Each process has an associated set of resource limits , which specify the amount of system resources it can use. These limits keep a user from overwhelming the system (its CPU, disk space, and so on). Linux recognizes the following resource limits illustrated in Table 3-7.

每个进程都有相应的资源限制，指明了它可以使用的系统资源。这些限制防止用户耗尽系统（的CPU、磁盘空间等待）。Linux识别下列限制。

The resource limits for the current process are stored in the current->signal->rlim field, that is, in a field of the process's signal descriptor (see the section "Data Structures Associated with Signals" in Chapter 11). The field is an array of elements of type struct rlimit, one for each resource limit:

当前进程的资源限制存储在current->signal->rlim成员中，即，在进程的信号描述符的成员中。这个成员是一个由多个类型为rlimit元素组成的数组：

 

struct rlimit {         unsigned long rlim_cur;         unsigned long rlim_max;     };

 

 

Field name	Description
RLIMIT_AS	The maximum size of process address space, in bytes. The kernel checks this value when the process uses malloc( ) or a related function to enlarge its address space (see the section "The Process's Address Space" in Chapter 9). 进程空间的最大数目，用byte表示。内核在进程使用malloc()或者有关扩大其地址空间的函数时检查这个值。
RLIMIT_CORE	The maximum core dump file size, in bytes. The kernel checks this value when a process is aborted, before creating a core file in the current directory of the process (see the section "Actions Performed upon Delivering a Signal" in Chapter 11). If the limit is 0, the kernel won't create the file. 最大的core dump文件大小，用byte表示。当进程夭折，在进程当前目录产生一个core文件前，内核会检查这个值。如果这个限制是0，内核不会创建这个文件。
RLIMIT_CPU	The maximum CPU time for the process, in seconds. If the process exceeds the limit, the kernel sends it a SIGXCPU signal, and then, if the process doesn't terminate, a SIGKILL signal (see Chapter 11). 进程最大的CPU时间，用秒表示。如果进程超出了这个限制，内核就向它发生一个SIGXCPU信号，如果进程没有结束，接着在发送一个SIGKILL信号。
RLIMIT_DATA	The maximum heap size, in bytes. The kernel checks this value before expanding the heap of the process (see the section "Managing the Heap" in Chapter 9). 最大的堆大小，用byte表示。内核在扩大进程的堆大小前检查这个值。
RLIMIT_FSIZE	The maximum file size allowed, in bytes. If the process tries to enlarge a file to a size greater than this value, the kernel sends it a SIGXFSZ signal. 最大允许的文件大小，用byte表示。如果进程试图扩大一个文件到比这个值大的数目，内核会向它发生一个SIGXFSZ信号。
RLIMIT_LOCKS	Maximum number of file locks (currently, not enforced). 最大的文件锁数目（目前，不强制）
RLIMIT_MEMLOCK	The maximum size of nonswappable memory, in bytes. The kernel checks this value when the process tries to lock a page frame in memory using the mlock( ) or mlockall( ) system calls (see the section "Allocating a Linear Address Interval" in Chapter 9). 最大的不可交换内存大小，用byte表示。当进程试图使用mlock()或mlockall()系统调用将一个页帧锁在内存中时，内核会检查这个值。
RLIMIT_MSGQUEUE	Maximum number of bytes in POSIX message queues (see the section "POSIX Message Queues" in Chapter 19). 最大的POSIX消息队列数目。
RLIMIT_NOFILE	The maximum number of open file descriptors. The kernel checks this value when opening a new file or duplicating a file descriptor (see Chapter 12). 最大的打开的文件描述符的数目。当打开一个新文件或复制一个文件描述符时，内核会检查这个值。
RLIMIT_NPROC	The maximum number of processes that the user can own (see the section "The clone( ), fork( ), and vfork( ) System Calls" later in this chapter). 用户可拥有的最大进程数目。
RLIMIT_RSS	The maximum number of page frames owned by the process (currently, not enforced). 进程可拥有的最大页帧数目（当前，不强制）
RLIMIT_SIGPENDING	The maximum number of pending signals for the process (see Chapter 11).进程的最大未处理的信号数目。
RLIMIT_STACK	The maximum stack size, in bytes. The kernel checks this value before expanding the User Mode stack of the process (see the section "Page Fault Exception Handler" in Chapter 9).最大的栈大小，byte表示。 在扩大进程的用户空间栈时，内核检查这个值。

The rlim_cur field is the current resource limit for the resource. For example, current->signal->rlim[RLIMIT_CPU].rlim_cur represents the current limit on the CPU time of the running process.

rlim_cur成员是进程的当前资源限制。比如current->signal->rlim[RLIMIT_CPU].rlim_cur表示正在运行的进程的当前CPU时间的限制。

The rlim_max field is the maximum allowed value for the resource limit. By using the getrlimit( ) and setrlimit( ) system calls, a user can always increase the rlim_cur limit of some resource up to rlim_max. However, only the superuser (or, more precisely, a user who has the CAP_SYS_RESOURCE capability) can increase the rlim_max field or set the rlim_cur field to a value greater than the corresponding rlim_max field.

rlim_max成员是允许的资源限制的最大值。通过使用getrlimit()和setrlimit()系统调用，用户可以增加某种资源的rlim_cur限制到rlim_max。然而，只有超级用户（或者，更精确地，一个拥有CAP_SYS_RESOURCE能力的用户）可以增加rlim_max成员或者设置rlim_cur成员为一个比对应rlim_max成员大的值。

Most resource limits contain the value RLIM_INFINITY (0xffffffff), which means that no user limit is imposed on the corresponding resource (of course, real limits exist due to kernel design restrictions, available RAM, available space on disk, etc.). However, the system administrator may choose to impose stronger limits on some resources. Whenever a user logs into the system, the kernel creates a process owned by the superuser, which can invoke setrlimit( ) to decrease the rlim_max and rlim_cur fields for a resource. The same process later executes a login shell and becomes owned by the user. Each new process created by the user inherits the content of the rlim array from its parent, and therefore the user cannot override the limits enforced by the administrator.

大多数限制包含值RLIM_INFINITY（0xFFFFFFFF），意味着没有用户限制在对应的资源上（当然，真实的限制存在的，由于内核设计的约束、可用的RAM、可用的磁盘空间等等）。然而，系统管理员可以选择在某些资源上加以很强的限制。无论何时某个用户登陆系统，内核创建一个属于超级用户的进程，这个进程可以调用setrlimit()减少某个资源的rlim_max和rlim_cur成员。这个进程稍后执行登陆shell并变成由用户拥有。每个由这个用户创建的新的进程从它的父辈继承rlim数组的内容，因此用户不能越过系统管理员设置的限制。