From owner-svn-src-all@freebsd.org Thu Sep 10 19:56:34 2015 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 25093A0114D; Thu, 10 Sep 2015 19:56:34 +0000 (UTC) (envelope-from vangyzen@FreeBSD.org) Received: from smtp.vangyzen.net (hotblack.vangyzen.net [IPv6:2607:fc50:1000:7400:216:3eff:fe72:314f]) by mx1.freebsd.org (Postfix) with ESMTP id 083D715EA; Thu, 10 Sep 2015 19:56:34 +0000 (UTC) (envelope-from vangyzen@FreeBSD.org) Received: from marvin.beer.town (unknown [76.164.8.130]) by smtp.vangyzen.net (Postfix) with ESMTPSA id C965356483; Thu, 10 Sep 2015 14:56:32 -0500 (CDT) Subject: Re: svn commit: r287606 - head/sys/kern To: John-Mark Gurney , Adrian Chadd References: <201509100405.t8A45xrJ070199@repo.freebsd.org> <20150910175324.GW33167@funkthat.com> Cc: Warner Losh , Ed Maste , "src-committers@freebsd.org" , "svn-src-all@freebsd.org" , "svn-src-head@freebsd.org" From: Eric van Gyzen Message-ID: <55F1E06F.7000008@FreeBSD.org> Date: Thu, 10 Sep 2015 14:56:31 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <20150910175324.GW33167@funkthat.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Sep 2015 19:56:34 -0000 On 09/10/2015 12:53, John-Mark Gurney wrote: > Adrian Chadd wrote this message on Thu, Sep 10, 2015 at 09:18 -0700: >> On 10 September 2015 at 09:04, Warner Losh wrote: >>> >>> >>> On Thu, Sep 10, 2015 at 9:53 AM, Ed Maste wrote: >>>> >>>> On 10 September 2015 at 04:05, Adrian Chadd wrote: >>>>> Author: adrian >>>>> Date: Thu Sep 10 04:05:58 2015 >>>>> New Revision: 287606 >>>>> URL: https://svnweb.freebsd.org/changeset/base/287606 >>>>> >>>>> Log: >>>>> Also make kern.maxfilesperproc a boot time tunable. >>>>> ... >>>>> TODO: >>>> >>>> Also "we" should >>>> * Submit patches upstream or to the ports tree to use closefrom >>> >>> >>> I thought the consensus was that we'd fix things to have fewer FDs >>> by default, but instead allow individual processes to raise it via the >>> usual methods. We could--and should--do both, because they're both good ideas. >> I'm looking at how to do this in a somewhat sensible fashion. Right >> now we just have openfiles=unlimited; in /etc/login.conf which seems a >> little odd. I don't know yet if that affects the default set that >> services started via /etc/rc get - init gets the whole default >> maxfilesperproc and stuff seems to inherit from that unless told >> otherwise. >> >> I think the more sensible default would be: >> >> * set /etc/login.conf to some much lower values - say, 4k soft, 64k hard; >> * root can always override its settings up to kern.maxfilesperproc; >> * modify /etc/rc to set some default rlimits as appropriate; > > We should probably just use the daemon class from login.conf... Do we > have a program that will set the current limits to a specified class? See limits(1). The apache rc.d script uses it, along with some related rc.conf variables. >> * introduce configuration options ({daemon_rlimit_XXX}?) in >> /etc/rc.conf that lets someone override what the default rlimits >> should be for a given process,, as (and I'm not making this up) if you >> run 'service XXX restart' from a root login you get the rlimits from >> the shell, which may differ from the system startup. > > Why not daemon_login_class w/ the above? > >> That way we can setup various services to have higher openfile limits >> via /etc/rc.conf entries for those services rather than having to hack >> each startup script. It also means that no matter what is running >> 'service XXX YYY' as root, you'll get the 'correct'(er) rlimits. > > Then service would just use the above program to get sane defaults... >