As part of the UNIX-like package, Ironclad supports various resource limits that, in the case of Ironclad, are built inside MAC, and are passed down like MAC capabilities (see Mandatory access control (MAC)). See getrlimit/setrlimit.
Limits mostly act as you would expect them to behave, and they are all
initialized to the maximum possible value, there are only 2 quirks: For one,
limits are only deescalatory (like MAC), you can only go down, never up, and,
since Ironclad does not support dynamically growing stacks, the initial size is
dictated (for the stacks created by the kernel) with RLIMIT_STACK. Thus,
Ironclad does not start that limit with the maximum value, but a smaller valid
size.
A short description of the available limits and their default values is:
RLIMIT_CORESize of corefile dumps, by default 0 (disabling it).
RLIMIT_CPULimit of CPU time a process can consume in seconds, by default -1 (max value).
RLIMIT_FSIZELimit of individual file size a process can write, by default -1 (max value).
RLIMIT_NOFILELimit of files a process can open on top of other system limits, by default -1 (max value).
RLIMIT_STACKLimit of stack size for a process, by default 4 MiB.
RLIMIT_ASLimit of maximum address size space used by a process, by default -1 (max value).