Re: raise fileno limit to make Steam Proton / Wine+esync work well in Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mo, 15.10.18 18:00, Kamil Paral (kparal@xxxxxxxxxx) wrote:

> On Tue, Oct 9, 2018 at 6:15 PM Lennart Poettering <mzerqung@xxxxxxxxxxx>
> wrote:
> 
> > On Di, 09.10.18 14:45, Anderson, Charles R (cra@xxxxxxx) wrote:
> >
> > > > It would be nice if somebody managed to find where this is patched in
> > > > Debian. Because I somewhat doubt that they made this change without a
> > > > proper discussion. And Debian is very much server oriented.
> > >
> > > Can we not have the RPM package drop a file in /etc/security/limits.d
> > > to set the limit only when that package is installed?  That way it
> > > only affects users of that package.
> >
> > That only affects stuff that goes through PAM (specifically, all PAM
> > stacks that include pam_limits.so).
> >
> > It is my intention to change this system wide, i.e. for system
> > services (which do not go through PAM) too.
> >
> 
> Lennart, what is the path forward here? Should we pull in some security
> experts to give us recommendations on the best default value? Or are those
> conversations already happening somewhere else? Also, do you need any more
> information regarding the Wine esync use case, or has Zebediah provided
> sufficient data?

Please follow the current state of this here:

https://github.com/systemd/systemd/pull/10244

I have been discussing with some upstream kernel folks, and some more
obstacles showed up (specifically, I was advised that we really should
bump fs.file-max and fs.nr_open sysctls to their maximums these days,
as these limits are not really useful anymore given that fd memory is
properly tracked by memcg anyways these days), which I have now
covered in the PR above.

This is waiting for review, but should enter systemd upstream soon,
and will then eventually trickle into Fedora.

Lennart

-- 
Lennart Poettering, Red Hat
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux