1 |
Hi, |
2 |
|
3 |
I'd like to touch base on the topic of pam_limits and the defaults that |
4 |
we ended up with in Gentoo. |
5 |
|
6 |
Currently on default system installation without any modification to |
7 |
/etc/security/limits.{conf,d/*} user will end up with limit o 1024 of |
8 |
file descriptors and 4096 limit of threads. |
9 |
|
10 |
Most of limits.conf makes a lot of sense on systems that are meant to be |
11 |
used remotely by many people simultaneously and have much less of |
12 |
importance on single user desktop systems. |
13 |
|
14 |
Recently I've been haunted by random and and not reproducible failures |
15 |
of random applications during runs with ffmpeg's libsvtav1 integration. |
16 |
Having a 4 instances of ffmpeg with was enough to get me random |
17 |
failures, terminals not to open, up until I actually seen in shell |
18 |
'cannot allocate resource' while trying to run a script. |
19 |
|
20 |
Turns out, I was running over the limit of 4096 threads, as nproc |
21 |
somewhat suggests this is limit of processes, it is actually a limit of |
22 |
PIDs, and every thread gets its own pid. |
23 |
|
24 |
I have strong opinion on this one, that users that runs multi users |
25 |
systems will be well aware of the need to tune limits.conf of |
26 |
pam_limits, while the users that will actually suffer are the regular |
27 |
Joe that just uses Gentoo as a single user system. |
28 |
|
29 |
What I'd like to do is to bump the limits.conf we ship with pam to following |
30 |
|
31 |
* hard nproc 16384 |
32 |
* soft nproc 16384 |
33 |
* hard nofile 16384 |
34 |
* soft nofile 16384 |
35 |
|
36 |
Those are still reasonable defaults that are much more suitable the |
37 |
modern systems. I can only see benefits in it and am unable to think |
38 |
about the potential drawbacks of bumping *defaults*. |
39 |
|
40 |
Any thoughts? |
41 |
|
42 |
Unless there's strong opposition to not bump those 1024/4096 current |
43 |
defaults, I'd like to bump those limits. Normally I'd create a bug and |
44 |
assign it to maintainer, however our sys-libs/pam maintainer has not |
45 |
been seen in last half a year, so I'd end up joining as co-maintainer |
46 |
there in the result. |
47 |
|
48 |
-- Piotr. |