From owner-svn-src-all@freebsd.org Thu Sep 10 16:18:11 2015 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 82FDFA0104E; Thu, 10 Sep 2015 16:18:11 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from mail-ig0-x233.google.com (mail-ig0-x233.google.com [IPv6:2607:f8b0:4001:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4D3DE18CD; Thu, 10 Sep 2015 16:18:11 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: by igxx6 with SMTP id x6so19272165igx.1; Thu, 10 Sep 2015 09:18:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=UUvT2aDQ+8aw/dxkqMU/2JtVWPa/gcas7837miCAJnw=; b=j+tnRyRu4dL5MnR9IWsLIHOwPjVfixe3Aa3UO9i47y4CoBCKSELpH7Cnt8VbShOMC8 lE+2M4DCi9M2aR6tfk+VlRUiWlnbmiFxAfw8c67aEE7vl9Jt4wDaUhdcouJBIBuiNVqP GG/GWR+4ZIbE7weKpbkQpPYqyIesv1Lq3d8ACEoaBq7SLIfemlULQ4XNQB6KG90zv6Kh cDs2mjJU8isy1lLnoUDoXXg1nMH00uACo1MDWjiBiTv00Byz9q267LF0z2N3wYiuhCZR OZCTNi1AcfM85EayyqBNpkjKnHc7Jb0v3ZqRq68zvwEvepRMbRMUO1PTRQBge+WT6Hlw dyrA== MIME-Version: 1.0 X-Received: by 10.50.43.227 with SMTP id z3mr7599303igl.22.1441901890736; Thu, 10 Sep 2015 09:18:10 -0700 (PDT) Sender: adrian.chadd@gmail.com Received: by 10.36.28.208 with HTTP; Thu, 10 Sep 2015 09:18:10 -0700 (PDT) In-Reply-To: References: <201509100405.t8A45xrJ070199@repo.freebsd.org> Date: Thu, 10 Sep 2015 09:18:10 -0700 X-Google-Sender-Auth: nGVRgWmFaUNvzuRsoJwpFzOTDU0 Message-ID: Subject: Re: svn commit: r287606 - head/sys/kern From: Adrian Chadd To: Warner Losh Cc: Ed Maste , "src-committers@freebsd.org" , "svn-src-all@freebsd.org" , "svn-src-head@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Sep 2015 16:18:11 -0000 On 10 September 2015 at 09:04, Warner Losh wrote: > > > On Thu, Sep 10, 2015 at 9:53 AM, Ed Maste wrote: >> >> On 10 September 2015 at 04:05, Adrian Chadd wrote: >> > Author: adrian >> > Date: Thu Sep 10 04:05:58 2015 >> > New Revision: 287606 >> > URL: https://svnweb.freebsd.org/changeset/base/287606 >> > >> > Log: >> > Also make kern.maxfilesperproc a boot time tunable. >> > ... >> > TODO: >> >> Also "we" should >> * Submit patches upstream or to the ports tree to use closefrom > > > I thought the consensus was that we'd fix things to have fewer FDs > by default, but instead allow individual processes to raise it via the > usual methods. I'm looking at how to do this in a somewhat sensible fashion. Right now we just have openfiles=unlimited; in /etc/login.conf which seems a little odd. I don't know yet if that affects the default set that services started via /etc/rc get - init gets the whole default maxfilesperproc and stuff seems to inherit from that unless told otherwise. I think the more sensible default would be: * set /etc/login.conf to some much lower values - say, 4k soft, 64k hard; * root can always override its settings up to kern.maxfilesperproc; * modify /etc/rc to set some default rlimits as appropriate; * introduce configuration options ({daemon_rlimit_XXX}?) in /etc/rc.conf that lets someone override what the default rlimits should be for a given process,, as (and I'm not making this up) if you run 'service XXX restart' from a root login you get the rlimits from the shell, which may differ from the system startup. That way we can setup various services to have higher openfile limits via /etc/rc.conf entries for those services rather than having to hack each startup script. It also means that no matter what is running 'service XXX YYY' as root, you'll get the 'correct'(er) rlimits. Thoughts? -adrian