Home/ Questions/Q 7489803
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T15:22:35+00:00

I have a large C++ application on Linux with many first party and third

  • 0

I have a large C++ application on Linux with many first party and third party libraries built and linked against.

There are certain parts of the application that should execute without accessing the filesystem or network (particularly to load networked files). Periodically we find that this operation does indeed load files usually due to programmer error.

How can I enforce this with in the code? For example something like:

try {
  lockFileSystem();
  Application->DoImportantOperation();
  unlockFileSystem();
} catch ( InvalidFileSystemAccess )
{ 
 // bad programmer, no pizza
}

Or alternatively is there some sort of lower level callback that the app can hook when a file is opened?

Note I’m aware of the awesomeness of strace, but its gotten to the point where this needs to be enforced as part of the application execution, not as post-hoc manual test.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It depends what exactly the code is legitimately trying to do, but you could possibly do this with setrlimit()‘s RLIMIT_NOFILE.

    Something like this should work:

    #include <sys/resource.h>

struct scoped_fd_blocker {
    rlim_t prev;
    scoped_fd_blocker() {
        rlimit lim;
        getrlimit(RLIMIT_NOFILE, &lim); // get the current limit
        prev = lim.rlim_cur; // save old limit
        lim.rlim_cur = 0; // set the soft limit to 0
        setrlimit(RLIMIT_NOFILE, &lim); // do the set
    }

    ~scoped_fd_blocker() {
        rlimit lim;
        getrlimit(RLIMIT_NOFILE, &lim); // get the current limit
        lim.rlim_cur = prev; // reset the soft limit to the previous value
        setrlimit(RLIMIT_NOFILE, &lim); // do the set
    }
};


// Example Usage:
void do_stuff() {
    scoped_fd_blocker blocker;
    Application->DoImportantOperation();
}

    Basically this tells the OS not to let your process open any file descriptor, even if an existing one is closed, by zeroing the soft open file descriptor limit of the process. Note that this is more than just files and could have some unintended consequences. This would include files, sockets, event objects, directories, shared resources, pipes, and would also prevent C-libraries from opening files. (Some C libraries do use file locks and stuff to manage concurrency.) Think about all of the things that open files (like dlopen for example).

    Any attempt to open a file descriptor will fail (return -1) and errno will be set to EMFILE which translates to “Error 24: Too many open files”.

    I’ve put the whole thing in a struct so that it’s strongly exception safe.

    • 0