cgit: use a dedicated named limiter

I mainly need this to enforce RLIMIT_CPU (and RLIMIT_CORE)
when requests come which generate giant, unrealistic diffs.

Per-coderepo limiters may be added in the future.  But for now,
I need to prevent cgit from monopolizing resources on my dinky
server.

diff --git a/Documentation/public-inbox-config.pod b/Documentation/public-inbox-config.pod
index dae69987d0276415f0aad32de76d0ef6375d3931..d6ecd086996936419560587fede6daafac7ef93e 100644 (file)
--- a/Documentation/public-inbox-config.pod
+++ b/Documentation/public-inbox-config.pod
@@ -231,6 +231,10 @@ the default limiter.
 C<RLIMIT_*> keys may be set to enforce resource limits for
 a particular limiter.
 
+Default named-limiters are prefixed with "-".  Currently,
+the "-cgit" named limiter is reserved for instances spawning
+cgit via C<publicinbox.cgitrc>
+
 =over 8
 
 =item publicinboxlimiter.<name>.max

diff --git a/lib/PublicInbox/Cgit.pm b/lib/PublicInbox/Cgit.pm
index 3d1a0d54879739be91ec342ce933b7b4d9e25097..9ba9e14dea0efb21602381f87d851115af67125b 100644 (file)
--- a/lib/PublicInbox/Cgit.pm
+++ b/lib/PublicInbox/Cgit.pm
@@ -77,7 +77,8 @@ sub call {
 
        my $rdr = input_prepare($env) or return r(500);
        my $qsp = PublicInbox::Qspawn->new($self->{cmd}, $cgi_env, $rdr);
-       $qsp->psgi_return($env, undef, sub {
+       my $limiter = $self->{pi_config}->limiter('-cgit');
+       $qsp->psgi_return($env, $limiter, sub {
                my ($r, $bref) = @_;
                my $res = parse_cgi_headers($r, $bref) or return; # incomplete
                $res;

diff --git a/lib/PublicInbox/Config.pm b/lib/PublicInbox/Config.pm
index 6f62712f0eb1ea43b645e52a4a7fabe3c0cc1e9c..9c1c3e2c8ca69448b7abb0968375e4b494e9fb43 100644 (file)
--- a/lib/PublicInbox/Config.pm
+++ b/lib/PublicInbox/Config.pm
@@ -132,7 +132,7 @@ sub limiter {
        my ($self, $name) = @_;
        $self->{-limiters}->{$name} ||= do {
                require PublicInbox::Qspawn;
-               my $max = $self->{"publicinboxlimiter.$name.max"};
+               my $max = $self->{"publicinboxlimiter.$name.max"} || 1;
                my $limiter = PublicInbox::Qspawn::Limiter->new($max);
                $limiter->setup_rlimit($name, $self);
                $limiter;