From: Tobias Geerinckx-Rice via Guix-patches via <guix-patches@gnu.org>
To: 51315@debbugs.gnu.org
Subject: [bug#51315] [PATCH] services: tor: Raise file descriptor ulimit.
Date: Thu, 21 Oct 2021 13:56:22 +0200 [thread overview]
Message-ID: <20211021115622.826-1-me@tobias.gr> (raw)
* gnu/services/tor.scm (tor-shepherd-service): Run ulimit -n before
launching Tor.
---
Guix,
I got a kind mail from an authorised Torperson[0] that one of my nodes was running low on efdees. Sure enough, it was the Guix one.
This patch does the job, but boy, would I like to know if there's a better way to do it.
Kind regards,
T G-R
[0]: Yes, I did bite their official-looking badge to make sure it wasn't just someone trying to ingratiate themselves with incompetent relay operators.
gnu/services/networking.scm | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index e19add927d..13150cb98e 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -948,34 +948,40 @@ (define (tor-shepherd-service config)
(($ <tor-configuration> tor)
(let ((torrc (tor-configuration->torrc config)))
(with-imported-modules (source-module-closure
'((gnu build shepherd)
(gnu system file-systems)))
(list (shepherd-service
(provision '(tor))
;; Tor needs at least one network interface to be up, hence the
;; dependency on 'loopback'.
(requirement '(user-processes loopback syslogd))
(modules '((gnu build shepherd)
(gnu system file-systems)))
+ ;; The file descriptor ulimit must be raised in the
+ ;; environment from which the daemon is launched; see
+ ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING
+ ;; The exact number is somewhat arbitrary but taken from
+ ;; https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40
(start #~(make-forkexec-constructor/container
(list #$(file-append bash "/bin/bash") "-c"
(string-append "ulimit -n 32768; exec "
- #$(file-append tor "/bin/tor") " -f " #$torrc))
+ #$(file-append tor "/bin/tor")
+ " -f " #$torrc))
#:log-file "/var/log/tor.log"
#:mappings (list (file-system-mapping
(source "/var/lib/tor")
(target source)
(writable? #t))
(file-system-mapping
(source "/dev/log") ;for syslog
(target source))
(file-system-mapping
(source "/var/run/tor")
(target source)
(writable? #t)))
#:pid-file "/var/run/tor/tor.pid"))
(stop #~(make-kill-destructor))
--
2.33.0
next reply other threads:[~2021-10-21 11:57 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-21 11:56 Tobias Geerinckx-Rice via Guix-patches via [this message]
2021-10-21 12:01 ` [bug#51315] [PATCH v2] services: tor: Raise file descriptor ulimit Tobias Geerinckx-Rice via Guix-patches via
2021-10-28 18:43 ` [bug#51315] [PATCH] " Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211021115622.826-1-me@tobias.gr \
--to=guix-patches@gnu.org \
--cc=51315@debbugs.gnu.org \
--cc=me@tobias.gr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).