Date: Thu, 10 Sep 2015 14:00:19 -0400 From: Allan Jude <allanjude@freebsd.org> To: John-Mark Gurney <jmg@funkthat.com>, Adrian Chadd <adrian@freebsd.org> Cc: Warner Losh <imp@bsdimp.com>, Ed Maste <emaste@freebsd.org>, "src-committers@freebsd.org" <src-committers@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org> Subject: Re: svn commit: r287606 - head/sys/kern Message-ID: <55F1C533.6010302@freebsd.org> In-Reply-To: <20150910175324.GW33167@funkthat.com> References: <201509100405.t8A45xrJ070199@repo.freebsd.org> <CAPyFy2DjD3Dv6VYjd_6CKe3_2ZuMC5ayMKnzATLb=a4yZUYyLw@mail.gmail.com> <CANCZdfoBN9keiZCUpJ_v5y6mUpKcY_26Y_2=xCLwJovz%2B8a_xQ@mail.gmail.com> <CAJ-VmonUm5Sf8TPLnciouyiJjLUndtNJX368US5_hgQwzYBdkQ@mail.gmail.com> <20150910175324.GW33167@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --OVsK20f3VAnQKkeHUaUV8MLduGhJaTxrC Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2015-09-10 13:53, John-Mark Gurney wrote: > Adrian Chadd wrote this message on Thu, Sep 10, 2015 at 09:18 -0700: >> On 10 September 2015 at 09:04, Warner Losh <imp@bsdimp.com> wrote: >>> >>> >>> On Thu, Sep 10, 2015 at 9:53 AM, Ed Maste <emaste@freebsd.org> wrote:= >>>> >>>> On 10 September 2015 at 04:05, Adrian Chadd <adrian@freebsd.org> wro= te: >>>>> Author: adrian >>>>> Date: Thu Sep 10 04:05:58 2015 >>>>> New Revision: 287606 >>>>> URL: https://svnweb.freebsd.org/changeset/base/287606 >>>>> >>>>> Log: >>>>> Also make kern.maxfilesperproc a boot time tunable. >>>>> ... >>>>> TODO: >>>> >>>> Also "we" should >>>> * Submit patches upstream or to the ports tree to use closefrom >>> >>> >>> I thought the consensus was that we'd fix things to have fewer FDs >>> by default, but instead allow individual processes to raise it via th= e >>> usual methods. >> >> I'm looking at how to do this in a somewhat sensible fashion. Right >> now we just have openfiles=3Dunlimited; in /etc/login.conf which seems= a >> little odd. I don't know yet if that affects the default set that >> services started via /etc/rc get - init gets the whole default >> maxfilesperproc and stuff seems to inherit from that unless told >> otherwise. >> >> I think the more sensible default would be: >> >> * set /etc/login.conf to some much lower values - say, 4k soft, 64k h= ard; >> * root can always override its settings up to kern.maxfilesperproc; >> * modify /etc/rc to set some default rlimits as appropriate; >=20 > We should probably just use the daemon class from login.conf... Do we > have a program that will set the current limits to a specified class? >=20 /sbin/init applies the 'daemon' class to /etc/rc when it starts it And so all rc.d scripts inherit it. the issue is that it does not apply to services started manually, or via the service(8) command. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D161401 (reported in 2011, working on getting this in this weekend) >> * introduce configuration options ({daemon_rlimit_XXX}?) in >> /etc/rc.conf that lets someone override what the default rlimits >> should be for a given process,, as (and I'm not making this up) if you= >> run 'service XXX restart' from a root login you get the rlimits from >> the shell, which may differ from the system startup. >=20 > Why not daemon_login_class w/ the above? This is what I was thinking, as it also jives with my work to convert login.conf to UCL and improve it overall. This would allow services to install their own login class as part of the package, into /usr/local/etc/login.conf.d/pkgname and use that by default, but the user can always specify pkgname_login_class (or just _class maybe?) as some other value. >=20 >> That way we can setup various services to have higher openfile limits >> via /etc/rc.conf entries for those services rather than having to hack= >> each startup script. It also means that no matter what is running >> 'service XXX YYY' as root, you'll get the 'correct'(er) rlimits. >=20 > Then service would just use the above program to get sane defaults... >=20 --=20 Allan Jude --OVsK20f3VAnQKkeHUaUV8MLduGhJaTxrC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJV8cU2AAoJEBmVNT4SmAt+0c4QAMCqjdFBWLI99VOFz67q/UNy 72w4Yvw2vmbuTT5Q5EIX8kKUyWJx09/2ONsgKXbwryHMubp6fAEDPeJzm1HWraVr MNyD8MChJo/e7hKwAFd83KZywXeFjMyzGqPMCmUvTeXwSFPwhlsS1UEtDn5Ilvkk WGbZKc2LhjGVdmO1n5T46mJKW30HKBdlCJbxLguxsEqfscdDmsoLF//62J8Iqzet 46gQne1rnWXtLbw5XOBFASlSjBXcozqtzuXtFiuZiWyXHl9i+32aeIIf+sc0O8o7 AXnO2GHssrRQd52TPxvQ6iOQnKfwEcUCdoBg7pUecCO8LGFRcLTQzrLlIb5pm9+R fE4A2Zw21nw+5sxGRjd7oWgRshQ7hlpw76Ql63emcv/iOd13mMKcaoGzZs1o9C4I ElihRBNUgvgjiz/4wwQFIqyTm0aOqgyg05AQNOEz7Hg5kH9UnaFVdbfCIF7i0qOz MuHQCSNTBByBo9toSB+BNUofpgaNMe3olPcrxirIMMs/Y1+gbbm/yt6rsDKmdwYR gqnPm2xsBlj6qMZNbU+AoCezEQlCFkYVNUMuoKE3ZFnaMTKQwVk2HWx/APmO3p1u bVr/AF/2lrdjsl5mkUp2h5CNWA8SeZcUpdpd57asxFVzl9PR0uhzeRHXpsp0wSjS 8/3pHO3qULatBPMSrL46 =El1I -----END PGP SIGNATURE----- --OVsK20f3VAnQKkeHUaUV8MLduGhJaTxrC--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55F1C533.6010302>