Skip to content

old_getrlimit

Intro

old_getrlimit - get resource limits knwon to the kernel

Description

The old_getrlimit syscall is used to retrieve the resource limit values for a particular resource, such as the maximum size of a file that may be written, the maximum number of processes that may be started, etc. It returns the values in the struct rlimit pointed to by the rlim parameter.

This syscall is available in Linux kernel versions 2.2 and earlier, although it is no longer supported in newer kernels. As such, it is important to note that, while it may return the correct results, those results may be outdated and the kernel may be changing it's behavior without the process being aware.

Arguments

  • resource:int - resource identifier.
  • rlim:struct rlimit* - pointer to struct rlimit that will store the limit values.

Availiable Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)

Hooks

old_getrlimit

Type

Kprobe + Kretprobe

Purpose

To monitor resource limit values in the kernel.

Example Use Case

If a process needs to monitor its resource limit values, it can use old_getrlimit syscall.

Issues

The old_getrlimit syscall is no longer supported in newer kernels and as such the results returned may be outdated and the kernel may be changing it's behavior without the process being aware.

  • setrlimit - set resource limit values.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.