machines with a 32-bit \fIlong\fP
132 either this limit is at most 2\ GiB, or this resource is unlimited.
135 This is the maximum size of a
139 in bytes that the process may dump.
140 When 0 no core dump files are created.
141 When nonzero, larger dumps are truncated to this size.
144 This is a limit, in seconds,
145 on the amount of CPU time that the process can consume.
146 When the process reaches the soft limit, it is sent a
149 The default action for this signal is to terminate the process.
150 However, the signal can be caught, and the handler can return control to
152 If the process continues to consume CPU time, it will be sent
154 once per second until the hard limit is reached, at which time
157 (This latter point describes Linux behavior.
158 Implementations vary in how they treat processes which continue to
159 consume CPU time after reaching the soft limit.
160 Portable applications that need to catch this signal should
161 perform an orderly termination upon first receipt of
165 This is the maximum size
166 of the process's data segment (initialized data,
167 uninitialized data, and heap).
168 The limit is specified in bytes, and is rounded down to the system page size.
169 This limit affects calls to
172 and (since Linux 4.7)
174 .\" commits 84638335900f1995495838fe1bd4870c43ec1f67
175 .\" ("mm: rework virtual memory accounting"),
176 .\" f4fcd55841fc9e46daac553b39361572453c2b88
177 .\" (mm: enable RLIMIT_DATA by default with workaround for valgrind).
178 which fail with the error
180 upon encountering the soft limit of this resource.
183 This is the maximum size in bytes of files that the process may create.
184 Attempts to extend a file beyond this limit result in delivery of a
187 By default, this signal terminates a process, but a process can
188 catch this signal instead, in which case the relevant system call (e.g.,
194 .BR RLIMIT_LOCKS " (Linux 2.4.0 to Linux 2.4.24)"
195 .\" to be precise: Linux 2.4.0-test9; no longer in Linux 2.4.25 / Linux 2.5.65
196 This is a limit on the combined number of
200 leases that this process may establish.
203 This is the maximum number of bytes of memory that may be locked
205 This limit is in effect rounded down to the nearest multiple
206 of the system page size.
214 Since Linux 2.6.9, it also affects the
217 operation, where it sets a maximum on the total bytes in
218 shared memory segments (see
220 that may be locked by the real user ID of the calling process.
224 locks are accounted for separately from the per-process memory
231 a process can lock bytes up to this limit in each of these
234 Before Linux 2.6.9, this limit controlled the amount of
235 memory that could be locked by a privileged process.
236 Since Linux 2.6.9, no limits are placed on the amount of memory
237 that a privileged process may lock, and this limit instead governs
238 the amount of memory that an unprivileged process may lock.
240 .BR RLIMIT_MSGQUEUE " (since Linux 2.6.8)"
241 This is a limit on the number of bytes that can be allocated
242 for POSIX message queues for the real user ID of the calling process.
243 This limit is enforced for
245 Each message queue that the user creates counts (until it is removed)
246 against this limit according to the formula:
253 bytes = attr.mq_maxmsg * sizeof(struct msg_msg) +
254 MIN(attr.mq_maxmsg, MQ_PRIO_MAX) *
255 sizeof(struct posix_msg_tree_node)+
257 attr.mq_maxmsg * attr.mq_msgsize;
258 /* For message data */
262 Linux 3.4 and earlier:
266 bytes = attr.mq_maxmsg * sizeof(struct msg_msg *) +
268 attr.mq_maxmsg * attr.mq_msgsize;
269 /* For message data */
278 structure specified as the fourth argument to
283 .I posix_msg_tree_node
284 structures are kernel-internal structures.
286 The "overhead" addend in the formula accounts for overhead
287 bytes required by the implementation
288 and ensures that the user cannot
289 create an unlimited number of zero-length messages (such messages
290 nevertheless each consume some system memory for bookkeeping overhead).
292 .BR RLIMIT_NICE " (since Linux 2.6.12, but see BUGS below)"
293 This specifies a ceiling to which the process's nice value can be raised using
297 The actual ceiling for the nice value is calculated as
298 .IR "20\ \-\ rlim_cur" .
299 The useful range for this limit is thus from 1
300 (corresponding to a nice value of 19) to 40
301 (corresponding to a nice value of \-20).
302 This unusual choice of range was necessary
303 because negative numbers cannot be specified
304 as resource limit values, since they typically have special meanings.
307 typically is the same as \-1.
308 For more detail on the nice value, see
312 This specifies a value one greater than the maximum file descriptor number
313 that can be opened by this process.
319 to exceed this limit yield the error
321 (Historically, this limit was named
326 this limit also defines the maximum number of file descriptors that
327 an unprivileged process (one without the
329 capability) may have "in flight" to other processes,
330 by being passed across UNIX domain sockets.
331 This limit applies to the
334 For further details, see
338 This is a limit on the number of extant process
339 (or, more precisely on Linux, threads)
340 for the real user ID of the calling process.
341 So long as the current number of processes belonging to this
342 process's real user ID is greater than or equal to this limit,
349 limit is not enforced for processes that have either the
354 or run with real user ID 0.
357 This is a limit (in bytes) on the process's resident set
358 (the number of virtual pages resident in RAM).
359 This limit has effect only in Linux 2.4.x, x < 30, and there
360 affects only calls to
364 .\" As at Linux 2.6.12, this limit still does nothing in Linux 2.6 though
365 .\" talk of making it do something has surfaced from time to time in LKML
368 .BR RLIMIT_RTPRIO " (since Linux 2.6.12, but see BUGS)"
369 This specifies a ceiling on the real-time priority that may be set for
371 .BR sched_setscheduler (2)
373 .BR sched_setparam (2).
375 For further details on real-time scheduling policies, see
378 .BR RLIMIT_RTTIME " (since Linux 2.6.25)"
379 This is a limit (in microseconds)
380 on the amount of CPU time that a process scheduled
381 under a real-time scheduling policy may consume without making a blocking
383 For the purpose of this limit,
384 each time a process makes a blocking system call,
385 the count of its consumed CPU time is reset to zero.
386 The CPU time count is not reset if the process continues trying to
387 use the CPU but is preempted, its time slice expires, or it calls
390 Upon reaching the soft limit, the process is sent a
393 If the process catches or ignores this signal and
394 continues consuming CPU time, then
396 will be generated once each second until the hard limit is reached,
397 at which point the process is sent a
401 The intended use of this limit is to stop a runaway
402 real-time process from locking up the system.
404 For further details on real-time scheduling policies, see
407 .BR RLIMIT_SIGPENDING " (since Linux 2.6.8)"
408 This is a limit on the number of signals
409 that may be queued for the real user ID of the calling process.
410 Both standard and real-time signals are counted for the purpose of
412 However, the limit is enforced only for
414 it is always possible to use
416 to queue one instance of any of the signals that are not already
417 queued to the process.
418 .\" This replaces the /proc/sys/kernel/rtsig-max system-wide limit
419 .\" that was present in Linux <= 2.6.7. MTK Dec 04
422 This is the maximum size of the process stack, in bytes.
423 Upon reaching this limit, a
426 To handle this signal, a process must employ an alternate signal stack
427 .RB ( sigaltstack (2)).
430 this limit also determines the amount of space used for the process's
431 command-line arguments and environment variables; for details, see
434 .\" commit c022a0acad534fd5f5d5f17280f6d4d135e74e81
435 .\" Author: Jiri Slaby <jslaby@suse.cz>
436 .\" Date: Tue May 4 18:03:50 2010 +0200
438 .\" rlimits: implement prlimit64 syscall
440 .\" commit 6a1d5e2c85d06da35cdfd93f1a27675bfdc3ad8c
441 .\" Author: Jiri Slaby <jslaby@suse.cz>
442 .\" Date: Wed Mar 24 17:06:58 2010 +0100
444 .\" rlimits: add rlimit64 structure
448 system call combines and extends the functionality of
452 It can be used to both set and get the resource limits of an arbitrary process.
456 argument has the same meaning as for
463 argument is not NULL, then the
465 structure to which it points is used to set new values for
466 the soft and hard limits for
470 argument is not NULL, then a successful call to
472 places the previous soft and hard limits for
476 structure pointed to by
481 argument specifies the ID of the process on which the call is to operate.
484 is 0, then the call applies to the calling process.
485 To set or get the resources of a process other than itself,
486 the caller must have the
488 capability in the user namespace of the process
489 whose resource limits are being changed, or the
490 real, effective, and saved set user IDs of the target process
491 must match the real user ID of the caller
493 the real, effective, and saved set group IDs of the target process
494 must match the real group ID of the caller.
495 .\" FIXME . this permission check is strange
496 .\" Asked about this on LKML, 7 Nov 2010
497 .\" "Inconsistent credential checking in prlimit() syscall"
499 On success, these system calls return 0.
500 On error, \-1 is returned, and
502 is set to indicate the error.
506 A pointer argument points to a location
507 outside the accessible address space.
510 The value specified in
519 .IR rlim\->rlim_max .
522 An unprivileged process tried to raise the hard limit; the
524 capability is required to do this.
527 The caller tried to increase the hard
529 limit above the maximum defined by
530 .I /proc/sys/fs/nr_open
536 The calling process did not have permission to set limits
537 for the process specified by
541 Could not find a process with the ID specified in
544 For an explanation of the terms used in this section, see
550 Interface Attribute Value
557 T} Thread safety MT-Safe
572 derive from BSD and are not specified in POSIX.1;
573 they are present on the BSDs and Linux, but on few other implementations.
575 derives from BSD and is not specified in POSIX.1;
576 it is nevertheless present on most implementations.
577 .BR \%RLIMIT_MSGQUEUE ,
582 .B \%RLIMIT_SIGPENDING
589 POSIX.1-2001, SVr4, 4.3BSD.
595 A child process created via
597 inherits its parent's resource limits.
598 Resource limits are preserved across
601 Resource limits are per-process attributes that are shared
602 by all of the threads in a process.
604 Lowering the soft limit for a resource below the process's
605 current consumption of that resource will succeed
606 (but will prevent the process from further increasing
607 its consumption of the resource).
609 One can set the resource limits of the shell using the built-in
615 The shell's resource limits are inherited by the processes that
616 it creates to execute commands.
618 Since Linux 2.6.24, the resource limits of any process can be inspected via
619 .IR /proc/ pid /limits ;
623 Ancient systems provided a
625 function with a similar purpose to
627 For backward compatibility, glibc also provides
629 All new applications should be written using
631 .SS C library/kernel ABI differences
632 Since glibc 2.13, the glibc
636 wrapper functions no longer invoke the corresponding system calls,
639 for the reasons described in BUGS.
641 The name of the glibc wrapper function is
643 the underlying system call is
646 In older Linux kernels, the
650 signals delivered when a process encountered the soft and hard
652 limits were delivered one (CPU) second later than they should have been.
653 This was fixed in Linux 2.6.8.
655 In Linux 2.6.x kernels before Linux 2.6.17, a
657 limit of 0 is wrongly treated as "no limit" (like
659 Since Linux 2.6.17, setting a limit of 0 does have an effect,
660 but is actually treated as a limit of 1 second.
661 .\" see http://marc.theaimsgroup.com/?l=linux-kernel&m=114008066530167&w=2
663 A kernel bug means that
664 .\" See https://lwn.net/Articles/145008/
666 does not work in Linux 2.6.12; the problem is fixed in Linux 2.6.13.
668 In Linux 2.6.12, there was an off-by-one mismatch
669 between the priority ranges returned by
673 This had the effect that the actual ceiling for the nice value
675 .IR "19\ \-\ rlim_cur" .
676 This was fixed in Linux 2.6.13.
677 .\" see http://marc.theaimsgroup.com/?l=linux-kernel&m=112256338703880&w=2
680 .\" The relevant patch, sent to LKML, seems to be
681 .\" http://thread.gmane.org/gmane.linux.kernel/273462
682 .\" From: Roland McGrath <roland <at> redhat.com>
683 .\" Subject: [PATCH 7/7] make RLIMIT_CPU/SIGXCPU per-process
684 .\" Date: 2005-01-23 23:27:46 GMT
685 if a process reaches its soft
687 limit and has a handler installed for
689 then, in addition to invoking the signal handler,
690 the kernel increases the soft limit by one second.
691 This behavior repeats if the process continues to consume CPU time,
692 until the hard limit is reached,
693 at which point the process is killed.
694 Other implementations
695 .\" Tested Solaris 10, FreeBSD 9, OpenBSD 5.0
698 soft limit in this manner,
699 and the Linux behavior is probably not standards conformant;
700 portable applications should avoid relying on this Linux-specific behavior.
701 .\" FIXME . https://bugzilla.kernel.org/show_bug.cgi?id=50951
704 limit exhibits the same behavior when the soft limit is encountered.
706 Kernels before Linux 2.4.22 did not diagnose the error
713 .IR rlim\->rlim_max .
714 .\" d3561f78fd379a7110e46c87964ba7aa4120235c
716 Linux doesn't return an error when an attempt to set
718 has failed, for compatibility reasons.
720 .SS Representation of \[dq]large\[dq] resource limit values on 32-bit platforms
725 wrapper functions use a 64-bit
727 data type, even on 32-bit platforms.
730 data type used in the
734 system calls is a (32-bit)
735 .IR "unsigned long" .
736 .\" Linux still uses long for limits internally:
737 .\" c022a0acad534fd5f5d5f17280f6d4d135e74e81
738 .\" kernel/sys.c:do_prlimit() still uses struct rlimit which
739 .\" uses kernel_ulong_t for its members, i.e. 32-bit on 32-bit kernel.
740 Furthermore, in Linux,
741 the kernel represents resource limits on 32-bit platforms as
742 .IR "unsigned long" .
743 However, a 32-bit data type is not wide enough.
744 .\" https://bugzilla.kernel.org/show_bug.cgi?id=5042
745 .\" https://www.sourceware.org/bugzilla/show_bug.cgi?id=12201
746 The most pertinent limit here is
748 which specifies the maximum size to which a file can grow:
749 to be useful, this limit must be represented using a type
750 that is as wide as the type used to
751 represent file offsets\[em]that is, as wide as a 64-bit
753 (assuming a program compiled with
754 .IR _FILE_OFFSET_BITS=64 ).
756 To work around this kernel limitation,
757 if a program tried to set a resource limit to a value larger than
758 can be represented in a 32-bit
759 .IR "unsigned long" ,
762 wrapper function silently converted the limit value to
764 In other words, the requested resource limit setting was silently ignored.
767 .\" https://www.sourceware.org/bugzilla/show_bug.cgi?id=12201
768 glibc works around the limitations of the
772 system calls by implementing
776 as wrapper functions that call
779 The program below demonstrates the use of
782 .\" SRC BEGIN (getrlimit.c)
785 #define _FILE_OFFSET_BITS 64
790 #include <sys/resource.h>
794 main(int argc, char *argv[])
797 struct rlimit old, new;
800 if (!(argc == 2 || argc == 4)) {
801 fprintf(stderr, "Usage: %s <pid> [<new\-soft\-limit> "
802 "<new\-hard\-limit>]\en", argv[0]);
806 pid = atoi(argv[1]); /* PID of target process */
810 new.rlim_cur = atoi(argv[2]);
811 new.rlim_max = atoi(argv[3]);
815 /* Set CPU time limit of target process; retrieve and display
818 if (prlimit(pid, RLIMIT_CPU, newp, &old) == \-1)
819 err(EXIT_FAILURE, "prlimit\-1");
820 printf("Previous limits: soft=%jd; hard=%jd\en",
821 (intmax_t) old.rlim_cur, (intmax_t) old.rlim_max);
823 /* Retrieve and display new CPU time limit */
825 if (prlimit(pid, RLIMIT_CPU, NULL, &old) == \-1)
826 err(EXIT_FAILURE, "prlimit\-2");
827 printf("New limits: soft=%jd; hard=%jd\en",
828 (intmax_t) old.rlim_cur, (intmax_t) old.rlim_max);
850 .BR capabilities (7),