Sandboxed App Limits
This topic provides details on sandboxed apps' limits.
There are two sandboxed app limit types:
- app limits on the aggregated resource usage of all processes in an app.
- process limits on the resource usage of a single process.
When a resource limit is reached, the resulting behaviour depends on the resource type.
App Limits
This is what happens when app limits are reached:
- maxFileSystemBytes write() calls will return either ENOSPC or EDQUOT.
- cpuShare processes will just slow down as they get less of the cpu. This is not actually a limit; it's a share of the cpu for all currently running processes in the system.
- maxMemoryBytes oom-killer will kill off the offending process.
- defFilesAdef_maxMQueueBytes mq_open() calls will return ENOSPC.
- maxThreads fork() calls return EAGAIN.
- maxQueuedSignals sigqueue() calls return EAGAIN.
Process Limits
This is what happens when process limits are reached:
- maxCoreDumpFileBytes core dump files are truncated to this limit.
- maxFileBytes processes will receive a SIGXFSZ and systems calls like write() will return EFBIG.
- maxLockedMemoryBytes calls such as mlock(), mlockall(), mmap(), shmctl() will return ENOMEM.
- maxFileDescriptors calls such as open(), pipe(), dup(), etc. will return EMFILE.
- maxSecureStorage Bytes the function le_secStore_Write() call will return LE_NO_MEMORY.
- Note
- See Linux man pages for details on many of these limits.
Copyright (C) Sierra Wireless Inc.