From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id +BERK8tWcWHqLgAAgWs5BA (envelope-from ) for ; Thu, 21 Oct 2021 14:02:19 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id yBLCJstWcWFDdQAAB5/wlQ (envelope-from ) for ; Thu, 21 Oct 2021 12:02:19 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 30E09127BF for ; Thu, 21 Oct 2021 14:02:19 +0200 (CEST) Received: from localhost ([::1]:34656 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mdWm2-0003Gs-C4 for larch@yhetil.org; Thu, 21 Oct 2021 08:02:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52272) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mdWlm-0003D2-Pv for guix-patches@gnu.org; Thu, 21 Oct 2021 08:02:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:44799) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mdWlm-0001aj-Gl for guix-patches@gnu.org; Thu, 21 Oct 2021 08:02:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mdWlm-00046Z-AM for guix-patches@gnu.org; Thu, 21 Oct 2021 08:02:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#51315] [PATCH v2] services: tor: Raise file descriptor ulimit. References: <20211021115622.826-1-me@tobias.gr> In-Reply-To: <20211021115622.826-1-me@tobias.gr> Resent-From: Tobias Geerinckx-Rice Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 21 Oct 2021 12:02:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 51315 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 51315@debbugs.gnu.org Received: via spool by 51315-submit@debbugs.gnu.org id=B51315.163481767015710 (code B ref 51315); Thu, 21 Oct 2021 12:02:02 +0000 Received: (at 51315) by debbugs.gnu.org; 21 Oct 2021 12:01:10 +0000 Received: from localhost ([127.0.0.1]:56345 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mdWkl-00044h-Ao for submit@debbugs.gnu.org; Thu, 21 Oct 2021 08:01:10 -0400 Received: from tobias.gr ([80.241.217.52]:53254) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mdWkj-00044V-JI for 51315@debbugs.gnu.org; Thu, 21 Oct 2021 08:00:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=U1esVwiGQ3snW K3JqgHzOoG0jZHsH0W+ktq+L3A8Ckc=; h=date:subject:to:from; d=tobias.gr; b=APjgnGEX3nKKlIN2j5D7tU+4+xuFp6TjQV6CIj/ECzCKWCcgXK0UIRenNQabfVxAYP07 woL1HoUtysUp7pHamCRyVz7Sc4hHX52E/PtLVA6ZHWkVaFrse5LMqKfixVWf06U8S80n8W cQbzDxB6yKEDUjisARr/rX9a48/t3KpHz4XlZf6xz206A4zgJqJg/MvuXcZ+CP+YlubGLz d8DgDpVhfK2I4DjkHnFvCFU3Ys4rnT3FVDs9OWeC03hgkW7JtqGx5fPtHyRYY0yVoZHOHp jZQSogxlCzlVdL7ghvcNA7kNCji/xifvCSPk0BT9hP3rIYCWq+QKx8o+nJ7AZKZA== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 10d2fac6 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for <51315@debbugs.gnu.org>; Thu, 21 Oct 2021 12:00:52 +0000 (UTC) Date: Thu, 21 Oct 2021 14:01:03 +0200 Message-Id: <20211021120103.3891-1-me@tobias.gr> X-Mailer: git-send-email 2.33.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" Reply-to: Tobias Geerinckx-Rice X-ACL-Warn: , Tobias Geerinckx-Rice via Guix-patches From: Tobias Geerinckx-Rice via Guix-patches via X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1634817739; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=U1esVwiGQ3snWK3JqgHzOoG0jZHsH0W+ktq+L3A8Ckc=; b=l288/GmFGE5rPGI1zD4e/MFzR20WAeBjdo+RFkq6Fvnxou8rYCwuF4/wSrUzXzmRY88arE iysKAoZAc4Y4bAHtpPKaYR2OOTW8DBxG+SAnLZwWqVt5Nl1+uE+hGCj7at75B1AhkFk5+n UKJ/WtD8oaLLjeSE2rcbqcEVJhgeYNfFtkzAkqLoFzEc8F2t8QvcuUeQ/Otopb3Kl0TV6k Yt3707P6rgZKyr84gafKRikyeZSXz65uleujqZjHtQwsxBXuO2QbmtuQUIXnfx/kHEkQQe K12VXTa+sQzSJrWCPBAV9VhyrFWXS5hLgyVRmvnWCbVgsggzmll4aa4D7ziBwQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1634817739; a=rsa-sha256; cv=none; b=tg7NHlWQHNKAuy1z533bgLD+fY/ay3/zrIrvUDg17sW1W29O38Z3d9I2bGGX8Eixlt43JO 1A7XQklziLz9NtKlNmYiHRIF3yY/V3ladGrADc4G6Bg6ft+qJdxQM+rdgMa5FCc71cM60u 0NemYIOxiMndVSBUTOkSL7xT2InFzIL9l2tEXlcc28CZoI1g5Or0qsKJWbdS5OAYQWqD27 uXWkgOgDOUW+J/jFAqvD9f1sSz3/S+RMJ2IgxhjyLSOaQDkOMw/VAzsMJtiOAWR7Ois950 0uGFVi8hq3zGKrETskKLAVUaggeW3pOjO5o4GrMssUPyE13S0evDVT00Plh/2w== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=tobias.gr header.s=2018 header.b=APjgnGEX; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: -1.43 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=tobias.gr header.s=2018 header.b=APjgnGEX; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: 30E09127BF X-Spam-Score: -1.43 X-Migadu-Scanner: scn0.migadu.com X-TUID: pIqYyGbaGDhr * gnu/services/tor.scm (tor-shepherd-service): Run ulimit -n before launching Tor. --- ♪ …one of these days I'll send the right bleedin' patch… ♪ gnu/services/networking.scm | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 7e310b70ec..5a8852f262 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -1,24 +1,24 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès ;;; Copyright © 2015 Mark H Weaver ;;; Copyright © 2016, 2018, 2020 Efraim Flashner ;;; Copyright © 2016 John Darrington ;;; Copyright © 2017 Clément Lassieur ;;; Copyright © 2017 Thomas Danckaert ;;; Copyright © 2017, 2018 Marius Bakke -;;; Copyright © 2018 Tobias Geerinckx-Rice +;;; Copyright © 2018, 2021 Tobias Geerinckx-Rice ;;; Copyright © 2018 Chris Marusich ;;; Copyright © 2018 Arun Isaac ;;; Copyright © 2019 Florian Pelz ;;; Copyright © 2019, 2021 Maxim Cournoyer ;;; Copyright © 2019 Sou Bunnbu ;;; Copyright © 2019 Alex Griffin ;;; Copyright © 2020 Brice Waegeneire ;;; Copyright © 2021 Oleg Pykhalov ;;; Copyright © 2021 Christine Lemmer-Webber ;;; Copyright © 2021 Maxime Devos ;;; Copyright © 2021 Guillaume Le Vaillant ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it @@ -948,32 +948,40 @@ (define (tor-shepherd-service config) (($ tor) (let ((torrc (tor-configuration->torrc config))) (with-imported-modules (source-module-closure '((gnu build shepherd) (gnu system file-systems))) (list (shepherd-service (provision '(tor)) ;; Tor needs at least one network interface to be up, hence the ;; dependency on 'loopback'. (requirement '(user-processes loopback syslogd)) (modules '((gnu build shepherd) (gnu system file-systems))) + ;; The file descriptor ulimit must be raised in the + ;; environment from which the daemon is launched; see + ;; https://gitweb.torproject.org/tor.git/plain/doc/TUNING + ;; The exact number is somewhat arbitrary but taken from + ;; https://gitweb.torproject.org/debian/tor.git/tree/debian/tor.init#n40 (start #~(make-forkexec-constructor/container - (list #$(file-append tor "/bin/tor") "-f" #$torrc) + (list #$(file-append bash "/bin/bash") "-c" + (string-append "ulimit -n 32768; exec " + #$(file-append tor "/bin/tor") + " -f " #$torrc)) #:log-file "/var/log/tor.log" #:mappings (list (file-system-mapping (source "/var/lib/tor") (target source) (writable? #t)) (file-system-mapping (source "/dev/log") ;for syslog (target source)) (file-system-mapping (source "/var/run/tor") (target source) (writable? #t))) #:pid-file "/var/run/tor/tor.pid")) (stop #~(make-kill-destructor)) -- 2.33.0