| 1 |
Hi, |
| 2 |
|
| 3 |
I'd like to touch base on the topic of pam_limits and the defaults that |
| 4 |
we ended up with in Gentoo. |
| 5 |
|
| 6 |
Currently on default system installation without any modification to |
| 7 |
/etc/security/limits.{conf,d/*} user will end up with limit o 1024 of |
| 8 |
file descriptors and 4096 limit of threads. |
| 9 |
|
| 10 |
Most of limits.conf makes a lot of sense on systems that are meant to be |
| 11 |
used remotely by many people simultaneously and have much less of |
| 12 |
importance on single user desktop systems. |
| 13 |
|
| 14 |
Recently I've been haunted by random and and not reproducible failures |
| 15 |
of random applications during runs with ffmpeg's libsvtav1 integration. |
| 16 |
Having a 4 instances of ffmpeg with was enough to get me random |
| 17 |
failures, terminals not to open, up until I actually seen in shell |
| 18 |
'cannot allocate resource' while trying to run a script. |
| 19 |
|
| 20 |
Turns out, I was running over the limit of 4096 threads, as nproc |
| 21 |
somewhat suggests this is limit of processes, it is actually a limit of |
| 22 |
PIDs, and every thread gets its own pid. |
| 23 |
|
| 24 |
I have strong opinion on this one, that users that runs multi users |
| 25 |
systems will be well aware of the need to tune limits.conf of |
| 26 |
pam_limits, while the users that will actually suffer are the regular |
| 27 |
Joe that just uses Gentoo as a single user system. |
| 28 |
|
| 29 |
What I'd like to do is to bump the limits.conf we ship with pam to following |
| 30 |
|
| 31 |
* hard nproc 16384 |
| 32 |
* soft nproc 16384 |
| 33 |
* hard nofile 16384 |
| 34 |
* soft nofile 16384 |
| 35 |
|
| 36 |
Those are still reasonable defaults that are much more suitable the |
| 37 |
modern systems. I can only see benefits in it and am unable to think |
| 38 |
about the potential drawbacks of bumping *defaults*. |
| 39 |
|
| 40 |
Any thoughts? |
| 41 |
|
| 42 |
Unless there's strong opposition to not bump those 1024/4096 current |
| 43 |
defaults, I'd like to bump those limits. Normally I'd create a bug and |
| 44 |
assign it to maintainer, however our sys-libs/pam maintainer has not |
| 45 |
been seen in last half a year, so I'd end up joining as co-maintainer |
| 46 |
there in the result. |
| 47 |
|
| 48 |
-- Piotr. |
Archives