1 .\" Copyright (c) 1992 Drew Eckhardt, March 28, 1992
2 .\" and Copyright (c) 2002, 2004, 2005, 2008, 2010 Michael Kerrisk
4 .\" %%%LICENSE_START(VERBATIM)
5 .\" Permission is granted to make and distribute verbatim copies of this
6 .\" manual provided the copyright notice and this permission notice are
7 .\" preserved on all copies.
9 .\" Permission is granted to copy and distribute modified versions of this
10 .\" manual under the conditions for verbatim copying, provided that the
11 .\" entire resulting derived work is distributed under the terms of a
12 .\" permission notice identical to this one.
14 .\" Since the Linux kernel and libraries are constantly changing, this
15 .\" manual page may be incorrect or out-of-date. The author(s) assume no
16 .\" responsibility for errors or omissions, or for damages resulting from
17 .\" the use of the information contained herein. The author(s) may not
18 .\" have taken the same level of care in the production of this manual,
19 .\" which is licensed free of charge, as they might when working
22 .\" Formatted or processed versions of this manual, if unaccompanied by
23 .\" the source, must acknowledge the copyright and authors of this work.
26 .\" Modified by Michael Haardt <michael@moria.de>
27 .\" Modified 1993-07-23 by Rik Faith <faith@cs.unc.edu>
28 .\" Modified 1996-01-13 by Arnt Gulbrandsen <agulbra@troll.no>
29 .\" Modified 1996-01-22 by aeb, following a remark by
30 .\" Tigran Aivazian <tigran@sco.com>
31 .\" Modified 1996-04-14 by aeb, following a remark by
32 .\" Robert Bihlmeyer <robbe@orcus.ping.at>
33 .\" Modified 1996-10-22 by Eric S. Raymond <esr@thyrsus.com>
34 .\" Modified 2001-05-04 by aeb, following a remark by
35 .\" HÃ¥vard Lygre <hklygre@online.no>
36 .\" Modified 2001-04-17 by Michael Kerrisk <mtk.manpages@gmail.com>
37 .\" Modified 2002-06-13 by Michael Kerrisk <mtk.manpages@gmail.com>
38 .\" Added note on nonstandard behavior when SIGCHLD is ignored.
39 .\" Modified 2002-07-09 by Michael Kerrisk <mtk.manpages@gmail.com>
40 .\" Enhanced descriptions of 'resource' values
41 .\" Modified 2003-11-28 by aeb, added RLIMIT_CORE
42 .\" Modified 2004-03-26 by aeb, added RLIMIT_AS
43 .\" Modified 2004-06-16 by Michael Kerrisk <mtk.manpages@gmail.com>
44 .\" Added notes on CAP_SYS_RESOURCE
46 .\" 2004-11-16 -- mtk: the getrlimit.2 page, which formally included
47 .\" coverage of getrusage(2), has been split, so that the latter
48 .\" is now covered in its own getrusage.2.
50 .\" Modified 2004-11-16, mtk: A few other minor changes
51 .\" Modified 2004-11-23, mtk
52 .\" Added notes on RLIMIT_MEMLOCK, RLIMIT_NPROC, and RLIMIT_RSS
53 .\" to "CONFORMING TO"
54 .\" Modified 2004-11-25, mtk
55 .\" Rewrote discussion on RLIMIT_MEMLOCK to incorporate kernel
57 .\" Added note on RLIMIT_CPU error in older kernels
58 .\" 2004-11-03, mtk, Added RLIMIT_SIGPENDING
59 .\" 2005-07-13, mtk, documented RLIMIT_MSGQUEUE limit.
60 .\" 2005-07-28, mtk, Added descriptions of RLIMIT_NICE and RLIMIT_RTPRIO
61 .\" 2008-05-07, mtk / Peter Zijlstra, Added description of RLIMIT_RTTIME
62 .\" 2010-11-06, mtk: Added documentation of prlimit()
64 .TH GETRLIMIT 2 2021-03-22 "Linux" "Linux Programmer's Manual"
66 getrlimit, setrlimit, prlimit \- get/set resource limits
69 .B #include <sys/resource.h>
71 .BI "int getrlimit(int " resource ", struct rlimit *" rlim );
72 .BI "int setrlimit(int " resource ", const struct rlimit *" rlim );
74 .BI "int prlimit(pid_t " pid ", int " resource ", const struct rlimit *" new_limit ,
75 .BI " struct rlimit *" old_limit );
79 Feature Test Macro Requirements for glibc (see
80 .BR feature_test_macros (7)):
92 system calls get and set resource limits.
93 Each resource has an associated soft and hard limit, as defined by the
100 rlim_t rlim_cur; /* Soft limit */
101 rlim_t rlim_max; /* Hard limit (ceiling for rlim_cur) */
106 The soft limit is the value that the kernel enforces for the
107 corresponding resource.
108 The hard limit acts as a ceiling for the soft limit:
109 an unprivileged process may set only its soft limit to a value in the
110 range from 0 up to the hard limit, and (irreversibly) lower its hard limit.
111 A privileged process (under Linux: one with the
113 capability in the initial user namespace)
114 may make arbitrary changes to either limit value.
118 denotes no limit on a resource (both in the structure returned by
120 and in the structure passed to
125 argument must be one of:
128 This is the maximum size of the process's virtual memory
130 The limit is specified in bytes, and is rounded down to the system page size.
131 .\" since 2.0.27 / 2.1.12
132 This limit affects calls to
137 which fail with the error
139 upon exceeding this limit.
140 In addition, automatic stack expansion fails
143 that kills the process if no alternate stack
144 has been made available via
145 .BR sigaltstack (2)).
146 Since the value is a \fIlong\fP, on machines with a 32-bit \fIlong\fP
147 either this limit is at most 2\ GiB, or this resource is unlimited.
150 This is the maximum size of a
154 in bytes that the process may dump.
155 When 0 no core dump files are created.
156 When nonzero, larger dumps are truncated to this size.
159 This is a limit, in seconds,
160 on the amount of CPU time that the process can consume.
161 When the process reaches the soft limit, it is sent a
164 The default action for this signal is to terminate the process.
165 However, the signal can be caught, and the handler can return control to
167 If the process continues to consume CPU time, it will be sent
169 once per second until the hard limit is reached, at which time
172 (This latter point describes Linux behavior.
173 Implementations vary in how they treat processes which continue to
174 consume CPU time after reaching the soft limit.
175 Portable applications that need to catch this signal should
176 perform an orderly termination upon first receipt of
180 This is the maximum size
181 of the process's data segment (initialized data,
182 uninitialized data, and heap).
183 The limit is specified in bytes, and is rounded down to the system page size.
184 This limit affects calls to
187 and (since Linux 4.7)
189 .\" commits 84638335900f1995495838fe1bd4870c43ec1f67
190 .\" ("mm: rework virtual memory accounting"),
191 .\" f4fcd55841fc9e46daac553b39361572453c2b88
192 .\" (mm: enable RLIMIT_DATA by default with workaround for valgrind).
193 which fail with the error
195 upon encountering the soft limit of this resource.
198 This is the maximum size in bytes of files that the process may create.
199 Attempts to extend a file beyond this limit result in delivery of a
202 By default, this signal terminates a process, but a process can
203 catch this signal instead, in which case the relevant system call (e.g.,
209 .BR RLIMIT_LOCKS " (Linux 2.4.0 to 2.4.24)"
210 .\" to be precise: Linux 2.4.0-test9; no longer in 2.4.25 / 2.5.65
211 This is a limit on the combined number of
215 leases that this process may establish.
218 This is the maximum number of bytes of memory that may be locked
220 This limit is in effect rounded down to the nearest multiple
221 of the system page size.
229 Since Linux 2.6.9, it also affects the
232 operation, where it sets a maximum on the total bytes in
233 shared memory segments (see
235 that may be locked by the real user ID of the calling process.
239 locks are accounted for separately from the per-process memory
246 a process can lock bytes up to this limit in each of these
249 In Linux kernels before 2.6.9, this limit controlled the amount of
250 memory that could be locked by a privileged process.
251 Since Linux 2.6.9, no limits are placed on the amount of memory
252 that a privileged process may lock, and this limit instead governs
253 the amount of memory that an unprivileged process may lock.
255 .BR RLIMIT_MSGQUEUE " (since Linux 2.6.8)"
256 This is a limit on the number of bytes that can be allocated
257 for POSIX message queues for the real user ID of the calling process.
258 This limit is enforced for
260 Each message queue that the user creates counts (until it is removed)
261 against this limit according to the formula:
266 bytes = attr.mq_maxmsg * sizeof(struct msg_msg) +
267 min(attr.mq_maxmsg, MQ_PRIO_MAX) *
268 sizeof(struct posix_msg_tree_node)+
270 attr.mq_maxmsg * attr.mq_msgsize;
271 /* For message data */
274 Linux 3.4 and earlier:
277 bytes = attr.mq_maxmsg * sizeof(struct msg_msg *) +
279 attr.mq_maxmsg * attr.mq_msgsize;
280 /* For message data */
287 structure specified as the fourth argument to
292 .I posix_msg_tree_node
293 structures are kernel-internal structures.
295 The "overhead" addend in the formula accounts for overhead
296 bytes required by the implementation
297 and ensures that the user cannot
298 create an unlimited number of zero-length messages (such messages
299 nevertheless each consume some system memory for bookkeeping overhead).
301 .BR RLIMIT_NICE " (since Linux 2.6.12, but see BUGS below)"
302 This specifies a ceiling to which the process's nice value can be raised using
306 The actual ceiling for the nice value is calculated as
307 .IR "20\ \-\ rlim_cur" .
308 The useful range for this limit is thus from 1
309 (corresponding to a nice value of 19) to 40
310 (corresponding to a nice value of \-20).
311 This unusual choice of range was necessary
312 because negative numbers cannot be specified
313 as resource limit values, since they typically have special meanings.
316 typically is the same as \-1.
317 For more detail on the nice value, see
321 This specifies a value one greater than the maximum file descriptor number
322 that can be opened by this process.
328 to exceed this limit yield the error
330 (Historically, this limit was named
335 this limit also defines the maximum number of file descriptors that
336 an unprivileged process (one without the
338 capability) may have "in flight" to other processes,
339 by being passed across UNIX domain sockets.
340 This limit applies to the
343 For further details, see
347 This is a limit on the number of extant process
348 (or, more precisely on Linux, threads)
349 for the real user ID of the calling process.
350 So long as the current number of processes belonging to this
351 process's real user ID is greater than or equal to this limit,
358 limit is not enforced for processes that have either the
365 This is a limit (in bytes) on the process's resident set
366 (the number of virtual pages resident in RAM).
367 This limit has effect only in Linux 2.4.x, x < 30, and there
368 affects only calls to
372 .\" As at kernel 2.6.12, this limit still does nothing in 2.6 though
373 .\" talk of making it do something has surfaced from time to time in LKML
376 .BR RLIMIT_RTPRIO " (since Linux 2.6.12, but see BUGS)"
377 This specifies a ceiling on the real-time priority that may be set for
379 .BR sched_setscheduler (2)
381 .BR sched_setparam (2).
383 For further details on real-time scheduling policies, see
386 .BR RLIMIT_RTTIME " (since Linux 2.6.25)"
387 This is a limit (in microseconds)
388 on the amount of CPU time that a process scheduled
389 under a real-time scheduling policy may consume without making a blocking
391 For the purpose of this limit,
392 each time a process makes a blocking system call,
393 the count of its consumed CPU time is reset to zero.
394 The CPU time count is not reset if the process continues trying to
395 use the CPU but is preempted, its time slice expires, or it calls
398 Upon reaching the soft limit, the process is sent a
401 If the process catches or ignores this signal and
402 continues consuming CPU time, then
404 will be generated once each second until the hard limit is reached,
405 at which point the process is sent a
409 The intended use of this limit is to stop a runaway
410 real-time process from locking up the system.
412 For further details on real-time scheduling policies, see
415 .BR RLIMIT_SIGPENDING " (since Linux 2.6.8)"
416 This is a limit on the number of signals
417 that may be queued for the real user ID of the calling process.
418 Both standard and real-time signals are counted for the purpose of
420 However, the limit is enforced only for
422 it is always possible to use
424 to queue one instance of any of the signals that are not already
425 queued to the process.
426 .\" This replaces the /proc/sys/kernel/rtsig-max system-wide limit
427 .\" that was present in kernels <= 2.6.7. MTK Dec 04
430 This is the maximum size of the process stack, in bytes.
431 Upon reaching this limit, a
434 To handle this signal, a process must employ an alternate signal stack
435 .RB ( sigaltstack (2)).
438 this limit also determines the amount of space used for the process's
439 command-line arguments and environment variables; for details, see
442 .\" commit c022a0acad534fd5f5d5f17280f6d4d135e74e81
443 .\" Author: Jiri Slaby <jslaby@suse.cz>
444 .\" Date: Tue May 4 18:03:50 2010 +0200
446 .\" rlimits: implement prlimit64 syscall
448 .\" commit 6a1d5e2c85d06da35cdfd93f1a27675bfdc3ad8c
449 .\" Author: Jiri Slaby <jslaby@suse.cz>
450 .\" Date: Wed Mar 24 17:06:58 2010 +0100
452 .\" rlimits: add rlimit64 structure
456 system call combines and extends the functionality of
460 It can be used to both set and get the resource limits of an arbitrary process.
464 argument has the same meaning as for
471 argument is a not NULL, then the
473 structure to which it points is used to set new values for
474 the soft and hard limits for
478 argument is a not NULL, then a successful call to
480 places the previous soft and hard limits for
484 structure pointed to by
489 argument specifies the ID of the process on which the call is to operate.
492 is 0, then the call applies to the calling process.
493 To set or get the resources of a process other than itself,
494 the caller must have the
496 capability in the user namespace of the process
497 whose resource limits are being changed, or the
498 real, effective, and saved set user IDs of the target process
499 must match the real user ID of the caller
501 the real, effective, and saved set group IDs of the target process
502 must match the real group ID of the caller.
503 .\" FIXME . this permission check is strange
504 .\" Asked about this on LKML, 7 Nov 2010
505 .\" "Inconsistent credential checking in prlimit() syscall"
507 On success, these system calls return 0.
508 On error, \-1 is returned, and
510 is set to indicate the error.
514 A pointer argument points to a location
515 outside the accessible address space.
518 The value specified in
527 .IR rlim\->rlim_max .
530 An unprivileged process tried to raise the hard limit; the
532 capability is required to do this.
535 The caller tried to increase the hard
537 limit above the maximum defined by
538 .IR /proc/sys/fs/nr_open
544 The calling process did not have permission to set limits
545 for the process specified by
549 Could not find a process with the ID specified in
554 system call is available since Linux 2.6.36.
555 Library support is available since glibc 2.13.
557 For an explanation of the terms used in this section, see
565 Interface Attribute Value
570 T} Thread safety MT-Safe
578 POSIX.1-2001, POSIX.1-2008, SVr4, 4.3BSD.
586 derive from BSD and are not specified in POSIX.1;
587 they are present on the BSDs and Linux, but on few other implementations.
589 derives from BSD and is not specified in POSIX.1;
590 it is nevertheless present on most implementations.
591 .BR RLIMIT_MSGQUEUE ,
599 A child process created via
601 inherits its parent's resource limits.
602 Resource limits are preserved across
605 Resource limits are per-process attributes that are shared
606 by all of the threads in a process.
608 Lowering the soft limit for a resource below the process's
609 current consumption of that resource will succeed
610 (but will prevent the process from further increasing
611 its consumption of the resource).
613 One can set the resource limits of the shell using the built-in
619 The shell's resource limits are inherited by the processes that
620 it creates to execute commands.
622 Since Linux 2.6.24, the resource limits of any process can be inspected via
623 .IR /proc/[pid]/limits ;
627 Ancient systems provided a
629 function with a similar purpose to
631 For backward compatibility, glibc also provides
633 All new applications should be written using
635 .SS C library/kernel ABI differences
636 Since version 2.13, the glibc
640 wrapper functions no longer invoke the corresponding system calls,
643 for the reasons described in BUGS.
645 The name of the glibc wrapper function is
647 the underlying system call is
650 In older Linux kernels, the
654 signals delivered when a process encountered the soft and hard
656 limits were delivered one (CPU) second later than they should have been.
657 This was fixed in kernel 2.6.8.
659 In 2.6.x kernels before 2.6.17, a
661 limit of 0 is wrongly treated as "no limit" (like
663 Since Linux 2.6.17, setting a limit of 0 does have an effect,
664 but is actually treated as a limit of 1 second.
665 .\" see http://marc.theaimsgroup.com/?l=linux-kernel&m=114008066530167&w=2
667 A kernel bug means that
668 .\" See https://lwn.net/Articles/145008/
670 does not work in kernel 2.6.12; the problem is fixed in kernel 2.6.13.
672 In kernel 2.6.12, there was an off-by-one mismatch
673 between the priority ranges returned by
677 This had the effect that the actual ceiling for the nice value
679 .IR "19\ \-\ rlim_cur" .
680 This was fixed in kernel 2.6.13.
681 .\" see http://marc.theaimsgroup.com/?l=linux-kernel&m=112256338703880&w=2
684 .\" The relevant patch, sent to LKML, seems to be
685 .\" http://thread.gmane.org/gmane.linux.kernel/273462
686 .\" From: Roland McGrath <roland <at> redhat.com>
687 .\" Subject: [PATCH 7/7] make RLIMIT_CPU/SIGXCPU per-process
688 .\" Date: 2005-01-23 23:27:46 GMT
689 if a process reaches its soft
691 limit and has a handler installed for
693 then, in addition to invoking the signal handler,
694 the kernel increases the soft limit by one second.
695 This behavior repeats if the process continues to consume CPU time,
696 until the hard limit is reached,
697 at which point the process is killed.
698 Other implementations
699 .\" Tested Solaris 10, FreeBSD 9, OpenBSD 5.0
702 soft limit in this manner,
703 and the Linux behavior is probably not standards conformant;
704 portable applications should avoid relying on this Linux-specific behavior.
705 .\" FIXME . https://bugzilla.kernel.org/show_bug.cgi?id=50951
708 limit exhibits the same behavior when the soft limit is encountered.
710 Kernels before 2.4.22 did not diagnose the error
717 .IR rlim\->rlim_max .
718 .\" d3561f78fd379a7110e46c87964ba7aa4120235c
720 Linux doesn't return an error when an attempt to set
722 has failed, for compatibility reasons.
724 .SS Representation of """large""" resource limit values on 32-bit platforms
729 wrapper functions use a 64-bit
731 data type, even on 32-bit platforms.
734 data type used in the
738 system calls is a (32-bit)
739 .IR "unsigned long" .
740 .\" Linux still uses long for limits internally:
741 .\" c022a0acad534fd5f5d5f17280f6d4d135e74e81
742 .\" kernel/sys.c:do_prlimit() still uses struct rlimit which
743 .\" uses kernel_ulong_t for its members, i.e. 32-bit on 32-bit kernel.
744 Furthermore, in Linux,
745 the kernel represents resource limits on 32-bit platforms as
746 .IR "unsigned long" .
747 However, a 32-bit data type is not wide enough.
748 .\" https://bugzilla.kernel.org/show_bug.cgi?id=5042
749 .\" http://sources.redhat.com/bugzilla/show_bug.cgi?id=12201
750 The most pertinent limit here is
752 which specifies the maximum size to which a file can grow:
753 to be useful, this limit must be represented using a type
754 that is as wide as the type used to
755 represent file offsets\(emthat is, as wide as a 64-bit
757 (assuming a program compiled with
758 .IR _FILE_OFFSET_BITS=64 ).
760 To work around this kernel limitation,
761 if a program tried to set a resource limit to a value larger than
762 can be represented in a 32-bit
763 .IR "unsigned long" ,
766 wrapper function silently converted the limit value to
768 In other words, the requested resource limit setting was silently ignored.
771 .\" https://www.sourceware.org/bugzilla/show_bug.cgi?id=12201
772 glibc works around the limitations of the
776 system calls by implementing
780 as wrapper functions that call
783 The program below demonstrates the use of
788 #define _FILE_OFFSET_BITS 64
794 #include <sys/resource.h>
796 #define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \e
800 main(int argc, char *argv[])
802 struct rlimit old, new;
806 if (!(argc == 2 || argc == 4)) {
807 fprintf(stderr, "Usage: %s <pid> [<new\-soft\-limit> "
808 "<new\-hard\-limit>]\en", argv[0]);
812 pid = atoi(argv[1]); /* PID of target process */
816 new.rlim_cur = atoi(argv[2]);
817 new.rlim_max = atoi(argv[3]);
821 /* Set CPU time limit of target process; retrieve and display
824 if (prlimit(pid, RLIMIT_CPU, newp, &old) == \-1)
825 errExit("prlimit\-1");
826 printf("Previous limits: soft=%jd; hard=%jd\en",
827 (intmax_t) old.rlim_cur, (intmax_t) old.rlim_max);
829 /* Retrieve and display new CPU time limit */
831 if (prlimit(pid, RLIMIT_CPU, NULL, &old) == \-1)
832 errExit("prlimit\-2");
833 printf("New limits: soft=%jd; hard=%jd\en",
834 (intmax_t) old.rlim_cur, (intmax_t) old.rlim_max);
855 .BR capabilities (7),