Documentation ¶
Overview ¶
Implement a parser for /etc/security/limits.conf.
Gather information about system memory and swap memory.
Manipulate /sys/ switches.
Manipulate sysctl switches.
Index ¶
- Constants
- Variables
- func GetMainMemSizeMB() uint64
- func GetSemaphoreLimits() (msl, mns, opm, mni uint64)
- func GetSysChoice(parameter string) (string, error)
- func GetSysInt(parameter string) (int, error)
- func GetSysString(parameter string) (string, error)
- func GetSysctlInt(parameter string) (int, error)
- func GetSysctlString(parameter string) (string, error)
- func GetSysctlUint64(parameter string) (uint64, error)
- func GetSysctlUint64Field(param string, field int) (uint64, error)
- func GetTotalMemSizeMB() uint64
- func GetTotalMemSizePages() uint64
- func GetTunedProfile() string
- func IsPagecacheAvailable() bool
- func IsUserRoot() bool
- func ListDir(dirPath string) (dirNames, fileNames []string, err error)
- func ParseMeminfo() (infoMap map[string]uint64)
- func RemountSHM(newSizeMB uint64) error
- func SetSysInt(parameter string, value int) error
- func SetSysString(parameter, value string) error
- func SetSysctlInt(parameter string, value int) error
- func SetSysctlString(parameter, value string) error
- func SetSysctlUint64(parameter string, value uint64) error
- func SetSysctlUint64Field(param string, field int, value uint64) error
- func SystemctlDisableStop(thing string) error
- func SystemctlEnableStart(thing string) error
- func SystemctlIsRunning(thing string) bool
- func TestSysString(parameter, value string) error
- func TunedAdmProfile(profileName string) error
- func WriteTunedAdmProfile(profileName string) error
- type MountPoint
- type MountPoints
- type SecLimits
- func (limits *SecLimits) Apply() error
- func (limits *SecLimits) Get(domain, typeName, item string) (string, bool)
- func (limits *SecLimits) GetOr0(domain, typeName, item string) SecurityLimitInt
- func (limits *SecLimits) Set(domain, typeName, item, value string)
- func (limits *SecLimits) ToText() string
- type SecLimitsEntry
- type SecurityLimitInt
Constants ¶
const ( MemMainTotalKey = "MemTotal" MemSwapTotalKey = "SwapTotal" )
const ( SysctlPagecacheLimitMB = "vm.pagecache_limit_mb" SysctlPagecacheLimitIgnoreDirty = "vm.pagecache_limit_ignore_dirty" SysctlNumaBalancing = "kernel.numa_balancing" SysctlShmall = "kernel.shmall" SysctlShmax = "kernel.shmmax" SysctlShmni = "kernel.shmmni" SysctlMaxMapCount = "vm.max_map_count" SysctlSem = "kernel.sem" SysctlNumberHugepages = "vm.nr_hugepages" SysctlSwappines = "vm.swappiness" SysctlVFSCachePressure = "vm.vfs_cache_pressure" SysctlOvercommitMemory = "vm.overcommit_memory" SysctlOvercommitRatio = "vm.overcommit_ratio" SysctlDirtyRatio = "vm.dirty_ratio" SysctlDirtyBackgroundRatio = "vm.dirty_background_ratio" SysctlNetReadMemMax = "net.core.rmem_max" SysctlNetWriteMemMax = "net.core.wmem_max" SysctlNetMaxBacklog = "net.core.netdev_max_backlog" SysctlNetMaxconn = "net.core.somaxconn" SysctlTCPReadMem = "net.ipv4.tcp_rmem" SysctlTCPWriteMem = "net.ipv4.tcp_wmem" SysctlTCPTimestamps = "net.ipv4.tcp_timestamps" SysctlTCPSack = "net.ipv4.tcp_sack" SysctlTCPDsack = "net.ipv4.tcp_dsack" SysctlTCPFack = "net.ipv4.tcp_fack" SysctlTCPFragLowThreshold = "net.ipv4.ipfrag_low_thresh" SysctlTCPFragHighThreshold = "net.ipv4.ipfrag_high_thresh" SysctlTCPMaxSynBacklog = "net.ipv4.tcp_max_syn_backlog" SysctlTCPSynackRetries = "net.ipv4.tcp_synack_retries" SysctpTCPRetries2 = "net.ipv4.tcp_retries2" SysctlTCPKeepaliveTime = "net.ipv4.tcp_keepalive_time" SysctlTCPKeepaliveProbes = "net.ipv4.tcp_keepalive_probes" SysctlTCPKeepaliveInterval = "net.ipv4.tcp_keepalive_intvl" SysctlTCPTWRecycle = "net.ipv4.tcp_tw_recycle" SysctlTCPTWReuse = "net.ipv4.tcp_tw_reuse" SysctlTCPFinTimeout = "net.ipv4.tcp_fin_timeout" SysctlTCPMTUProbing = "net.ipv4.tcp_mtu_probing" SysctlTCPSynCookies = "net.ipv4.tcp_syncookies" SysctlIPAcceptSourceRoute = "net.ipv4.conf.all.accept_source_route" SysctlIPAcceptRedirects = "net.ipv4.conf.all.accept_redirects" SysctlIPRPFilter = "net.ipv4.conf.all.rp_filter" SysctlIPIgnoreICMPBroadcasts = "net.ipv4.icmp_echo_ignore_broadcasts" SysctlIPIgnoreICMPBogusError = "net.ipv4.icmp_ignore_bogus_error_responses" SysctlIPLogMartians = "net.ipv4.conf.all.log_martians" SysctlRandomizeVASpace = "kernel.randomize_va_space" SysctlKptrRestrict = "kernel.kptr_restrict" SysctlProtectHardlinks = "fs.protected_hardlinks" SysctlProtectSymlinks = "fs.protected_symlinks" SysctlRunChildFirst = "kernel.sched_child_runs_first" )
const SecurityLimitUnlimitedValue = SecurityLimitInt(-1)
SecurityLimitUnlimitedValue is the constant integer value that represents unrestricted limit.
Variables ¶
var SecurityLimitUnlimitedString = []string{"unlimited", "infinity"}
SecurityLimitUnlimitedString are the string constants that represent unrestricted limit.
Functions ¶
func GetMainMemSizeMB ¶
func GetMainMemSizeMB() uint64
Return size of system main memory, excluding swap. Panic on error.
func GetSemaphoreLimits ¶
func GetSemaphoreLimits() (msl, mns, opm, mni uint64)
Return kernel semaphore limits. Panic on error.
func GetSysChoice ¶
Read a /sys/ key that comes with current value and alternative choices, return the current choice or empty string.
func GetSysString ¶
Read a /sys/ key and return the string value.
func GetSysctlString ¶
Read a sysctl key and return the string value.
func GetSysctlUint64 ¶
Read an uint64 sysctl key.
func GetSysctlUint64Field ¶
Extract a uint64 value from a sysctl key of many fields.
func GetTotalMemSizeMB ¶
func GetTotalMemSizeMB() uint64
Return size of system main memory plus swap. Panic on error.
func GetTotalMemSizePages ¶
func GetTotalMemSizePages() uint64
Return size of system main memory plus swap, in pages. Panic on error.
func GetTunedProfile ¶
func GetTunedProfile() string
Return the currently active tuned profile. Return empty string if it cannot be determined.
func IsPagecacheAvailable ¶
func IsPagecacheAvailable() bool
func ParseMeminfo ¶
Parse /proc/meminfo into key(string) - value(int) pairs. Panic on error.
func RemountSHM ¶
Invoke mount command to resize /dev/shm to the specified value.
func SetSysctlInt ¶
Write an integer sysctl value.
func SetSysctlString ¶
Write a string sysctl value.
func SetSysctlUint64 ¶
Write an integer sysctl value.
func SetSysctlUint64Field ¶
Write an integer sysctl value into the specified field pf the key.
func SystemctlDisableStop ¶
Cal systemctl disable and then systemctl stop on thing. Panic on error.
func SystemctlEnableStart ¶
Cal systemctl enable and then systemctl start on thing. Panic on error.
func SystemctlIsRunning ¶
Return true only if systemctl suggests that the thing is running.
func TestSysString ¶
Test writing a string /sys/ value.
func TunedAdmProfile ¶
Call tuned-adm to switch to the specified profile. Panic on error.
func WriteTunedAdmProfile ¶
Write new profile to tuned
Types ¶
type MountPoint ¶
type MountPoint struct { Device string MountPoint string Type string Options []string Dump int Fsck int }
Represent a mount point entry in /proc/mounts or /etc/fstab
func (MountPoint) Equals ¶
func (mount1 MountPoint) Equals(mount2 MountPoint) bool
Return true only if two mount points are identical in all attributes.
func (MountPoint) GetFileSystemSizeMB ¶
func (mount MountPoint) GetFileSystemSizeMB() uint64
Return the total size of the file system in MegaBytes. Panic on error.
type MountPoints ¶
type MountPoints []MountPoint
A list of mount points.
func ParseFstab ¶
func ParseFstab() MountPoints
Return all mount points defined in /etc/fstab. Panic on error.
func ParseMounts ¶
func ParseMounts(txt string) (mounts MountPoints)
Return all mount points defined in the input text. Panic on malformed entry.
func ParseMtabMounts ¶
func ParseMtabMounts() MountPoints
Return all mount points appearing in /proc/mounts. Panic on error.
func ParseProcMounts ¶
func ParseProcMounts() MountPoints
Return all mount points appearing in /proc/mounts. Panic on error.
func (MountPoints) GetByMountPoint ¶
func (mounts MountPoints) GetByMountPoint(mountPoint string) (MountPoint, bool)
Find a mount point by its path.
type SecLimits ¶
type SecLimits struct {
Entries []*SecLimitsEntry
}
Entries of security/limits.conf file. It is able to convert back to original text in the original entry order.
func ParseSecLimits ¶
Read limits.conf text and parse the text into memory structures.
func ParseSecLimitsFile ¶
Read limits.conf and parse the file content into memory structures.
func (*SecLimits) GetOr0 ¶
func (limits *SecLimits) GetOr0(domain, typeName, item string) SecurityLimitInt
GetOrUnlimited retrieves an integer limit value and return. If the value is not specified or cannot be parsed correctly, the 0 value will be returned.
type SecLimitsEntry ¶
type SecLimitsEntry struct { LeadingComments []string // The comment lines leading to the key-value pair, including prefix '#', excluding end-of-line. Domain, Type, Item string Value string }
A single entry in security/limits.conf file.
type SecurityLimitInt ¶
type SecurityLimitInt int // SecurityLimitInt is an integer number where -1 represents unlimited value.
func ToSecurityLimitInt ¶
func ToSecurityLimitInt(in string) SecurityLimitInt
ToSecurityLimitInt interprets integer limit number from input string. If the input cannot be parsed successfully, it will return a default 0 value.
func (SecurityLimitInt) String ¶
func (limit SecurityLimitInt) String() string