java.lang.Object
org.elasticsearch.nativeaccess.PosixNativeAccess
org.elasticsearch.nativeaccess.MacNativeAccess
- All Implemented Interfaces:
NativeAccess
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.elasticsearch.nativeaccess.NativeAccess
NativeAccess.ExecSandboxState -
Field Summary
FieldsModifier and TypeFieldDescriptionprotected NativeAccess.ExecSandboxStateprotected booleanprotected static final LoggerFields inherited from class org.elasticsearch.nativeaccess.PosixNativeAccess
constants, libc, processLimits, vectorDistance -
Method Summary
Modifier and TypeMethodDescriptionReturn whether installing the exec system call filters was successful, and to what degree.protected longReturn the maximum number of threads this process may start, orProcessLimits.UNKNOWN.getZstd()Returns an accessor to zstd compression functions.booleanReturn whether locking memory was successful, or false otherwise.protected voidprotected booleannativePreallocate(int fd, long currentSize, long newSize) newConfinedBuffer(int len) Creates a newCloseableByteBufferusing a confined arena.newSharedBuffer(int len) Creates a newCloseableByteBufferusing a shared arena.systemd()voidInstalls exec system call filtering on MacOS.Methods inherited from class org.elasticsearch.nativeaccess.PosixNativeAccess
allocatedSizeInBytes, definitelyRunningAsRoot, getProcessLimits, getRLimit, getVectorSimilarityFunctions, tryLockMemory, tryPreallocate
-
Field Details
-
logger
-
isMemoryLocked
protected boolean isMemoryLocked -
execSandboxState
-
-
Method Details
-
getMaxThreads
protected long getMaxThreads()Description copied from class:PosixNativeAccessReturn the maximum number of threads this process may start, orProcessLimits.UNKNOWN.- Specified by:
getMaxThreadsin classPosixNativeAccess
-
logMemoryLimitInstructions
protected void logMemoryLimitInstructions()- Specified by:
logMemoryLimitInstructionsin classPosixNativeAccess
-
nativePreallocate
protected boolean nativePreallocate(int fd, long currentSize, long newSize) - Specified by:
nativePreallocatein classPosixNativeAccess
-
tryInstallExecSandbox
public void tryInstallExecSandbox()Installs exec system call filtering on MacOS.Two different methods of filtering are used. Since MacOS is BSD based, process creation is first restricted with
setrlimit(RLIMIT_NPROC).Additionally, on Mac OS X Leopard or above, a custom
sandbox(7)("Seatbelt") profile is installed that denies the following rules:process-forkprocess-exec
- See Also:
-
systemd
- Specified by:
systemdin interfaceNativeAccess
-
getZstd
Description copied from interface:NativeAccessReturns an accessor to zstd compression functions.- Specified by:
getZstdin interfaceNativeAccess- Returns:
- an object used to compress and decompress bytes using zstd
-
newConfinedBuffer
Description copied from interface:NativeAccessCreates a newCloseableByteBufferusing a confined arena. The buffer must be used within the same thread that it is created.- Specified by:
newConfinedBufferin interfaceNativeAccess- Parameters:
len- the number of bytes the buffer should allocate- Returns:
- the buffer
-
isMemoryLocked
public boolean isMemoryLocked()Description copied from interface:NativeAccessReturn whether locking memory was successful, or false otherwise.- Specified by:
isMemoryLockedin interfaceNativeAccess
-
getExecSandboxState
Description copied from interface:NativeAccessReturn whether installing the exec system call filters was successful, and to what degree.- Specified by:
getExecSandboxStatein interfaceNativeAccess
-