From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id MDjPNsSyGGIRRAEAgWs5BA (envelope-from ) for ; Fri, 25 Feb 2022 11:43:16 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id 0CwkNMSyGGLHTwEA9RJhRA (envelope-from ) for ; Fri, 25 Feb 2022 11:43:16 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 82D0217E02 for ; Fri, 25 Feb 2022 11:43:16 +0100 (CET) Received: from localhost ([::1]:35230 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nNY4A-0000A9-7N for larch@yhetil.org; Fri, 25 Feb 2022 05:43:14 -0500 Received: from eggs.gnu.org ([209.51.188.92]:53282) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nNY3f-000097-HU for guix-devel@gnu.org; Fri, 25 Feb 2022 05:42:43 -0500 Received: from [2a02:1800:110:4::f00:18] (port=46442 helo=michel.telenet-ops.be) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nNY3b-0003JU-2I for guix-devel@gnu.org; Fri, 25 Feb 2022 05:42:42 -0500 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by michel.telenet-ops.be with bizsmtp id zNiX2600C4UW6Th06NiXWN; Fri, 25 Feb 2022 11:42:32 +0100 Message-ID: Subject: Re: setting open files limit for daemon processes From: Maxime Devos To: Attila Lendvai , guix-devel Date: Fri, 25 Feb 2022 11:42:27 +0100 In-Reply-To: References: Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-P09zFaFIWRqLs07lBrmZ" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1645785752; bh=XwNDxvgVbF7IrIZwMiEsTux/ov9t99EaQBlEBfpmYhY=; h=Subject:From:To:Date:In-Reply-To:References; b=eJh0HDaOShnC4+N3L6/b2TZw3lUxM6uM1pX+b59jSRVbAD7x+zTd0JjAkGzqqaHRb TVrYVlSZ1F0aYvFERFTwNL+ys0Ww87/6PugJ8KGY72lqbadgjP/RLbLv3QVIoH62/q LF43nC1Pek3tRDmTwW8YaY+lIg+dwYQO6Ve1NZHl6bDDVRuZZjy/zjfgz6qeklEMwR Ox7xzywS100yL/XeL5SGJw7xrt3Y66KFYjk7M177oL0Wt29grH+FTqH464uZmZ/BfR j1DQt5TcUesR9NYjY+0sFpkFcoB59fjqENWCPMWwo94pSrcbGRqGoB0KA+bAX6J5aB rH5q11HW18aag== X-Host-Lookup-Failed: Reverse DNS lookup failed for 2a02:1800:110:4::f00:18 (failed) Received-SPF: pass client-ip=2a02:1800:110:4::f00:18; envelope-from=maximedevos@telenet.be; helo=michel.telenet-ops.be X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1645785796; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=XwNDxvgVbF7IrIZwMiEsTux/ov9t99EaQBlEBfpmYhY=; b=mhC01LSMDeDewuKrwxH15UgshbVTOzQxjMwrnZHtEqvqXraNYrKPAxcqriNn/PR/kxHPQr wd5Qs9mWpP4O7trUD+I5uaqTPHUQBwQcV8RFGfwbOKdMC2FKYYGyV0NWdmgfRCUi+kHmJn 1Aa+IhZIqlcE2QjJMxifeWgnws8Xpum5Lpx2QvMzzXQ5WERLS4XDpBDFgt6S68X+BEPECl SFJrXdaxqgjKsbkkLpWDd96LxYYfId/FYSQtBRfoUD4bCv/XSSCUMVcWnhMK9Yp7VuUETL On2yf/f99b2WcezBuXJB3CaCIUJ7/M4n3+sL/DPK2HzjbuesF2mISH/DHcJY3A== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1645785796; a=rsa-sha256; cv=none; b=rlPx0g5bP3SLs46gzzcGvf14vGKhJwd9nOb9zuiq88nO0Nc3wMmOMp+gbD26L8Mvtpk3B0 y5j2gAjUeELVIBXN4jyzTkf2YzlfZJ+hW+14VXAncQGjyRPmDQSAI6iBih9I6AtPk3Y3pJ hDVjjmPyI85GJEA3g1IHK+6McMNZgMSKHftTXdyEjkF8rLFHlbdSLgMKwkMYmKDHammLBW YLJfBoCfjcZ77Zu8pRywG2BushWhWTD6+ghbVJtlogt2xARr96B3UUDsRH4I1zmjwJg3aY eszRnOBmYcI261KZ+V2n1As09HrzHhi9TbfhocU1uDDPuWKmC34F50tb7Xcqng== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=telenet.be header.s=r22 header.b=eJh0HDaO; dmarc=pass (policy=none) header.from=telenet.be; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -8.03 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=telenet.be header.s=r22 header.b=eJh0HDaO; dmarc=pass (policy=none) header.from=telenet.be; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 82D0217E02 X-Spam-Score: -8.03 X-Migadu-Scanner: scn0.migadu.com X-TUID: Dq/IPZPdxdNq --=-P09zFaFIWRqLs07lBrmZ Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Attila Lendvai schreef op vr 25-02-2022 om 07:55 [+0000]: > "The per-process limit is inherited by each process from its parent", > and Shepherd is the init process. when it spawns a daemon, it inherits > its open files limit. >=20 > i have successfully set the limit for the daemon user using: >=20 > (pam-limits-service > =C2=A0 (list > =C2=A0=C2=A0=C2=A0 (pam-limits-entry "*" 'both 'nofile 100000))) >=20 > and it is applied as observable with: >=20 > su - [daemon user] -c 'ulimit -aHS' -s `which bash` That might set the limit of the user when that user logins (and hence, PAM things are run), but I don't see how this changes the limit of shepherd itself. I don't think that shepherd interacts with PAM at all? My suggestion is to do (setrlimit RLIMIT_NOFILE [...]) inside shepherd itself -- when shepherd starts, or between 'fork' and 'exec'. Maybe an '#:open-file-limit' argument could be added to 'fork+exec-command'? Greetings, Maxime --=-P09zFaFIWRqLs07lBrmZ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYhiykxccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7g5rAP9v9Mh+FtOdoxGu8Kbh3P3YJqrU ZhESeJlXCcmp0S7AyQD9HGSzzcL1JykzyVfYEd3fV5xmxhn39nJ/3hS1Sp5Iwwg= =8CYg -----END PGP SIGNATURE----- --=-P09zFaFIWRqLs07lBrmZ--