On Mon, Oct 15, 2018 at 7:34 PM Lennart Poettering <mzerq...@0pointer.de> wrote:
> On Mo, 15.10.18 18:00, Kamil Paral (kpa...@redhat.com) wrote: > > > On Tue, Oct 9, 2018 at 6:15 PM Lennart Poettering <mzerq...@0pointer.de> > > wrote: > > > > > On Di, 09.10.18 14:45, Anderson, Charles R (c...@wpi.edu) wrote: > > > > > > > > It would be nice if somebody managed to find where this is patched > in > > > > > Debian. Because I somewhat doubt that they made this change > without a > > > > > proper discussion. And Debian is very much server oriented. > > > > > > > > Can we not have the RPM package drop a file in /etc/security/limits.d > > > > to set the limit only when that package is installed? That way it > > > > only affects users of that package. > > > > > > That only affects stuff that goes through PAM (specifically, all PAM > > > stacks that include pam_limits.so). > > > > > > It is my intention to change this system wide, i.e. for system > > > services (which do not go through PAM) too. > > > > > > > Lennart, what is the path forward here? Should we pull in some security > > experts to give us recommendations on the best default value? Or are > those > > conversations already happening somewhere else? Also, do you need any > more > > information regarding the Wine esync use case, or has Zebediah provided > > sufficient data? > > Please follow the current state of this here: > > https://github.com/systemd/systemd/pull/10244 > > I have been discussing with some upstream kernel folks, and some more > obstacles showed up (specifically, I was advised that we really should > bump fs.file-max and fs.nr_open sysctls to their maximums these days, > as these limits are not really useful anymore given that fd memory is > properly tracked by memcg anyways these days), which I have now > covered in the PR above. > > This is waiting for review, but should enter systemd upstream soon, > and will then eventually trickle into Fedora. > Zebediah, do you know about any other outlier except of Google Earth VR for which the newly proposed default limit of 256K wouldn't be sufficient?
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org