Sandboxed App Limits

This topic provides details on sandboxed apps' limits.

There are two sandboxed app limit types:

  • app limits on the aggregated resource usage of all processes in an app.
  • process limits on the resource usage of a single process.

When a resource limit is reached, the resulting behaviour depends on the resource type.

App Limits

This is what happens when app limits are reached:

  • maxFileSystemBytes write() calls will return either ENOSPC or EDQUOT.
  • cpuShare processes will just slow down as they get less of the cpu. This is not actually a limit; it's a share of the cpu for all currently running processes in the system.
  • maxMemoryBytes oom-killer will kill off the offending process.
  • defFilesAdef_maxMQueueBytes mq_open() calls will return ENOSPC.
  • maxThreads fork() calls return EAGAIN.
  • maxQueuedSignals sigqueue() calls return EAGAIN.

Process Limits

This is what happens when process limits are reached:

Note
See Linux man pages for details on many of these limits.