Set assigns value v to resource of LimitType t and returns the old value. privileged should be true only when either the caller has CAP_SYS_RESOURCE or when creating limits for a new kernel.
(t LimitType, v Limit, privileged bool)
| 215 | // privileged should be true only when either the caller has CAP_SYS_RESOURCE |
| 216 | // or when creating limits for a new kernel. |
| 217 | func (l *LimitSet) Set(t LimitType, v Limit, privileged bool) (Limit, error) { |
| 218 | l.mu.Lock() |
| 219 | defer l.mu.Unlock() |
| 220 | |
| 221 | // If a limit is already set, make sure the new limit doesn't |
| 222 | // exceed the previous max limit. |
| 223 | if _, ok := l.data[t]; ok { |
| 224 | // Unprivileged users can only lower their hard limits. |
| 225 | if l.data[t].Max < v.Max && !privileged { |
| 226 | return Limit{}, unix.EPERM |
| 227 | } |
| 228 | if v.Cur > v.Max { |
| 229 | return Limit{}, unix.EINVAL |
| 230 | } |
| 231 | } |
| 232 | old := l.data[t] |
| 233 | l.data[t] = v |
| 234 | return old, nil |
| 235 | } |