* [bug#51315] [PATCH] services: tor: Raise file descriptor ulimit.
@ 2021-10-21 11:56 Tobias Geerinckx-Rice via Guix-patches via
2021-10-21 12:01 ` [bug#51315] [PATCH v2] " Tobias Geerinckx-Rice via Guix-patches via
0 siblings, 1 reply; 3+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2021-10-21 11:56 UTC (permalink / raw)
To: 51315
* gnu/services/tor.scm (tor-shepherd-service): Run ulimit -n before
launching Tor.
---
Guix,
I got a kind mail from an authorised Torperson[0] that one of my nodes was running low on efdees. Sure enough, it was the Guix one.
This patch does the job, but boy, would I like to know if there's a better way to do it.
Kind regards,
T G-R
[0]: Yes, I did bite their official-looking badge to make sure it wasn't just someone trying to ingratiate themselves with incompetent relay operators.
gnu/services/networking.scm | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index e19add927d..13150cb98e 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -948,34 +948,40 @@ (define (tor-shepherd-service config)
(($ <tor-configuration> tor)
(let ((torrc (tor-configuration->torrc config)))
(with-imported-modules (source-module-closure
'((gnu build shepherd)
(gnu system file-systems)))
(list (shepherd-service
(provision '(tor))
;; Tor needs at least one network interface to be up, hence the
;; dependency on 'loopback'.
(requirement '(user-processes loopback syslogd))
(modules '((gnu build shepherd)
(gnu system file-systems)))
+ ;; The file descriptor ulimit must be raised in the
+ ;; environment from which the daemon is launched; see
+ ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING
+ ;; The exact number is somewhat arbitrary but taken from
+ ;; https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40
(start #~(make-forkexec-constructor/container
(list #$(file-append bash "/bin/bash") "-c"
(string-append "ulimit -n 32768; exec "
- #$(file-append tor "/bin/tor") " -f " #$torrc))
+ #$(file-append tor "/bin/tor")
+ " -f " #$torrc))
#:log-file "/var/log/tor.log"
#:mappings (list (file-system-mapping
(source "/var/lib/tor")
(target source)
(writable? #t))
(file-system-mapping
(source "/dev/log") ;for syslog
(target source))
(file-system-mapping
(source "/var/run/tor")
(target source)
(writable? #t)))
#:pid-file "/var/run/tor/tor.pid"))
(stop #~(make-kill-destructor))
--
2.33.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [bug#51315] [PATCH v2] services: tor: Raise file descriptor ulimit.
2021-10-21 11:56 [bug#51315] [PATCH] services: tor: Raise file descriptor ulimit Tobias Geerinckx-Rice via Guix-patches via
@ 2021-10-21 12:01 ` Tobias Geerinckx-Rice via Guix-patches via
2021-10-28 18:43 ` [bug#51315] [PATCH] " Ludovic Courtès
0 siblings, 1 reply; 3+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2021-10-21 12:01 UTC (permalink / raw)
To: 51315
* gnu/services/tor.scm (tor-shepherd-service): Run ulimit -n before
launching Tor.
---
♪ …one of these days I'll send the right bleedin' patch… ♪
gnu/services/networking.scm | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 7e310b70ec..5a8852f262 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -1,24 +1,24 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016, 2018, 2020 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 John Darrington <jmd@gnu.org>
;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>
-;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018, 2021 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
;;; Copyright © 2019 Florian Pelz <pelzflorian@pelzflorian.de>
;;; Copyright © 2019, 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;; Copyright © 2019 Sou Bunnbu <iyzsong@member.fsf.org>
;;; Copyright © 2019 Alex Griffin <a@ajgrf.com>
;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
;;; Copyright © 2021 Oleg Pykhalov <go.wigust@gmail.com>
;;; Copyright © 2021 Christine Lemmer-Webber <cwebber@dustycloud.org>
;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be>
;;; Copyright © 2021 Guillaume Le Vaillant <glv@posteo.net>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
@@ -948,32 +948,40 @@ (define (tor-shepherd-service config)
(($ <tor-configuration> tor)
(let ((torrc (tor-configuration->torrc config)))
(with-imported-modules (source-module-closure
'((gnu build shepherd)
(gnu system file-systems)))
(list (shepherd-service
(provision '(tor))
;; Tor needs at least one network interface to be up, hence the
;; dependency on 'loopback'.
(requirement '(user-processes loopback syslogd))
(modules '((gnu build shepherd)
(gnu system file-systems)))
+ ;; The file descriptor ulimit must be raised in the
+ ;; environment from which the daemon is launched; see
+ ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING
+ ;; The exact number is somewhat arbitrary but taken from
+ ;; https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40
(start #~(make-forkexec-constructor/container
- (list #$(file-append tor "/bin/tor") "-f" #$torrc)
+ (list #$(file-append bash "/bin/bash") "-c"
+ (string-append "ulimit -n 32768; exec "
+ #$(file-append tor "/bin/tor")
+ " -f " #$torrc))
#:log-file "/var/log/tor.log"
#:mappings (list (file-system-mapping
(source "/var/lib/tor")
(target source)
(writable? #t))
(file-system-mapping
(source "/dev/log") ;for syslog
(target source))
(file-system-mapping
(source "/var/run/tor")
(target source)
(writable? #t)))
#:pid-file "/var/run/tor/tor.pid"))
(stop #~(make-kill-destructor))
--
2.33.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [bug#51315] [PATCH] services: tor: Raise file descriptor ulimit.
2021-10-21 12:01 ` [bug#51315] [PATCH v2] " Tobias Geerinckx-Rice via Guix-patches via
@ 2021-10-28 18:43 ` Ludovic Courtès
0 siblings, 0 replies; 3+ messages in thread
From: Ludovic Courtès @ 2021-10-28 18:43 UTC (permalink / raw)
To: Tobias Geerinckx-Rice; +Cc: 51315
Hello!
Tobias Geerinckx-Rice <me@tobias.gr> skribis:
> + ;; The file descriptor ulimit must be raised in the
> + ;; environment from which the daemon is launched; see
> + ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING
> + ;; The exact number is somewhat arbitrary but taken from
> + ;; https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40
> (start #~(make-forkexec-constructor/container
> - (list #$(file-append tor "/bin/tor") "-f" #$torrc)
> + (list #$(file-append bash "/bin/bash") "-c"
> + (string-append "ulimit -n 32768; exec "
> + #$(file-append tor "/bin/tor")
> + " -f " #$torrc))
Instead of going through Bash, what about something like:
(lambda _
(let ((pid (fork+exec-command/container …)))
(container-excursion* pid
(lambda () (setrlimit 'nofile 32768 32768)))
pid))
?
Ludo’.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-10-28 18:44 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-21 11:56 [bug#51315] [PATCH] services: tor: Raise file descriptor ulimit Tobias Geerinckx-Rice via Guix-patches via
2021-10-21 12:01 ` [bug#51315] [PATCH v2] " Tobias Geerinckx-Rice via Guix-patches via
2021-10-28 18:43 ` [bug#51315] [PATCH] " Ludovic Courtès
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).