Add Config Option to Limit Number of Processes

To protect your system and ghostty from misbehaving programs that launch too many processes for the system to handle (e.g. like a fork bomb), this implements an option to limit the number of processes that can be started in a surface. A fork bomb for example or other misbehaving program would then only take down one surface and not the entire system. Side node: If I am right in issue #2084, this feature does not actually work on a per surface basis but on all surfaces. If this is the case, it could probably be fixed together. Chances are, that I am wrong though 😉 Further improvements that could be done: - unify way to set cgroup attributes - set sane default: 10% of system max?
2025-07-14 15:56:13 +03:00 · 2024-08-11 23:37:57 +02:00
parent 956b097786
commit ba41f142ed
3 changed files with 42 additions and 0 deletions
--- a/src/apprt/gtk/cgroup.zig
+++ b/src/apprt/gtk/cgroup.zig
@ -71,6 +71,14 @@ pub fn init(app: *App) ![]const u8 {
        });
    }

+    // Configure the "max" pids limit. This is a hard limit and cannot be
+    // exceeded.
+    if (app.config.@"linux-cgroup-processes-limit") |limit| {
+        try internal_os.cgroup.configureProcessesLimit(surfaces, .{
+            .processes = limit,
+        });
+    }
+
    return transient;
 }

--- a/src/config/Config.zig
+++ b/src/config/Config.zig
@ -1276,6 +1276,13 @@ keybind: Keybinds = .{},
 /// pressure.
@"linux-cgroup-memory-limit": ?u64 = null,

+/// Number of processes limit for any individual terminal process (tab, split,
+/// window, etc.). If this is unset then no limit will be set.
+///
+/// Note that this sets the "pids.max" configuration for the process number
+/// controller, which is a hard limit.
+@"linux-cgroup-processes-limit": ?u64 = null,
+
 /// If this is false, then any cgroup initialization (for linux-cgroup)
 /// will be allowed to fail and the failure is ignored. This is useful if
 /// you view cgroup isolation as a "nice to have" and not a critical resource
--- a/src/os/cgroup.zig
+++ b/src/os/cgroup.zig
@ -207,3 +207,30 @@ pub fn configureMemoryLimit(cgroup: []const u8, limit: MemoryLimit) !void {
    // Write our limit in bytes
    try file.writer().print("{}", .{size});
 }
+
+pub const ProcessesLimit = union(enum) {
+    /// pids.max
+    processes: usize,
+};
+
+/// Configure the number of processes for the given cgroup.
+pub fn configureProcessesLimit(cgroup: []const u8, limit: ProcessesLimit) !void {
+    assert(cgroup[0] == '/');
+
+    const filename, const size = switch (limit) {
+        .processes => |v| .{ "pids.max", v },
+    };
+
+    // Open our file
+    var buf: [std.fs.max_path_bytes]u8 = undefined;
+    const path = try std.fmt.bufPrint(
+        &buf,
+        "/sys/fs/cgroup{s}/{s}",
+        .{ cgroup, filename },
+    );
+    const file = try std.fs.cwd().openFile(path, .{ .mode = .write_only });
+    defer file.close();
+
+    // Write our limit in bytes
+    try file.writer().print("{}", .{size});
+}