Grsecurity/Appendix/System Resources

Introduction
This table lists all system resources that can be restricted by grsecurity. Grsecurity supports all the resources Linux supports, but uses slightly different names for them: The RLIMIT prefix has been replaced with RES. For example, the Linux resource RLIMIT_CPU is called RES_CPU in grsecurity.

For detailed information about resources in Linux, see the man page of getrlimit.

Syntax and Examples
A single resource rule follows the following syntax:

An example of this syntax would be: RES_FSIZE 5K 5K

This would prevent the process from creating files that are bigger than 5 Kilobytes.

Using unlimited is valid for both the soft limit and the hard limit, to denote an unlimited resource. Note that by omitting a resource restriction, the system's default limits are used (as set by PAM or the application itself). If a resource is specified within the policy, the specific limits override the system's default limits for the given subject.

A number of suffixes are allowed when specifying resource limits. They are described below.

A full list of supported resources is supplied below.